AHFE Open AccessOut of Sight but Still In Mind: Making ‘Invisible’ Cyber Threats More Salient Via Concrete Analogies
Abstract
It can be easier to conceive of and anticipate physical threats than cyber threats. Cyber threats can involve unseen remote hackers, and capitalize on invisible wireless signals as vectors. As such cyber threats are often out of sight and out of mind. How can we make these abstract, 'invisible' threats more intuitive and salient? We employed concrete analogies to enable future Army Officers to better anticipate cyber threats in tactical contexts. Modern multi-domain battle involves not only physical threats like fire fights and improvised explosive devices (IEDs), but also, increasingly, cyber threats. For example, the enemy may jam, intercept or track communication signals, hack into computing systems to exfiltrate or alter information, and/or hack equipment with electronic and autonomous components (including navigation systems, drones and robots). To ensure readiness, all soldiers, (not only cyber specialists) must have some awareness of this 'threatscape'. We developed the problem anticipation task (PAT) to gauge the degree to which participants would anticipate cyber as well as non-cyber tactical threats. They read a hypothetical mission description and tried to anticipate various problems that could arise. The mission explicitly mentioned several cyber-vulnerable components (e.g., radios, navigation systems, drones, biosensors, cell phones). Prior research using a sample from the same population indicated that about 40% of subjects did not anticipate a single cyber threat (Pyke, Ness, Feltner, in press). The current research used the PAT as a pre- and post-test and included an intervening intervention. Experimental subjects read a passage about a fictitious historical mission set in the 1800s. The version of the passage presented to the experimental group included historical issues (e.g., carrier pigeon intercepted by enemy) that were intended to be analogous to modern cyber-related issues (e.g., wireless communications signal intercepted/tapped by enemy). The intervention for the comparison group involved a passage describing historical issues (e.g., horse losing a shoe) that were intended to be analogous to modern non-cyber related issues (e.g., vehicle breakdown). Note that the link to the corresponding modern situation was not made explicit to the participants, they were just exposed to a historical situation that could lend itself to being analogous to a modern cyber situation. For the experimental group (but not the control) there was a significant gain in the percent of participants who were able anticipate one or more cyber issues. Thus, concrete analogies can serve to make 'invisible' cyber threats more intuitive and easier to anticipate.
Keywords: cybersecurity, cyber analogies, anticipating cyber threats, problem anticipation task (PAT)
DOI: 10.54941/ahfe1003716
Cite this paper
More from this volume
- Deployment of Ransomware Detection Using Dynamic Analysis and Machine Learning
- Keeping the human element to secure autonomous shipping operations
- Analysis of Risks to Data Privacy Throughout European Countries
- Maladaptive Behaviour in Phishing Susceptibility: How Email Context Influences the Impact of Persuasion Techniques
- The Effects of Cyber Readiness and Response on Human Trust in Self Driving Cars
- Using Security Metrics to Determine Security Program Effectiveness
- Social Engineering Penetration Testing within the OODCA Cycle – Approaches to Detect and Remediate Human Vulnerabilities and Risks in Information Security
- Bringing humans at the core of cybersecurity: Challenges and future research directions
- Enhancing practical cybersecurity skills: The ECSF and the CyberSecPro European efforts
- C.S. Technopoly: A Megagame for Teaching and Learning Cybersecurity
- Training the Trainers for Cybersecurity Exercises - Developing EXCON-teams
- Architectural Design for Secure Smart Contract Development