Preventing 'Cyber Pearl Harbor'

November 30, 2012

Cyber attacks that have long caused major work disruption and theft of private information are becoming more sophisticated with prolonged attacks perpetrated by organized groups. In September 2012, Bank of America, Citibank, the New York Stock Exchange, and other financial institutions were targets of attacks for more than five weeks. Defense Secretary Leon E. Panetta warned that the United States was facing the possibility of a "cyber-Pearl Harbor" and was increasingly vulnerable to foreign computer hackers who could disrupt the government, utility, transportation, and financial networks.

Key to protecting online operations is a high degree of "cyber security awareness," according to human factors/ergonomics researchers Varun Dutt, Young-Suk Ahn, and Cleotilde Gonzalez. In their Human Factors article, "Cyber Situation Awareness: Modeling Detection of Cyber Attacks With Instance-Based Learning Theory," they developed a computer model that presented 500 simulated cyber attack scenarios to gauge simulated network security analysts' ability to detect attacks characterized as either "impatient" (the threat occurs early in the attack) or "patient" (the threat comes later in the attack and is not detected promptly). Their model was able to predict the detection rates of security analysts by varying the analysts' degree of experience and risk tolerance as well as an attacker's strategy (impatient or patient attack).

The authors found that experienced, risk-averse analysts were less accurate at detecting threats in patient than in impatient attacks. "In a patient attack, when the attacker waits until the end to generate threats, the experiences in the analyst's memory that indicate an attack" are not as readily retrieved, says Dutt, which "makes it difficult to correctly detect patient attacks."

Dutt notes, "Application of our results include the design of training tools that increase competency and the development of decision-support tools that improve defenders' on-the-job performance in detecting cyber attacks." The authors suggest that employers evaluate an analyst's risk tolerance before employment and/or manipulate tolerance levels during training to better identify threats.

As cyber warfare strategies and tactics evolve, the authors plan to further investigate the trend of drawn-out attacks and new intrusion detection software.
-end-
Varun Dutt is an assistant professor in the School of Computing and Electrical Engineering and School of Humanities and Social Sciences at the Indian Institute of Technology, Mandi, India. Young-Suk Ahn is a master's student in the School of Computer Science. Cleotilde Gonzalez is an associate research professor in the Department of Social and Decision Sciences at Carnegie Mellon University, Pittsburgh, Pennsylvania.

For more information on this article or to obtain a copy for reporting purposes, contact HFES Communications Director Lois Smith (lois@hfes.org; 310/394-1811).

The Human Factors and Ergonomics Society is the world's largest nonprofit individual-member, multidisciplinary scientific association for human factors/ergonomics professionals, with more than 4,500 members globally. HFES members include psychologists and other scientists, designers, and engineers, all of whom have a common interest in designing systems and equipment to be safe and effective for the people who operate and maintain them. "Human Factors and Ergonomics: People-Friendly Design Through Science and Engineering"

Plan to attend the HFES 2013 International Symposium on Human Factors and Ergonomics in Health Care: Advancing the Cause, to be held March 11-13, 2013 at the Baltimore Marriott Waterfront Hotel.

Human Factors and Ergonomics Society

Related Risk Articles from Brightsurf:

Early life risk factors predict higher obesity and cardiometabolic risk
Early life risk factors in the first 1000 days cumulatively predict higher obesity and cardiometabolic risk in early adolescence, according to new research led by the Harvard Pilgrim Health Care Institute.

None of the most common blood pressure medications increased the risk of depression, some lowered the risk
Among the 41 most common blood pressure medications, none of them raised the risk of depression, according to an analysis from Denmark.

Lung-specific risk factors may increase hip fracture risk in individuals who smoke
Smoking has been linked to a higher risk of bone fractures.

Genetic risk scores may improve clinical identification of patients with heart attack risk
Researchers at Mass General and the Broad Institute have found that applying polygenic risk scores can identify patients at risk of a heart attack who may be missed in standard clinical evaluations.

New risk prediction model could identify those at higher risk of pancreatic cancer
A risk prediction model that combined genetic and clinical factors with circulating biomarkers identified people at significantly higher than normal risk of pancreatic cancer.

Risk of HIV-related heart disease risk varies by geography, income
People living with human immunodeficiency virus (HIV) infection are at higher risk of cardiovascular disease (CVD) compared to people without HIV.

Genetic study provides most comprehensive map of risk to date of breast cancer risk
A major international study of the genetics of breast cancer has identified more than 350 DNA 'errors' that increase an individual's risk of developing the disease.

New risk scores help physicians provide better care for high-risk pulmonary patients, study finds
Study of more than 17,000 patients finds new laboratory-based method of estimating outcomes for patients with a severe pulmonary disorder that has no cure can help physicians better provide proper care, referrals, and services for patients at the end of life.

Researchers develop model to predict suicide risk in at-risk young adults
New research from Pitt's School of Medicine shows that fluctuation and severity of depressive symptoms are much better at predicting risk of suicidal behavior in at-risk young adults.

High-risk sexually transmitted HPV virus associated with increased CVD risk
Infection with high-risk strains of the human papillomavirus (HPV), which have been linked to cancer, might increase the risk of heart and blood vessel or cardiovascular disease, especially among women with obesity or other cardiovascular risk factors.

Read More: Risk News and Risk Current Events
Brightsurf.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.