A Context-Centred Research Approach to Phishing and Operational Technology in Industrial Control Systems
Abstract:
Advanced persistent threats that leverage phishing against OT are cyberattacks that endanger critical infrastructure assets nationwide. Today phishing, a human focused exploit, constitutes 91% of successful attack vectors against federal assets. This means Human-Introduced Cyber Vulnerabilities (HICV) are the weakest cyber link. The success of these attacks also suggests HICV are neither well understood nor mitigated. To characterise HICV and provide the necessary context in which they exist, this paper introduces a research approach derived from the mature science of social ecology. The desired end result of this research is an HICV-focused risk assessment framework.
AUTHORS
National Security Directorate, Computational Analytics Division Pacific Northwest National Laboratory Richland, Washington,
United States
Dr. Terry Merz is a Senior Research Scientist at PNNL. She holds a doctorate and a master’s in Computer Science, with a concentration in Information Assurance from Colorado Technical University, and a Bachelor of Science in Information Management from the University of Maryland. Dr. Merz has 20+ years of cybersecurity experience in the areas of systems and cybersecurity engineering, research, cybersecurity testing (Blue/Red Team testing), and management. From 2014 onward, her specific area of research became the study of APT’s and the life cycle thereof. While conducting applied research on APT’s and specifically Zero-Day attacks, Dr. Merz included Behavioral INFOSEC into her research areas.
Pacific Northwest National LaboratoryHuman Centered Computing Group
Richland, Washington, United States
Dr. Corey Fallon is a human factors psychologist at PNNL. He has a M.S. in human factors psychology and a Ph.D. in experimental psychology with additional applied experience working as a cognitive systems engineer. As a psychologist Dr. Fallon employs both qualitative and quantitative methods to assess human behavior and subjective experience. He has studied a variety of constructs in human factors throughout his career, including decision making, emotion, situation awareness, personality, and stress. One of Dr. Fallon’s primary areas of research focus is trust in both human-human and human-machine interactions.
United States Navy Data Science & Analytics Competency, Enterprise Data Science/Cyber Readiness Naval Information Warfare Center –Atlantic Norfolk, Virginia,
United States
Aleksandra Scalco is an Engineer with the Naval Information Warfare Center (NIWC) Atlantic. She is working towards a Systems Engineering Ph.D. at Colorado State University (CSU). Her research field is cyber resilience for Operational Technology (OT). She earned a master’s degree in Engineering from Iowa State University in 2012, and a master’s degree in Business Administration (MBA) in 2009. She is a member of the Defense Acquisition Corps in engineering. Ms. Scalco is Defense Acquisition Workforce Improvement Act (DAWIA) career certified Level 3 Engineering, Level 1 Science & Technology, and Level 1 Program Management. She holds ITIL Intermediate Certifications. Before joining NIWC Atlantic Ms. Scalco was a member of the National Security Agency (NSA) workforce as an Information System Security Designer (ISSD). As an ISSD, she provided technical expertise to clients on cyber assurance to advance the state of cybersecurity solutions to harden the National Security Enterprise against adversarial threats.
Published In
Journal of Information Warfare
The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.
Quick Links
Archive