|Human Systems Integration Approach to Cyber Security
|Human Factors and Medicine|
Cognitive capacity of cyber force, Cyber defence, Cyber security, Cyber security Awareness, Cyber security ergonomics, Cyber security organizational culture, Cyber-warfare resilience, Human behaviour influencing, Human factors, NATO Policy on Cyber Defence, Organizational vulnerability, Social media
Our lives are being built around digital networks, with social media as a recent development. Interventions to these networks pose a real threat to the NATO nationsH security and to the Alliance. In order to keep abreast with the rapidly changing threat landscape and maintain a robust cyber defence, NATO has adopted a new enhanced policy (NATO Policy on Cyber Defence, endorsed by Allied Defence Ministers in June 2014). The policy establishes that cyber defence is part of the Alliances core task of collective defence, confirms that international law applies in cyberspace and intensifies NATOs cooperation with industry. The top priority is the protection of the communications systems owned and operated by the Alliance.
While technological solutions are being developed in response to cyber-attacks, there is increasing awareness that besides a technical approach the role of human performance and decision making in cyber security is critical to increase the effectiveness of responses to developing threats. The human factor may be a systems weakest link, but may also be a powerful resource to detect and mitigate developing threats. The broadness of human factors involved in cyber space and the absence of a consistent theory seem to hinder the focused development of integrated approaches to cyber security.
The HFM exploratory team (ET)-129 Human Factors in Cyber Security was established to map out diverse dimensions of how Human factors can improve cyber security. The ET HFM-129 identified several areas of most critical and urgent needs and the knowledge gaps to address in cyber research agendas of NATO and the nations that can be defined as Psycho-social, Cultural, Conceptual and Organizational dimensions of cyber security. The common perspective for these research needs is that the interaction between users, cyber security specialists, interconnected organisations, and technologies form a sociotechnical system that balance security needs with operational needs.
In addition, there is a lack of research attention devoted to concepts and doctrine development, the role of organisational culture and processes to increase NATO cyber defence capacity. Particular attention should be paid to improving the state of its cyber defence education, training, exercises and evaluation (ETEE), as well as a lessons learned (LL).
(See continuing text in ToR)
To promote further cooperative human-centered research activities in NATO framework on the complex phenomenon of cyber security as a system covering diverse dimensions such as psycho-social, cultural, organizational processes, technology and software developments;
To study specific issues related to selection, education, training and retention of cyber force, and to identify the spectrum of Knowledge, Skills and Abilities (KSA) that IT experts need for efficient performance;
To develop and test methodologies to measure organizational cyber security awareness and security posture in defence organizations;
To suggest possible approaches to improve resilience to cyber-attacks at individual, team and organization level;
To develop human factors support tools for enhancing individual and group cyber security sensitivity.
Recruitment, selection, training and maintenance of the cyber force;
Identification and mitigation of potential cyber security vulnerabilities (organisational processes and tools for creating cyber security awareness;
abilities that are essential for organizational resilience to cyber-attacks;
effective protection mechanisms in the network, especially those that focus against being negatively influenced;
ethics of using cyber systems to influence operator and user behaviour; measurement of effectiveness (MoE) for human performance in cyber defence, etc.);
Improving human-machine interfaces (reducing complexity of security systems; trust and openness in networked information and network-based interactions, etc.).