Supporting the Human in Cyber Defence

  • Kirsi HelkalaEmail author
  • Benjamin J. Knox
  • Øyvind Jøsok
  • Ricardo G. Lugo
  • Stefan Sütterlin
  • Geir Olav Dyrkolbotn
  • Nils Kalstad Svendsen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10683)


Incident detection is not merely the result of a technological process, but the output of a socio-technical system where the human has an important part to play. In this paper we focus on the human role within a socio-technically defined incident detection context by discussing the case of the Norwegian Cyber Defence approach. We show that the human has an important part in the process, not only by owning technical skills but also high-level cognitive skills that help critical thinking, decision-making and communication. We further summarize the results of our previous research and discuss how it can be applied, in order to improve educational content of an incident detection team. We strongly believe that the topics discussed in this paper, when implemented and applied, will help transforming the weakest link - the human - to the strongest defence.


Cyber security Cyber defence Human factors Incident detection Socio-technical system 


  1. 1.
    Alcaraz, C., Lopez, J.: Wide-area situational awareness for critical infrastructure protection. Computer 46(4), 30–37 (2013)CrossRefGoogle Scholar
  2. 2.
    Association for Computing Machinery: Computer Engineering Curricula 2016: Curriculum Guidelines for Undergraduate Degree Programs in Computer Engineering. IEEE Computer Society, December 2016Google Scholar
  3. 3.
    Bandura, A.: Self-efficacy: The Exercise of Control. Freeman and Co., New York (1997)Google Scholar
  4. 4.
    Bejtlich, R.: The Tao of Network Security Monitoring-beyond Intrusion Detection. Addison-Wesley, Boston (2005)Google Scholar
  5. 5.
    Blumbergs, B., Pihelgas, M., Kont, M., Maennel, O., Vaarandi, R.: Creating and detecting IPv6 transition mechanism-based information exfiltration covert channels. In: Brumley, B.B., Röning, J. (eds.) NordSec 2016. LNCS, vol. 10014, pp. 85–100. Springer, Cham (2016). CrossRefGoogle Scholar
  6. 6.
    Buchler, N., Fitzhugh, S., Marusich, L., Ungvarsky, D., Lebiere, C., Gonzalez, C.: Mission command in the age of network-enabled operations: social network analysis of information sharing and situation awareness. Front. Psychol. 7, 937 (2016)CrossRefGoogle Scholar
  7. 7.
    Champion, M., Rajivan, P., Cooke, N., Jariwala, S.: Team-based cyber defence analysis. In: IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (2012)Google Scholar
  8. 8.
    Choi, M., Levy, Y., Hovav, A.: The role of user computer self-efficacy, cybersecurity countermeasures awareness, and cybersecurity skills influence on computer misuse. In: Pre-ICIS Workshop on Information Security and Privacy (2013)Google Scholar
  9. 9.
    Daudelin, M.W.: Learning from experience through reflection. Organ. Dyn. 24(3), 36–48 (1996)CrossRefGoogle Scholar
  10. 10.
    Dyrkolbotn, G.O.: Computer Network Defence in the Norwegian Armed Forces. NISlecture, January 2013.
  11. 11.
    Endsley, M.: Measurement of situation awareness in dynamic systems. Hum. Factors 37(1), 65–84 (1995)CrossRefGoogle Scholar
  12. 12.
    Gangé, M., Deci, E.: Self-determination theory and work motivation. J. Organ. Behav. 26, 331–362 (2005)CrossRefGoogle Scholar
  13. 13.
