Presented at
Black Hat USA 2018,
Aug. 8, 2018, 11:15 a.m.
(50 minutes)
Hacking is a high-risk, high-reward, with a high-cost to human capital. In this session, we will talk about the effects of human factors in cyber operations and why you should care about them. Specifically, we will focus on results of research at the National Security Agency that studied the effects of cognitive stress on tactical cyber operators. A key motivation for this work was the intuition that cognitive stress may negatively affect operational security, work performance, and employee satisfaction. Operator fatigue, frustration, and cognitive workload increases significantly over the course of a tactical cyber operation. Fatigue and frustration are correlated, and as one increases so does the other. The longer the operation, the greater the mental demand, physical demand, time pressure, frustration, and overall effort needed to complete the operation. Operations longer than 5 hours have 10% greater increases in fatigue and frustration compared to shorter operations. We found no link of performance to operation length; that is, from the operator's perspective longer operations did not result in higher success. Knowing how these factors affect cyber operations has helped us make more informed decisions about mission policy and workforce health. We hope that by sharing this with the greater Black Hat community, they will also be able to learn from our study and improve their own cybersecurity operations.
Presenters:
-
Josiah Dykstra
- Computer Network Operations Subject Matter Expert, National Security Agency
Dr. Josiah Dykstra is a researcher and subject matter expert in computer network operations at the National Security Agency. He has spent the past 13 years as a practitioner and researcher in digital forensics, cloud computing, network security, penetration testing, and human factors. Josiah holds a PhD in computer science from the University of Maryland, Baltimore County. He is the author of one book and numerous research papers, and in 2017 he received the Presidential Early Career Award for Scientists and Engineers. He is a Fellow and speaker at the American Academy of Forensic Sciences (AAFS), an author/organizer at the Digital Forensics Research Workshop (DFRWS), and has spoken at RSA.
-
Celeste Paul
- Senior Researcher, National Security Agency
Dr. Celeste Lyn Paul is a senior researcher in the Computer and Analytical Science Research group at the National Security Agency. Her work focuses on understanding and overcoming the challenges of working in cyber operations. She is also an adjunct assistant professor for the Department of Computer Science at the University of Maryland where she teaches human-computer interaction. Before joining the NSA, Dr. Paul spent a decade in industry working on problems related to security, health informatics, and education. She also spent many years leading usability and design efforts in open source software while serving on the KDE e.V. Board of Directors and the Kubuntu Council. More recently, she was the president of HACDC, a hackerspace focused on community education and outreach in Washington, D.C. Celeste earned her Ph.D. in Human-Centered Computing from the University of Maryland, Baltimore County.
Links:
Similar Presentations: