This study addresses the current lack of intelligent cyber situational awareness (CSA) platforms tailored for military scenarios, which hinders real-time understanding, prediction, and response to cyber threats. To bridge this gap, the authors systematically analyze five existing CSA platforms and derive six design principles specifically aligned with military requirements. These principles are then applied— for the first time—to adapt and validate the open-source platform CRUSOE in a military context. Experimental results demonstrate that the proposed design principles effectively guide the development of military-grade CSA systems and confirm their practical applicability within an operational platform. This work thus provides a reusable design framework and methodological foundation for future intelligent CSA systems in defense applications.

The development of technology across multiple sectors and the growing importance of cyber warfare make the development of Cyber Situational Awareness (CSA) a fundamental component of any cyber defense strategy. CSA, as a practice, enables understanding of the current landscape within an organization or critical infrastructure, anticipating potential threats, and responding appropriately to cyber risks. With CSA, we are not simply seeking a passive point of view, but rather informed decision-making that allows us to improve response times and monitor the consequences and effects an attack has on one of our elements and how it will affect other elements it interacts with. In this paper, we review 5 CSA platforms, seeking differentiating characteristics between each proposal and outlining 6 proposed criteria that can be applied when creating a military smart CSA platform. To this end, we have validated the proposed criteria in CRUSOE, an open-source CSA platform developed by CSIRT-MU. After applying some modifications and experiments, it turned out to be applicable to this field.