Highly skilled cybersecurity specialists are in demand all over the world. In more than 90% of cyber incidents an individual is either an indirect perpetrator of a cybercrime (a victim) or a specialist who protects infrastructures and has sufficient subject-related and generic competences. There has been little research to properly measure the importance of personal traits and their role in the cyber kill chain.
The project ADVANCES, which aims to improve the performance of cybersecurity specialists, will bring together scientists of Vilnius University (VU), General Jonas Žemaitis Military Academy of Lithuania, the Norwegian University of Science and Technology, Østfold University College, Riga Technical University, Tallinn University of Technology, the University of Liechtenstein, and Vidzeme University of Applied Sciences. Researchers will analyse the human biological system and people’s behavioural habits and will assess the skills and expertise of cybersecurity specialists involved in the project.
Cyber Security Depends on More than Technological Skills
Leader of the project, Dr Agnė Brilingaitė, also a researcher at the Institute of Computer Science at the Faculty of Mathematics and Informatics (FMI) of VU says that up to now no appropriate methodology has been developed to train cybersecurity specialists, or to allow for their continuous professional development. The only materials available at the moment are really only geared towards computer science professionals.
“Our goal is to attract as many specialists as possible to develop this particular approach and to develop a methodology to allow us to personalise it for specialist development or competence improvement. We will perform an in-depth analysis of people’s behaviour, their characteristics from the perspective of genetics and their technological competences,” the researcher explained.
The price of a cyber incident is leaked personal or sensitive data, malfunctioning in service provision, and, certainly, damaged reputation, and in the most extreme cases – lost lives.
“Everyone needs to be reminded that human beings are not robots. Most cyber incidents are prevented by technology controlled by specialists. However, containment of some incidents requires precise and fast use of personal skills and personal characteristics in response to the continuously changing environment,” Dr Brilingaitė added.
According to Dr Brilingaitė, people usually think that cyber security depends only on the skills and expertise of a cybersecurity specialist. But, she emphasises, cyberattacks and incidents also result from stress, fast-changing technology and external threats, when in addition to the technological component human factors are availed of to create a cyber incident.
Psychologists and Geneticists Engaged in the Project
For the purpose of the project, an international cross-disciplinary group of scientific research is to be established. The group will explore human potentials and risks in all stages of the cybercrime chain. Lithuania, Latvia and Estonia and their partners from Norway and Liechtenstein will examine the behaviour of cybersecurity specialists under stress conditions through a combination of data on computer science technology, psychology and the human genome.
“It is not only the scientific results of the project that will be important; the project is also significant for its cooperation with different partners, sharing knowledge, and creating added value for society. Specialists from many different fields are involved in the project, including psychologists, human geneticists, cybersecurity specialists, IT specialists; they have educational, training experience or experience of developing environments to help improve subject-specific competences,” Dr Brilingaitė elaborated.
VU is the project promoter. For this international consortium, it will contribute researchers from the Cybersecurity Laboratory of the Institute of Computer Science of FMI and the Department of Human and Medical Genetics of the Institute of Biomedical Sciences of the Faculty of Medicine.
The project is aimed at developing a science-based interdisciplinary methodology to help evaluate the generic and subject-specific competences of cybersecurity specialists, as well as the personal risks in the competence development process. Development of the methodology will be based on research of the behaviour of real participants in an international cyber security exercise.
Risk assessment, testing and educational components of the methodology will be verified by working with computer science students and students of computing-related fields. Data analysis and artificial intelligence methods will be used to process and interpret the multidimensional data.
The "Advancing Human Performance in Cybersecurity", ADVANCES, benefits from an almost €1 million grant from Iceland, Liechtenstein and Norway through the EEA Grants. The aim of the project is to advance the performance of cybersecurity specialists by personalising the competence development path and risk assessment. Project contract with the Research Council of Lithuania (LMTLT) No is S-BMT-21-6 (LT08-2-LMT-K-01-051