National Cyber Security Sensor Networks and the Human in the Loop
Abstract:
Organisations recently started to exchange security relevant information on cyber incidents to timely mitigate the effects of newly discovered malware and other forms of cyberattacks. Moreover, state actors take over their role as information brokers through national cyber security centres and distribute warnings on new attack vectors and vital recommendations on how to mitigate them. Although many of these initiatives are effective to some degree, they also suffer from considerable limitations. When going beyond pure technical indicators, extensive human involvement is required to manually review, vet, enrich, analyse, and distribute security information until relevant information reaches a decision maker. Recent research therefore proposes the automatic collection, analysis, and preparation of security data to effectively overcome limiting scalability factors. While this seems to work at an organisational level, the elevation of these approaches to a cross-organisational and even national level is not straightforward. This paper investigates where and why the human factor seems irreplaceable and sheds light on the limitations of autonomous cyber security sensor networks at the national level.
AUTHORS
Center for Digital Safety & Security AIT Austrian Institute of Technology Vienna,
Austria
Dr. Florian Skopik is Senior Scientist and Team Lead of the ICT Security Research Group at the Austrian Institute of Technology (AIT), where he coordinates national and largescale international research projects, as well as the overall research direction of the team. His research topics include critical infrastructure protection, smart grid security, and national cyber security and defense. Due to this research focus, the ICT Security Research Team works in close collaboration with national authorities, such as the Ministry of the Interior and the Ministry of Defense. He published more than 100 scientific conference papers and journal articles and holds some 30 industry-recognized security certifications, including Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), ISA/IEC 62443 Security Specialist, and CCNP Security. In 2017 he finished a professional degree in Advanced Computer Security at Stanford University. Mr. Skopik is a member of various conference program committees and editorial boards, as well as standardization groups, such as ETSI TC Cyber and OASIS CTI. He frequently serves as a reviewer for numerous high-profile journals, including Elsevier’s Computers & Security. He is registered subject matter expert of ENISA (ENISA M-CEI-17- T01) in the areas of new ICTs and emerging application areas as well as Critical Information Infrastructure Protection (CIIP) and CSIRTs cooperation. As an invited reviewer, he evaluates research project proposals for numerous nation-al research funding agencies, including the Austrian agency for international mobility and cooperation in education (OEAD), the Czech Science Foundation, and the European Science Foundation (ESF), as well as the EC’s Horizon 2020 programme. Mr. Skopik is an IEEE Senior Member, a member of the Association for Computing Machinery (ACM), of (ISC)2, of ISACA, and of the International Society of Automation (ISA).
Published In
Journal of Information Warfare
The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.
Quick Links
Archive