    Gibney, A.: Zero days. Documentary (2016)Google Scholar
  14. 14.
    Helkala, K., Knox, B., Jøsok, Ø.: How the application of coping strategies can empower learning. In: Proceedings of Frontiers in Education Conference. IEEE (2015)Google Scholar
  15. 15.
    Helkala, K., Knox, B., Jøsok, Ø., Knox, S., Lund, M.: Factors to affect improvement in cyber officer performance. Inf. Comput. Secur. 24(2), 152–163 (2016)CrossRefGoogle Scholar
  16. 16.
    Helkala, K., Knox, B., Jøsok, Ø., Lugo, R., Sütterlin, S.: How coping strategies influence cyber task performance in the hybrid space. In: Stephanidis, C. (ed.) HCI 2016. CCIS, vol. 617, pp. 192–196. Springer, Cham (2016). CrossRefGoogle Scholar
  17. 17.
    Homeland Security, August 2016.
  18. 18.
    Hutchins, E.M., Cloppert, M.J., Amin, R.M., Lockheed Martin Corporation: White Paper: Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains (2011).
  19. 19.
    Jøsok, Ø., Knox, B.J., Helkala, K., Lugo, R.G., Sütterlin, S., Ward, P.: Exploring the hybrid space. In: Schmorrow, D.D.D., Fidopiastis, C.M.M. (eds.) AC 2016. LNCS (LNAI), vol. 9744, pp. 178–188. Springer, Cham (2016). Google Scholar
  20. 20.
    Jøsok, Ø., Knox, B.J., Helkala, K., Wilson, K., Sütterlin, S., Lugo, R.G., Ødegaard, T.: Macrocognition applied to the hybrid space: team environment, functions and processes in cyber operations. In: Schmorrow, D.D., Fidopiastis, C.M. (eds.) AC 2017. LNCS (LNAI), vol. 10285, pp. 486–500. Springer, Cham (2017). CrossRefGoogle Scholar
  21. 21.
    Judge, T., Jackson, C., Shaw, J., Scott, B., Rich, B.: Self-efficacy and work-related performance: the integral role of individual differences. J. Appl. Psychol. 92(1), 107–127 (2007)CrossRefGoogle Scholar
  22. 22.
    Klein, D.E., Klein, H.A., Klein, G.: Macrocognition: linking cognitive psychology and cognitive ergonomics. In: Proceedings of the 5th International Conference on Human Interactions with Complex Systems (2000)Google Scholar
  23. 23.
    Klein, G.: Naturalistic decision making. J. Hum. Factors Ergon. Soc. 50(3), 456–460 (2008)CrossRefGoogle Scholar
  24. 24.
    Klein, G.: Seeing what others don’t, the remarkable ways we gain insight. PublicAffairs (2013)Google Scholar
  25. 25.
    Klein, G., Ross, K.G., Moon, B.M., Klein, D.E., Hoffman, R.R., Hollnagel, E.: Macrocognition. IEEE Intell. Syst. 18(3), 81–85 (2003)CrossRefGoogle Scholar
  26. 26.
    Knox, B.J.: An exploration of the ways institutional development may be affected by the growing influence of cyberpower. Master’s thesis. The Open University of the United Kingdom, Development Management Program, April 2017Google Scholar
  27. 27.
    Knox, B.J., Jøsok, Ø., Helkala, K., Khooshabeh, P., Ødegaard, T., Lugo, R.G., Sütterlin, S.: Socio-technical communication: the hybrid space and the OLB-model for science-based cyber education. J Mil. Psychol. (2017, to appear)Google Scholar
  28. 28.
    Knox, B.J., Lugo, R.G., Jøsok, Ø., Helkala, K., Sütterlin, S.: Towards a cognitive agility index: the role of metacognition in human computer interaction. In: Stephanidis, C. (ed.) HCI 2017. CCIS, vol. 713, pp. 330–338. Springer, Cham (2017). CrossRefGoogle Scholar
  29. 29.
    Kott, A., Wang, C., Erbacher, R.F.: Cyber Defense and Situational Awareness. Springer, Switzerland (2014). CrossRefGoogle Scholar
  30. 30.
