Supporting the Human in Cyber Defence | SpringerLink
Skip to main content
Springer Nature Link
Log in

Supporting the Human in Cyber Defence

  • Conference paper
  • First Online:
Computer Security (SECPRE 2017, CyberICPS 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10683))

  • 1565 Accesses

Abstract

Incident detection is not merely the result of a technological process, but the output of a socio-technical system where the human has an important part to play. In this paper we focus on the human role within a socio-technically defined incident detection context by discussing the case of the Norwegian Cyber Defence approach. We show that the human has an important part in the process, not only by owning technical skills but also high-level cognitive skills that help critical thinking, decision-making and communication. We further summarize the results of our previous research and discuss how it can be applied, in order to improve educational content of an incident detection team. We strongly believe that the topics discussed in this paper, when implemented and applied, will help transforming the weakest link - the human - to the strongest defence.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 5719
Price includes VAT (Japan)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 7149
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Alcaraz, C., Lopez, J.: Wide-area situational awareness for critical infrastructure protection. Computer 46(4), 30–37 (2013)

    Article  Google Scholar 

  2. Association for Computing Machinery: Computer Engineering Curricula 2016: Curriculum Guidelines for Undergraduate Degree Programs in Computer Engineering. IEEE Computer Society, December 2016

    Google Scholar 

  3. Bandura, A.: Self-efficacy: The Exercise of Control. Freeman and Co., New York (1997)

    Google Scholar 

  4. Bejtlich, R.: The Tao of Network Security Monitoring-beyond Intrusion Detection. Addison-Wesley, Boston (2005)

    Google Scholar 

  5. Blumbergs, B., Pihelgas, M., Kont, M., Maennel, O., Vaarandi, R.: Creating and detecting IPv6 transition mechanism-based information exfiltration covert channels. In: Brumley, B.B., Röning, J. (eds.) NordSec 2016. LNCS, vol. 10014, pp. 85–100. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-47560-8_6

    Chapter  Google Scholar 

  6. Buchler, N., Fitzhugh, S., Marusich, L., Ungvarsky, D., Lebiere, C., Gonzalez, C.: Mission command in the age of network-enabled operations: social network analysis of information sharing and situation awareness. Front. Psychol. 7, 937 (2016)

    Article  Google Scholar 

  7. Champion, M., Rajivan, P., Cooke, N., Jariwala, S.: Team-based cyber defence analysis. In: IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (2012)

    Google Scholar 

  8. Choi, M., Levy, Y., Hovav, A.: The role of user computer self-efficacy, cybersecurity countermeasures awareness, and cybersecurity skills influence on computer misuse. In: Pre-ICIS Workshop on Information Security and Privacy (2013)

    Google Scholar 

  9. Daudelin, M.W.: Learning from experience through reflection. Organ. Dyn. 24(3), 36–48 (1996)

    Article  Google Scholar 

  10. Dyrkolbotn, G.O.: Computer Network Defence in the Norwegian Armed Forces. NISlecture, January 2013. nislab.no/nislecture/nislecture_2013

  11. Endsley, M.: Measurement of situation awareness in dynamic systems. Hum. Factors 37(1), 65–84 (1995)

    Article  Google Scholar 

  12. Gangé, M., Deci, E.: Self-determination theory and work motivation. J. Organ. Behav. 26, 331–362 (2005)

    Article  Google Scholar 

  13. Gibney, A.: Zero days. Documentary (2016)

    Google Scholar 

  14. Helkala, K., Knox, B., Jøsok, Ø.: How the application of coping strategies can empower learning. In: Proceedings of Frontiers in Education Conference. IEEE (2015)

    Google Scholar 

  15. Helkala, K., Knox, B., Jøsok, Ø., Knox, S., Lund, M.: Factors to affect improvement in cyber officer performance. Inf. Comput. Secur. 24(2), 152–163 (2016)

    Article  Google Scholar 

  16. Helkala, K., Knox, B., Jøsok, Ø., Lugo, R., Sütterlin, S.: How coping strategies influence cyber task performance in the hybrid space. In: Stephanidis, C. (ed.) HCI 2016. CCIS, vol. 617, pp. 192–196. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-40548-3_32

    Chapter  Google Scholar 

  17. Homeland Security, August 2016. www.dhs.gov/how-do-i/report-cyber-incidents

  18. Hutchins, E.M., Cloppert, M.J., Amin, R.M., Lockheed Martin Corporation: White Paper: Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains (2011). www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf

  19. Jøsok, Ø., Knox, B.J., Helkala, K., Lugo, R.G., Sütterlin, S., Ward, P.: Exploring the hybrid space. In: Schmorrow, D.D.D., Fidopiastis, C.M.M. (eds.) AC 2016. LNCS (LNAI), vol. 9744, pp. 178–188. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-39952-2_18

    Google Scholar 

  20. Jøsok, Ø., Knox, B.J., Helkala, K., Wilson, K., Sütterlin, S., Lugo, R.G., Ødegaard, T.: Macrocognition applied to the hybrid space: team environment, functions and processes in cyber operations. In: Schmorrow, D.D., Fidopiastis, C.M. (eds.) AC 2017. LNCS (LNAI), vol. 10285, pp. 486–500. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-58625-0_35

    Chapter  Google Scholar 

  21. Judge, T., Jackson, C., Shaw, J., Scott, B., Rich, B.: Self-efficacy and work-related performance: the integral role of individual differences. J. Appl. Psychol. 92(1), 107–127 (2007)

    Article  Google Scholar 

  22. Klein, D.E., Klein, H.A., Klein, G.: Macrocognition: linking cognitive psychology and cognitive ergonomics. In: Proceedings of the 5th International Conference on Human Interactions with Complex Systems (2000)

    Google Scholar 

  23. Klein, G.: Naturalistic decision making. J. Hum. Factors Ergon. Soc. 50(3), 456–460 (2008)

    Article  Google Scholar 

  24. Klein, G.: Seeing what others don’t, the remarkable ways we gain insight. PublicAffairs (2013)

    Google Scholar 

  25. Klein, G., Ross, K.G., Moon, B.M., Klein, D.E., Hoffman, R.R., Hollnagel, E.: Macrocognition. IEEE Intell. Syst. 18(3), 81–85 (2003)

    Article  Google Scholar 

  26. Knox, B.J.: An exploration of the ways institutional development may be affected by the growing influence of cyberpower. Master’s thesis. The Open University of the United Kingdom, Development Management Program, April 2017

    Google Scholar 

  27. Knox, B.J., Jøsok, Ø., Helkala, K., Khooshabeh, P., Ødegaard, T., Lugo, R.G., Sütterlin, S.: Socio-technical communication: the hybrid space and the OLB-model for science-based cyber education. J Mil. Psychol. (2017, to appear)

    Google Scholar 

  28. Knox, B.J., Lugo, R.G., Jøsok, Ø., Helkala, K., Sütterlin, S.: Towards a cognitive agility index: the role of metacognition in human computer interaction. In: Stephanidis, C. (ed.) HCI 2017. CCIS, vol. 713, pp. 330–338. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-58750-9_46

    Chapter  Google Scholar 

  29. Kott, A., Wang, C., Erbacher, R.F.: Cyber Defense and Situational Awareness. Springer, Switzerland (2014). https://doi.org/10.1007/978-3-319-11391-3

    Book  Google Scholar 

  30. Lugo, R.G., Kwei-Nahra, P., Jøsok, Ø., Knox, B.J., Helkala, K., Sütterlin, S.: Team workload demands influence on cyber detection performance. In: Proceedings of 13th International Conference on Naturalistic Decision Making, pp. 223–225. The University of Bath (2017). https://www.eventsforce.net/uob/media/uploaded/EVUOB/event_2/GoreWard_NDM13Proceedings_2017.pdf

  31. Lugo, R.G., Sütterlin, S., Knox, B.J., Jøsok, Ø., Helkala, K., Lande, N.M.: The moderating influence of self-efficacy on interoceptive ability and counterintuitive decision making in officer cadets. J. Mil. Stud. 7(1), 1–9 (2016)

    Article  Google Scholar 

  32. Malmedal, B., Cyberforsvaret: White Paper: Arkitektur for en Forsvarbar Informasjonsinfrastruktur (2012). https://norcydef.blogspot.no/2013/03/jeg-har-skrevet-et-whitepaper-om.html

  33. McChrystal, S., Collins, T., Silverman, D., Fussell, C.: Teams of Teams: New Rules of Engagement for a Complex World. Penguin, New York (2016)

