This is the second post in a series by psychologist Rebecca McKeown, a specialist focused on improving human response in pressurized situations. She is a visiting lecturer at Cranfield University, and works with the Ministry of Defence, helping the armed forces build more agile human assets.
As pointed out in my previous post, decision-making in cybersecurity has been designated a ‘wicked problem’ by psychologists researching how it can be improved.
A wicked problem is one that is difficult to solve because of incomplete, contradictory, and changing requirements. I’m sure any cybersecurity person will be familiar with such a problem.
This is because it requires a complex mix of strategic and operational judgements in a blended digital and physical world. Everything from technical to social abilities need to be honed to build reasoning in such a complicated and fluid environment.
Research carried out in 2017 at the Norwegian Cyber Defence Academy called this tangle of skills and digital/real world environment a ‘hybrid space’ for decision-making. It found the high information load experienced by cybersecurity people was so demanding it required ‘cognitive agility to traverse across the cyber/physical and tactical/strategic dimensions’.
Basically, there is so much going on that decision-making becomes very difficult.
The paper saw the team devise a simple framework called the Hybrid Space Conceptual Framework for mapping cyber decision-making. It attempts to classify where skills lie on a quadrant by splitting out the different tactical and strategic elements at play. Malware forensics, for example, might take place bottom left, whereas someone advising on an organizational response to an attack would be higher and to the right.
Recent subsequent research by the same team underlined the need to develop cognitive agility to operate effectively in this hybrid space.
What are the elements of cognitive agility?
Developing cognitive agility in cyber crisis responders first requires a solid knowledge base upon which to build. These skills must be continually reinforced to prevent deterioration.
To develop cognitive agility, the crisis responder needs to focus on three core concepts:
- Flexibility: The ability to consciously control their thinking, switch between concepts, and consider multiple views of the crisis as it unfolds is important. By considering the context of a situation, incident responders learn to challenge automatic responses that might be incorrect. In a cyber crisis, this could be ensuring that overall business risk is a part of decision-making as opposed to simply pursuing technical goals.
- Openness: Cyber crisis responders need to be open to different ideas and perspectives from a variety of stakeholders as the incident unfolds. In psychological terms, not doing so could cause them to fall foul of the Dunning-Kruger effect. This cognitive bias leads people to believe they have all the answers, which ends with flawed solutions becoming embedded into the crisis from the very beginning.
- Focus: Knowing how to identify and focus on relevant information and ignore the distractions is a skill that most cyber crisis responders acknowledge but may need help refining. Deluged with a combination of technical data, reputational analysis and legal advice, effective incident responders are those with the ability to home in on what is important.
Cybersecurity presents an interesting new domain for the psychology of crisis response as it requires a higher cognitive workload than many traditional situations. Developing these softer skills could have a powerful cumulative effect on crisis response in this complex hybrid area. In a space which is often defined by machine on machine attacks, it is ironic that the human element might give defenders the edge.
In the next post in this series, Rebecca will outline how security leaders can build these skills into their teams using the latest progressive methods. To find out more now, read our eBook linked to this series.
16 November 2020
Latest Blog posts
Kaseya supply chain attack: Prepare to respond with the Cyber Crisis Simulator
27 July 2021
Disclosure Dilemmas: Vulnerable Stalkerware
19 July 2021
When Less Isn’t More: A Deep Dive into Exploiting the Less.js RCE
15 July 2021
Patch Newsday – 13 July 2021
14 July 2021
Stalkerware 101: Everything you need to know
13 July 2021
An investment into the cyber skilled workforce of the future
11 June 2021