    Lugo, R.G., Kwei-Nahra, P., Jøsok, Ø., Knox, B.J., Helkala, K., Sütterlin, S.: Team workload demands influence on cyber detection performance. In: Proceedings of 13th International Conference on Naturalistic Decision Making, pp. 223–225. The University of Bath (2017).
  31. 31.
    Lugo, R.G., Sütterlin, S., Knox, B.J., Jøsok, Ø., Helkala, K., Lande, N.M.: The moderating influence of self-efficacy on interoceptive ability and counterintuitive decision making in officer cadets. J. Mil. Stud. 7(1), 1–9 (2016)CrossRefGoogle Scholar
  32. 32.
    Malmedal, B., Cyberforsvaret: White Paper: Arkitektur for en Forsvarbar Informasjonsinfrastruktur (2012).
  33. 33.
    McChrystal, S., Collins, T., Silverman, D., Fussell, C.: Teams of Teams: New Rules of Engagement for a Complex World. Penguin, New York (2016)Google Scholar
  34. 34.
    Merza, M.: The importance of investing in people, September 2016.
  35. 35.
    Ministry of Defence, United Kingdom: Future trends programme future operating environment, December 2015Google Scholar
  36. 36.
    Morrow, D.G., Fischer, U.M.: Communication in socio-technical systems. In: Lee, J.D., Kirlik, A. (eds.) The Oxford Handbook of Cognitive Engineering, pp. 178–199. Oxford University Press, Oxford (2013)Google Scholar
  37. 37.
    Murray, S.: Human skills are essential in battle against cyber crime, November 2016.
  38. 38.
    Osinga, F.: Science, Strategy and War : The Strategic Theory of John Boyd. Eburon Academic Publishers, Delft (2005)Google Scholar
  39. 39.
    Rajivan, P., Janssen, M.A., Cooke, N.J.: Agent-based model of a cyber security defence analyst team. In: Proceedings of the Human Factors and Ergonomics Society Annual Meeting, vol. 57, pp. 314–318. SAGE (2013)Google Scholar
  40. 40.
    Ruefle, R., Dorofee, A., Mundie, D., Householder, A.D., Murray, M., Perl, S.J.: Computer security incident response team development and evolution. IEEE Secur. Priv. 12(5), 16–26 (2014)CrossRefGoogle Scholar
  41. 41.
    Smy, V., Cahillane, M., MacLean, P.: Cognitive and metacognitive prompting in ill-structured tasks: the art of asking. In: Proceedings of International Conference on Information, Communication Technologies in Education (2015)Google Scholar
  42. 42.
    Stajkovic, A., Luthans, F.: Self-efficacy and work-related performance: a metaanalysis. Psychol. Bull. 124(2), 240 (1998)CrossRefGoogle Scholar
  43. 43.
    The World Bank: World development report 2016: digital dividends, May 2016.
  44. 44.
    Thomas, A.: What is development management? J. Int. Dev. 8(1), 95–100 (1996)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  • Kirsi Helkala
    • 1
    Email author
  • Benjamin J. Knox
    • 1
  • Øyvind Jøsok
    • 1
    • 2
  • Ricardo G. Lugo
    • 3
  • Stefan Sütterlin
    • 4
    • 5
  • Geir Olav Dyrkolbotn
    • 1
    • 6
  • Nils Kalstad Svendsen
    • 7
  1. 1.Norwegian Defence Cyber AcademyLhmrNorway
  2. 2.Child and Youth Participation and Development Research ProgramInland Norway University of Applied SciencesLhmrNorway
  3. 3.Department of PsychologyInland Norway University of Applied SciencesLhmrNorway
  4. 4.Faculty for Health and Welfare SciencesØstfold University CollegeHaldenNorway
  5. 5.Center for Clinical NeuroscienceOslo University HospitalOsloNorway
  6. 6.Centre for Cyber and Information SecurityGjøvikNorway
  7. 7.Norwegian University of Science and TechnologyGjøvikNorway

Personalised recommendations