    Google Scholar 

  34. Merza, M.: The importance of investing in people, September 2016. http://federalnewsradio.com/commentary/2016/09/importance-investing-people/

  35. Ministry of Defence, United Kingdom: Future trends programme future operating environment, December 2015

    Google Scholar 

  36. Morrow, D.G., Fischer, U.M.: Communication in socio-technical systems. In: Lee, J.D., Kirlik, A. (eds.) The Oxford Handbook of Cognitive Engineering, pp. 178–199. Oxford University Press, Oxford (2013)

    Google Scholar 

  37. Murray, S.: Human skills are essential in battle against cyber crime, November 2016. https://www.ft.com/content/46449768-7031-11e6-a0c9-1365ce54b926

  38. Osinga, F.: Science, Strategy and War : The Strategic Theory of John Boyd. Eburon Academic Publishers, Delft (2005)

    Google Scholar 

  39. Rajivan, P., Janssen, M.A., Cooke, N.J.: Agent-based model of a cyber security defence analyst team. In: Proceedings of the Human Factors and Ergonomics Society Annual Meeting, vol. 57, pp. 314–318. SAGE (2013)

    Google Scholar 

  40. Ruefle, R., Dorofee, A., Mundie, D., Householder, A.D., Murray, M., Perl, S.J.: Computer security incident response team development and evolution. IEEE Secur. Priv. 12(5), 16–26 (2014)

    Article  Google Scholar 

  41. Smy, V., Cahillane, M., MacLean, P.: Cognitive and metacognitive prompting in ill-structured tasks: the art of asking. In: Proceedings of International Conference on Information, Communication Technologies in Education (2015)

    Google Scholar 

  42. Stajkovic, A., Luthans, F.: Self-efficacy and work-related performance: a metaanalysis. Psychol. Bull. 124(2), 240 (1998)

    Article  Google Scholar 

  43. The World Bank: World development report 2016: digital dividends, May 2016. http://www.worldbank.org/en/publication/wdr2016

  44. Thomas, A.: What is development management? J. Int. Dev. 8(1), 95–100 (1996)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Norwegian Defence Cyber Academy, Lhmr, Norway

    Kirsi Helkala, Benjamin J. Knox, Øyvind Jøsok & Geir Olav Dyrkolbotn

  2. Child and Youth Participation and Development Research Program, Inland Norway University of Applied Sciences, Lhmr, Norway

    Øyvind Jøsok

  3. Department of Psychology, Inland Norway University of Applied Sciences, Lhmr, Norway

    Ricardo G. Lugo

  4. Faculty for Health and Welfare Sciences, Østfold University College, Halden, Norway

    Stefan Sütterlin

  5. Center for Clinical Neuroscience, Oslo University Hospital, Oslo, Norway

    Stefan Sütterlin

  6. Centre for Cyber and Information Security, Gjøvik, Norway

    Geir Olav Dyrkolbotn

  7. Norwegian University of Science and Technology, Gjøvik, Norway

    Nils Kalstad Svendsen

Authors
  1. Kirsi Helkala
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Benjamin J. Knox
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Øyvind Jøsok
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ricardo G. Lugo
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Stefan Sütterlin
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Geir Olav Dyrkolbotn
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Nils Kalstad Svendsen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kirsi Helkala .

Editor information

Editors and Affiliations

  1. Norwegian University of Science and Technology, Gjøvik, Norway

    Sokratis K. Katsikas

  2. IMT Atlantique, Brest, France

    Frédéric Cuppens

  3. IMT Atlantique, Brest, France

    Nora Cuppens

  4. University of Piraeus, Piraeus, Greece

    Costas Lambrinoudakis

  5. University of the Aegean, Mytilene, Greece

    Christos Kalloniatis

  6. University of Toronto, Toronto, Ontario, Canada

    John Mylopoulos

  7. Georgia Institute of Technology, Atlanta, Georgia, USA

    Annie Antón

  8. University of the Aegean, Karlovassi, Greece

    Stefanos Gritzalis

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Helkala, K. et al. (2018). Supporting the Human in Cyber Defence. In: Katsikas, S., et al. Computer Security. SECPRE CyberICPS 2017 2017. Lecture Notes in Computer Science(), vol 10683. Springer, Cham. https://doi.org/10.1007/978-3-319-72817-9_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-72817-9_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-72816-2

  • Online ISBN: 978-3-319-72817-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics