Human Factors in Cyber Warfare II

Mancuso, Vincent; Christensen, James C.; Cowley, Jennifer A.; Finomore, Victor; Gonzalez, Cleotide; Knott, Benjamin A.

doi:10.1177/1541931214581085

Cited by 36 publications

(25 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Unfortunately, researchers have neglected human operators' response behavior in earlier cyber security research (Mancuso et al, 2014;Proctor and Chen, 2015). Horowitz and Lucero (2016) and Heiges et al (2015) used a scenario with a manipulated navigation system showing false waypoints.…”

Section: A Human Factors Approach To Cyber-attacksmentioning

confidence: 99%

Are pilots prepared for a cyber-attack? A human factors approach to the experimental evaluation of pilots' behavior

Gontar

Homans

Rostalski

et al. 2018

Journal of Air Transport Management

View full text Add to dashboard Cite

A B S T R A C TThe increasing prevalence of technology in modern airliners brings not just advantages, but also the potential for cyber threats. Fortunately, there have been no significant attacks on civil aircraft to date, which allows the handling of these emerging threats to be approached proactively. Although an ample body of research into technical defense strategies exists, current research neglects to take the human operator into account. In this study, we present an exploratory experiment focusing on pilots confronted with a cyber-attack. Results show that the occurrence of an attack affects all dependent variables: pilots' workload, trust, eye-movements, and behavior. Pilots experiencing an attack report heavier workload and weakened trust in the system than pilots whose aircraft is not under attack. Further, pilots who experienced an attack monitored basic flying instruments less and their performance deteriorated. A warning about a potential attack seems to moderate several of those effects. Our analysis prompts us to recommend incorporating cyber-awareness into pilots' recurrent training; we also argue that one has to consider all affected personnel when designing such training. Future research should target the development of appropriate procedures and training techniques to prepare pilots to correctly identify and respond to cyber-attacks.

show abstract

Section: A Human Factors Approach To Cyber-attacksmentioning

confidence: 99%

Are pilots prepared for a cyber-attack? A human factors approach to the experimental evaluation of pilots' behavior

Gontar

Homans

Rostalski

et al. 2018

Journal of Air Transport Management

View full text Add to dashboard Cite

show abstract

“…In CPS cyber security: In the domain of cyber security limited attention has been paid to the application of HF/E methodology for safe and secure systems, e.g., [1], [13], [14], [15], [16]. Just Culture has been discussed by HF/E and security practitioners in online forums, e.g., [17], [18].…”

Section: In Practicementioning

confidence: 99%

A Just Culture Is Fundamental: Extending Security Ergonomics by Design

Craggs

2019

2019 IEEE/ACM 5th International Workshop on Software Engineering for Smart Cyber-Physical Systems (SEsCPS)

View full text Add to dashboard Cite

Human error when developing and using smart cyber physical systems is inevitable. Earlier work has set out Security Ergonomics by Design-principles by which developers of systems can ensure that the active user error cannot occur when latent system failures introduced in development are in play. This paper underpins these principles by showing there is a fundamental need to adopt a Just Culture within which i) user error is captured for improvement in the development cycle, and ii) to provide software engineers assurance that their own mistakes are not automatically punished but rather treated as learnings that can be fed back into building safer and more secure practice.

show abstract

“…In 2011 the National Science and Technology Council (NTSC), when addressing the current state of security called for a more scientific approach to security research including "sound methods for integrating humans in the system" [9]. Three years later Manusco [10] acknowledged that whilst this more scientific human factors approach to addressing cybersecurity issues had begun it had "yet to scratch the surface. "…”

Section: B Usable Securitymentioning

confidence: 99%

Smart Cyber-Physical Systems: Beyond Usable Security to Security Ergonomics by Design

Craggs

Rashid

2017

2017 IEEE/ACM 3rd International Workshop on Software Engineering for Smart Cyber-Physical Systems (SEsCPS)

View full text Add to dashboard Cite

Securing cyber-physical systems is hard. They are complex infrastructures comprising multiple technological artefacts, designers, operators and users. Existing research has established the security challenges in such systems as well as the role of usable security to support humans in effective security decisions and actions. In this paper we focus on smart cyberphysical systems, such as those based on the Internet of Things (IoT). Such smart systems aim to intelligently automate a variety of functions, with the goal of hiding that complexity from the user. Furthermore, the interactions of the user with such systems are more often implicit than explicit, for instance, a pedestrian with wearables walking through a smart city environment will most likely interact with the smart environment implicitly through a variety of inferred preferences based on previously provided or automatically collected data. The key question that we explore is that of empowering software engineers to pragmatically take into account how users make informed security choices about their data and information in such a pervasive environment. We discuss a range of existing frameworks considering the impact of automation on user behaviours and argue for the need of a shift-from usability to security ergonomics as a key requirement when designing and implementing security features in smart cyber-physical environments. Of course, the considerations apply more broadly than security but, in this paper, we focus only on security as a key concern.

show abstract

Human Factors in Cyber Warfare II

Cited by 36 publications

References 29 publications

Are pilots prepared for a cyber-attack? A human factors approach to the experimental evaluation of pilots' behavior

Are pilots prepared for a cyber-attack? A human factors approach to the experimental evaluation of pilots' behavior

A Just Culture Is Fundamental: Extending Security Ergonomics by Design

Smart Cyber-Physical Systems: Beyond Usable Security to Security Ergonomics by Design

Contact Info

Product

Resources

About