Assessing network security analysts’ abilities to prevent ‘cyber Pearl Harbor’
December 4, 2012
(Credit: iStockphoto)
U.S. Defense Secretary Leon E. Panetta warned that the United States is facing the possibility of a “cyber-Pearl Harbor” and is increasingly vulnerable to foreign computer hackers who could disrupt the government, utility, transportation, and financial networks.
Key to protecting online operations is a high degree of “cyber security awareness,” according to human factors/ergonomics researchers Varun Dutt, Young-Suk Ahn, and Cleotilde Gonzalez.
In their Human Factors article, “Cyber Situation Awareness: Modeling Detection of Cyber Attacks With Instance-Based Learning Theory,” they developed a computer model that presented 500 simulated cyber attack scenarios to gauge simulated network security analysts’ ability to detect attacks.
The attacks were characterized as either “impatient” (the threat occurs early in the attack) or “patient” (the threat comes later in the attack and is not detected promptly). Their model was able to predict the detection rates of security analysts by varying the analysts’ degree of experience and risk tolerance as well as an attacker’s strategy (impatient or patient attack).
The authors found that experienced, risk-averse analysts were less accurate at detecting threats in patient than in impatient attacks. “In a patient attack, when the attacker waits until the end to generate threats, the experiences in the analyst’s memory that indicate an attack” are not as readily retrieved, says Dutt, which “makes it difficult to correctly detect patient attacks.”
Dutt notes, “Application of our results include the design of training tools that increase competency and the development of decision-support tools that improve defenders’ on-the-job performance in detecting cyber attacks.” The authors suggest that employers evaluate an analyst’s risk tolerance before employment and/or manipulate tolerance levels during training to better identify threats.
As cyber warfare strategies and tactics evolve, the authors plan to further investigate the trend of drawn-out attacks and new intrusion detection software.
Comments (11)
by Bri
I see a lot of apples being compared to raisins. Japan attacked Pearl harbor as a military action. It wiped out our Pacific naval defenses. It was in concert with other acts of war. I don’t see the Iranian military being targeted. I’m not defending Stuxnet. I just think the conflation is a bit extreme. Our computer systems are constantly being hacked and attacked. I think it would be wise to not line up our planes on the runway again. Sometimes the US is too complacent.
by Mr.X
Cyber pearl harbor already happened: http://en.wikipedia.org/wiki/Stuxnet.
by Gorden Russell
Thanks, Mr. X, that was a good article.
by Mr.X
Somehow I think your answer is funny ;) Thanks.
Maybe I was too impatient;)
by Gorden Russell
But don’t forget, it’s the patient attack that works.
by Mr.X
@Gorden: Thank you for stating plainly what I hinted at so imperfectly.It is always a pleasure to read your comments.
Anyway: Maybe the real attack is yet to come!?You can not know for sure, until it either hits you straight “between the eyes” (and even then this event may blind you) or any potential attacker who potentially plots has finally perished (at least in his/her/Its plotting role).
I wouldn’t be too afraid of a second “Pearl habor”, taken literally.I consider the historical event to be the failure of an operation that even in success would have brought no lasting joy to it’s designers.
Now, you may say: What do you fool know of these matters? And I
-not wanting to be drawn into lengthy arguments- would prefer to borrow the authority of murdered admiral Isoroku Yamamoto:
http://www.nytimes.com/2011/12/07/opinion/a-reluctant-enemy.html?pagewanted=all&_r=0
Anyway: To use your language- the allusion to pearl habor is just playing with “the hearts & minds” of the American people.Fear is often used to gain public support for all manner of causes.
by Gabriel
Huh…..huh…..
That’s…interesting – it’s certainly the most well-known cyber-attack thus far, considering their haven’t really been any notable ones to begin with, and it’s effect was devastating.
If Panetta’s strategy is that we need to expand our security to deal with cyber-threats, then Iran has indeed been the ‘Cyber-Pearl Harbor”….because they are the ones who have suffered under a threat and shown that they need to expand their security.
