A Model to Facilitate Discussions About Cyber Attacks

  • Jassim HappaEmail author
  • Graham Fairclough
Part of the Philosophical Studies Series book series (PSSP, volume 124)


The evolution of the Internet and digital systems is making it increasingly difficult to understand cyber attacks. Politicians, ethicists, lawyers, business owners and other stakeholders are all affected by them, yet many lack necessary technical background to make correct decisions in dealing with them. Conversely, cyber-security analysts have a better understanding about the technical aspects of cyber attacks, but many do not understand the repercussions of decisions made from their perspective alone. Both contextual (e.g. societal, political, legal, financial, reputational aspects etc.) as well as technical considerations must be taken into account in making decisions that relate to a cyber attack. A plethora of cyber-attack models exist today that aid (to some degree) understanding of attacks. Most of these however focus on delivering insight from a single perspective: technical detail or understanding of human-centric factors. These approaches do not outline how a discussion among expert-domain people of different backgrounds should be conducted to establish a basic situational awareness understanding, from which to make collective decisions. In this chapter, we present our efforts towards establishing such a model to enable a collective approach in discussing cyber attacks. In this paper, we propose a first version, but believe extensions should be made. We also acknowledge that testing and assessment in real environments is necessary.


Attack models Mental models Cyber attacks 


  1. Alberts, D.S., J.J. Garstka, R.E. Hayes, and D.A. Signori, 2001. Understanding information age warfare. Assistant secretary of defense (c3i/command control research program).Google Scholar
  2. Bishop, M. 1995. A taxonomy of Unix system and network vulnerabilities. Technical Report CSE-95-10, Department of Computer Science, University of California at Davis.Google Scholar
  3. Booz. Allen. Hamilton. 2012. Cybersecurity: Mission integration to protect your assets. Cybersecurity-Mission-integration-to-protect-your-assets-fs.pdf. Accessed 8 Sept 2014.
  4. Cohen, F. 1997. Information system attacks: A preliminary classification scheme. Computers & Security 16(1): 29–46. Elsevier.Google Scholar
  5. CPNI, Centre for Protection of National Infrastructure. Accessed 7 Sept 2014.
  6. Dervin, B. 1992. From the mind’s eye of the user: The sense-making qualitative-quantitative methodology. In Qualitative research in information management, ed. J. Glazier and R.R. Powell, 61–84. Englewood: Libraries Unlimited.Google Scholar
  7. DSTL Centre for Defence Enterprise (CDE) Cyber Situational Awareness Launch Presentation 2012. Accessed 7 Sept 2014.
  8. Duffy, M. 1995. Sensemaking in classroom conversations. In Openness in research: The tension between self and other, ed. I. Maso, 119–132. Assen: Van Gorcum.Google Scholar
  9. Greitzer, F.L., and T.A. Ferryman, 2013. Methods and metrics for evaluating analytic insider threat tools. In Proceedings of the 2013 IEEE Security and Privacy Workshops (SPW’13), California, USA, 90–97. IEEE, May 2013.Google Scholar
  10. Greitzer, F.L., P. Paulson, L. Kangas, T. Edgar, M.M. Zabriskie, L. Franklin, and D.A. Frincke, 2009. Predictive modelling for insider threat mitigation, Technical report PNNL-60737. Pacific Northwest National Laboratory.Google Scholar
  11. Hadnagy, C. 2011. Social engineering: The art of human hacking. Indianapolis: Wiley.Google Scholar
  12. Healey, J. 2013. A fierce domain: Conflict in cyber space. Cyber Conflict Studies Association.Google Scholar
  13. Howard, J.D., and T.A. Longstaff. 1998. A common language for computer security incidents. Sandia National Laboratories.Google Scholar
  14. Hutchins, E.M., M.J. Cloppert, and R.M. Amin. 2011. Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Leading Issues in Information Warfare and Security Research.Google Scholar
  15. Hutton, R., G. Klein, and S. Wiggins. 2008. Designing for sensemaking: A macrocognitive approach. In Sensemaking Workshop.Google Scholar
  16. Intelligence National Security Alliance. 2012. Cyber Intelligence: setting the landscape for an emerging discipline. Air and Space Power Journal.Google Scholar
  17. Legg, P., N. Moffat, J.R. Nurse, J. Happa, I. Agrafiotis, M. Goldsmith, and S. Creese. 2013. Towards a conceptual model and reasoning structure for insider threat detection. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications. 4: 20–37.Google Scholar
  18. Lough, D.L. 2001. A taxonomy of computer attacks with applications to wireless networks. Blacksburg: University Libraries, Virginia Polytechnic Institute and State University.Google Scholar
  19. MITRE Corporation. 2012. Common Attack Pattern Enumeration and Classification (CAPEC). Accessed 7 Sept 2014.
  20. NATO. 2012a. NATO policy on cyber defence. NATO Cooperative Cyber Defence Centre of Excellence. Accessed 7 Sept 2014.
  21. NATO. 2012b. NATO cyber security framework manual. NATO Cooperative Cyber Defence Centre of Excellence. Accessed 7 Sept 2014.
  22. Norman, D.A. 1983. Some observations on mental models. In Mental models, ed. D. Gentner and A.L. Stevens, 7–14. Hillsdale: Lawrence Erlbaum Associates Inc.Google Scholar
  23. Nye, J. 2011. The future of power. New York: Public Affairs.Google Scholar
  24. Pirolli, P., and S. Card. 2005. The sensemaking process and leverage points for analyst technology as identified through cognitive task analysis. In Proceedings of International conference on intelligence analysis.Google Scholar
  25. Simmons, C., C. Ellis, S. Shiva, D. Dasgupta, and Q. Wu. 2009. AVOIDIT: A cyber attack taxonomy, Technical report: CS-09-003. University of Memphis (August 2009).Google Scholar
  26. Weick, K. 1979. The social psychology of organizing. New York: McGraw-Hill.Google Scholar
  27. Weick, K.E. 1988. Enacted sensemaking in crisis situations. Journal of Management Studies 25(4): 305–317. Wiley.Google Scholar
  28. Xiao, L., J. Gerth, and P. Hanrahan, 2006. Enhancing visual analysis of network traffic using a knowledge representation. In Proceedings of the IEEE Symposium on Visual Analytics Science and Technology. IEEE.Google Scholar

Copyright information

© Springer International Publishing Switzerland 2017

Authors and Affiliations

  1. 1.Department of Computer ScienceUniversity of OxfordOxfordUK
  2. 2.Oxford Internet InstituteUniversity of OxfordOxfordUK

Personalised recommendations