The IT Law Wiki


Situation awareness (SA) is

the perception of environmental elements within a volume of time and space, the comprehension of their meaning, and the projection of their status in the near future.[1]
information gathered from a variety of sources that, when communicated to emergency managers and decision makers, can form the basis for incident management decision-making.[2]
[t]he knowledge and understanding of the current operational status, risk posture, and threats to the cyber environment gained through instrumentation, reporting, assessments, research, investigation, and analysis, which are used to enable well-informed decisions and timely actions to pre-empt, deter, defend, defeat, or otherwise mitigate against those threats and vulnerabilities.[3]
[t]he set of timely cross-domain national-level information that will provide situational awareness on the state of U.S. cyber networks and systems to (1) know the availability, integrity, and confidentiality of U.S. cyber networks and systems, (2) understand the current and potential threats to U.S. cyber networks and systems, and (3) ensure that legitimate network operations are not mistaken for malicious activity.[4]
[c]omprehending information about the current and developing security posture and risks, based on information gathered, observation and analysis, and knowledge or experience.[5]

It is also a field of study concerned with perception of the environment critical to decision-makers in complex, dynamic areas from aviation, air traffic control, power plant operations, military command and control, anti-terrorism activities, and emergency services such as fire fighting and policing; to more ordinary but nevertheless complex tasks such as driving an automobile or motorcycle.


Officials at CDC with key biosurveillance responsibilities subscribe to a definition [of situational awareness] that includes three components: (1) awareness that a situation has occurred (e.g., detection of a biological condition that differs from the norm), (2) comprehension of its meaning (e.g., characterization of the nature and scope of a biological event), and (3) projection of its likely course in the near future (e.g., how its nature and scope will evolve and the decision implications of that evolution, particularly whether it may have catastrophic consequences). The projection aspect of situational awareness, sometimes overlooked in other definitions, is crucial in the biological context, because of the high degree of uncertainty and instability as the event unfolds over a period of time, which is not necessarily encountered in more discrete disaster events."[6]


The key to maintaining situational awareness is preparing to handle large-scale incidents, which should include the following:

  • Establishing, documenting, maintaining, and exercising on-hours and off-hours contact and notification mechanisms for various individuals and groups within the organization and outside the organization.
  • Planning and documenting guidelines for the prioritization of incident response actions based on business impact.
  • Preparing one or more individuals to act as incident leads who are responsible for gathering information from the incident handlers and other parties, and distributing relevant information to the parties that need it.
  • Practicing the handling of large-scale incidents through exercises and simulations on a regular basis; such incidents happen rarely, so incident response teams often lack experience in handling them effectively.[7]


  1. M.R. Endsley, "Design and Evaluation for Situation Awareness Enhancement," in "Proceedings of the Human Factors Society 32nd Annual Meeting," at 97-101 (1988)).
  2. 6 U.S.C. §321d(a).
  3. National Cyber Incident Response Plan, at M-4.
  4. Blueprint for a Secure Cyber Future: The Cybersecurity Strategy for the Homeland Security Enterprise, Glossary, at D-6.
  5. NICCS, Explore Terms: A Glossary of Common Cybersecurity Terminology (full-text).
  6. Biosurveillance: Efforts to Develop a National Biosurveillance Capability Need a National Strategy and a Designated Leader, at 13.
  7. NIST Special Publication 800-61 (rev. 1).