I don’t mean to be cynical, but it’s sort of funny….I wonder if the reason their is this feeling their has been no “Cyber-Pearl Harbor” thus far, is simply because America isn’t the one to suffer from it. If the world feels it needs a major cyber-attack to be in awe and afraid of, so they have an excuse to expand their security, look to the Iranians – it already happened.
I probably do sound cynical, but it’s just interesting in a way….I’m guessing the only reason nobody is giving it much fuss is, obviously, because this is Iran we’re talking about, not to mention we (America) did it to them. Had it been vice-versa, people would be screaming that we need to expand our security and the rest of the world would probably follow suit….but Iran? most people don’t even know about it.
by Mr.X
@Gabriel: You may not be aware of it but -in response to the evil, unwarranted attack on Iran- many European countries quietly stepped up the level of their preparedness in face of cyber-threat.
Germany, for example, has founded a “group” that exists solely to explore the possibilities concerning this new dimension of international interaction.Afaik, the French are also plotting and scheming, as they otherwise do in all things related to diplomacy.
Please don’t ask me for sources, for I would have to search English ones to make providing them relevant, and you yourself didn’t give any sources as to your statements.I think, this way we both can save our precious time;)
Have a nice day.
by Gabriel
I honestly wasn’t aware of that Mr.X — if other countries have really already stepped up their cyber-security, then it’s arguable that the Cyber-Pearl Harbor has already happened.
I didn’t provide any sources to anything I said, because I was just expressing my response to what you said earlier.
I’m not sure I would call what happened to Iran as “evil” – obviously, it’s all very political, but if an unstable regime is stalled in it’s nuclear capabilities, I can see the relief, but that’s another issue entirely.
What I was trying to get out, is the idea of this Cyber-PH having already taken place in contrast to what Mr.Panetta believes — the thing is, it wasn’t us it happened too. Their was no loss of life (arguably, lives were saved by stalling Iran), no tragedy except what Iran suffered….but it’s certainly the most elaborate cyber-attack yet and has, as you said, alerted other countries to already start implementing their own defenses.
I’m trying to understand if such an event hasn’t happened yet, or if it has, and American Exceptionalism is the only reason we don’t feel like it has.
by Mr.X
“What I was trying to get out, is the idea of this Cyber-PH having already taken place in contrast to what Mr.Panetta believes — the thing is, it wasn’t us it happened too.”
Could it be that you presume this politician is honest!?He is maximalizing his own utility, to make proper use of jargon I picked up elsewhere.
Concerning sources: No problem.I just said this, because some presumably smart people here asked me for “proofs” when I just expressed my opinion, which just so happens to be sth they didn’t like, proofing in the process that they themselves either don’t know the word or have their own agenda (e.g attacking someone who expressed something they didn’t want to hear).Furthermore, they seemed oblivious to the fact that they themselves also built their imagined castles on sand.These evil-doers, I try to guard myself against them.
But I actually don’t believe in evil, just thought it would provoke disagreements in people who are so swift to able the actions of others, which from the outside just look like their own, with this nice adjective.
Judgements of this kind are used to hold together groups, and now they are used on others in order to keep sleeping the human instincts that would prompt people to rise up against unjust actions brought upon others by their own leaders.Violence needs “morality”.Sometimes we call this propaganda.
Anyway,
“and American Exceptionalism is the only reason we don’t feel like it has.”
Someone who tried (in vain) to teach me how to reason “more” correctly warned me against the use euphimisms, so let’s call a spade a spade, let’s call it supposed American Exponentialism by its true name: American Provincialism.
The main difference between this provincialism and others is that some people are quite vocal about it and try to force their views on others.
So yes it happened, your beloved country did it.
by egore
I would suspect any computer threat that we can manufacture can also be used against us. It is also likely in my opinion that a threat against Iran or any other country will ultimately be used against us. only my opinion.