What You Can Change and What You Can’t: Human Experience in Computer Network Defenses

  • Vivien M. Rooney
  • Simon N. Foley
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11252)


The work of Computer Network Defense conducted, for instance, in Security Operations Centers and by Computer Security Incident Teams, is dependent not alone on technology, but also on people. Understanding how people experience these environments is an essential component toward achieving optimal functioning. This paper describes a qualitative research study on the human experience of working in these environments. Using Grounded Theory, a psychological understanding of the experience is developed. Results suggest that positive and negative aspects of the work are either amenable or not amenable to change. Areas of tension are identified, and posited as the focus for improving experience. For this purpose, psychological theories of Social Identity Theory, Relational Dialectics, and Cognitive Dissonance, provide a way of understanding and interpreting these components of Computer Network Defence work, and can be used to assess the experience of staff.



This work was supported by the Cyber CNI Chair of Institute Mines-Télécom which is held by IMT Atlantique and supported by Airbus Defence and Space, Amossys, BNP Parisbas, EDF, Orange, La Poste, Nokia, Société Générale and the Regional Council of Brittany; it has been acknowledged by the French Centre of Excellence in Cybersecurity.


  1. 1.
    Baxter, L., Braithwaite, D.: Relational dialectics theory. In: Engaging Theories in Interpersonal Communication: Multiple Perspectives, pp. 349–361. Sage (2008)Google Scholar
  2. 2.
    Charmaz, K.: Constructing Grounded Theory. Sage Publications, London (2006)Google Scholar
  3. 3.
    Chen, T., Shore, D., Zaccaro, S.J., Dalal, R.S., Tetrick, L., Gorab, A.: An organizational psychology perspective to examining computer security incident response teams. Secur. Priv. 5(12), 61–67 (2014)CrossRefGoogle Scholar
  4. 4.
    Festinger, L.: A Theory of Cognitive Dissonance. Stanford University Press, Palo Alto (1957)Google Scholar
  5. 5.
    Jajodia, S., Albanese, M.: An integrated framework for cyber situation awareness. In: Liu, P., Jajodia, S., Wang, C. (eds.) Theory and Models for Cyber Situation Awareness. LNCS, vol. 10030, pp. 29–46. Springer, Cham (2017). Scholar
  6. 6.
    Kandogan, E., Haber, E.: Security administration tools and practices. In: Security and Usability: Designing Secure Systems that People Can Use (2006)Google Scholar
  7. 7.
    Kvale, S., Brinkmann, S.: InterViews. Learning the Craft of Qualitative Research Interviewing, 2nd edn. Sage Publications, London (2009)Google Scholar
  8. 8.
    Liu, P., et al.: Human subject research protocol: Computer-aided human centric cyber situation awareness: Understanding cognitive processes of cyber analysts. Technical report ARL-TR-6731, Army Research Laboratory, MD, USA (2013)Google Scholar
  9. 9.
    O’Connell, D., Kowal, S.: Basic principles of transcription. In: Rethinking Methods in Psychology. Part II, Discourse as Topic, chap. 7. Sage, London (1995)Google Scholar
  10. 10.
    Paul, C.L., Whitley, K.: A taxonomy of cyber awareness questions for the user-centered design of cyber situation awareness. In: Marinos, L., Askoxylakis, I. (eds.) HAS 2013. LNCS, vol. 8030, pp. 145–154. Springer, Heidelberg (2013). Scholar
  11. 11.
    Sundaramurthy, S., et al.: A human capital model for mitigating security analyst burnout. In: Symposium on Usable Privacy and Security. USENIX (2015)Google Scholar
  12. 12.
    Sundaramurthy, S., et al.: Turning contradictions into innovations or: how we learned to stop whining and improve security operations. In: Symposium on Usable Privacy and Security (SOUPS). USENIX (2016)Google Scholar
  13. 13.
    Tajfel, H., Turner, J.: An integrative theory of intergroup conflict. In: The Social Psychology of Intergroup Relations, pp. 33–47 (1979)Google Scholar
  14. 14.
    UK Economic and Social Research Council: Research ethics - ESRC.
  15. 15.
    Velasquez, N., Weisband, S.: Work practices of system administrators: implications for tool design. In: Symposium on Computer Human Interaction for Management of Information Technology. ACM (2008)Google Scholar
  16. 16.
    Weir, C., Rashid, A., Noble, J.: I’d like to have an argument, please: using dialectic for effective app security. In: EuroUSEC 2017. Internet Society, April 2017Google Scholar
  17. 17.
    Werlinger, R., Hawkey, K., Beznosov, K.: An integrated view of human, organizational, and technological challenges of it security management. Inf. Manag. Comput. Secur. 17(1), 4–19 (2009)CrossRefGoogle Scholar
  18. 18.
    Zimmerman, C.: Ten strategies of a world-class cybersecurity operations center. Technical report The MITRE Corporation, Bedford, MA, USA (2014)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.IMT Atlantique, Lab-STICCUniversité Bretagne LoireRennesFrance

Personalised recommendations