This is the second post in a series by psychologist Rebecca McKeown, a specialist focused on improving human response in pressurized situations. She is a visiting lecturer at Cranfield University, and works with the Ministry of Defence, helping the armed forces build more agile human assets.
As pointed out in my previous post, decision-making in cybersecurity has been designated a ‘wicked problem’ by psychologists researching how it can be improved.
A wicked problem is one that is difficult to solve because of incomplete, contradictory, and changing requirements. I’m sure any cybersecurity person will be familiar with such a problem.
This is because it requires a complex mix of strategic and operational judgements in a blended digital and physical world. Everything from technical to social abilities need to be honed to build reasoning in such a complicated and fluid environment.
Research carried out in 2017 at the Norwegian Cyber Defence Academy called this tangle of skills and digital/real world environment a ‘hybrid space’ for decision-making. It found the high information load experienced by cybersecurity people was so demanding it required ‘cognitive agility to traverse across the cyber/physical and tactical/strategic dimensions’.
Basically, there is so much going on that decision-making becomes very difficult.
The paper saw the team devise a simple framework called the Hybrid Space Conceptual Framework for mapping cyber decision-making. It attempts to classify where skills lie on a quadrant by splitting out the different tactical and strategic elements at play. Malware forensics, for example, might take place bottom left, whereas someone advising on an organizational response to an attack would be higher and to the right.
Recent subsequent research by the same team underlined the need to develop cognitive agility to operate effectively in this hybrid space.
What are the elements of cognitive agility?
Developing cognitive agility in cyber crisis responders first requires a solid knowledge base upon which to build. These skills must be continually reinforced to prevent deterioration.
To develop cognitive agility, the crisis responder needs to focus on three core concepts:
- Flexibility: The ability to consciously control their thinking, switch between concepts, and consider multiple views of the crisis as it unfolds is important. By considering the context of a situation, incident responders learn to challenge automatic responses that might be incorrect. In a cyber crisis, this could be ensuring that overall business risk is a part of decision-making as opposed to simply pursuing technical goals.
- Openness: Cyber crisis responders need to be open to different ideas and perspectives from a variety of stakeholders as the incident unfolds. In psychological terms, not doing so could cause them to fall foul of the Dunning-Kruger effect. This cognitive bias leads people to believe they have all the answers, which ends with flawed solutions becoming embedded into the crisis from the very beginning.
- Focus: Knowing how to identify and focus on relevant information and ignore the distractions is a skill that most cyber crisis responders acknowledge but may need help refining. Deluged with a combination of technical data, reputational analysis and legal advice, effective incident responders are those with the ability to home in on what is important.
Cybersecurity presents an interesting new domain for the psychology of crisis response as it requires a higher cognitive workload than many traditional situations. Developing these softer skills could have a powerful cumulative effect on crisis response in this complex hybrid area. In a space which is often defined by machine on machine attacks, it is ironic that the human element might give defenders the edge.
In the next post in this series, Rebecca will outline how security leaders can build these skills into their teams using the latest progressive methods. To find out more now, read our eBook linked to this series.
16 November 2020
Latest Blog posts
Wicked problems: navigating crises when there’s no clear path
1 April 2021
Play along with our new crisis scenario – Insider Threat: Pharma Drama!
31 March 2021
The People of InfoSec on the People of InfoSec: The Thought Leader’s View
31 March 2021
SaltStack: further injection vulnerabilities
24 March 2021
Immersive Labs Chooses Global Channel-First Strategy With 50 New Partners and Transparent Structure
18 March 2021
The View from the CISO’s Chair
18 March 2021