The world is experiencing a high demand for high-quality cybersecurity specialists due to an increasing number of cyber attacks and their technological advancement. In the Baltic countries, the geopolitical situation sets cybersecurity as a top priority. All economic sectors depend on the protection against cybercrime. In more than 90% of cyber incidents, humans could be seen both as attack targets and defenders having a broad set of technical and generic competencies. There is an enormous lack of research regarding the role of human factors in cybersecurity internationally. The establishment of an international cross-disciplinary research team will address the urgent need for a scientific understanding of human limitations and capabilities in the cyber kill chain.
The three Baltic countries and their partners from Norway and Liechtenstein make the team to investigate human behaviour in cybersecurity by combining research areas of computer science, psychology, and human genomics. The project aims to develop a comprehensive, science-based interdisciplinary framework to develop and assess generic and subject-related competencies of the current and future cybersecurity workforce. The data will be gathered based on the participants of international cybersecurity exercises. Risk assessment and educational components will be tested in the student environment. Statistical and data mining tools will be used to interpret multilayered data and to find correlations among genetic, behavioural, and technical skills under stressful conditions.
The project will result in the creation of a set of methodologies and tools that will include specific software components to gather and analyse data, self-report tools to collect factual data on social behavioural patterns, recommendations to consider specific biological marker information, a custom genotyping array, a methodology to develop and assess competencies, and the risk assessment process based on the joint interdisciplinary data.
The main objective is to advance the performance of the cybersecurity (CS) specialist by identifying possible improvements from three different perspectives: by regarding the human as a biological entity, by analyzing behaviour patterns of the person, and by addressing the necessary knowledge and skills of the cybersecurity specialist.
The project is based on a hypothesis that it is possible to map cyber competencies required to solve cyber-crime, defend infrastructure, or be resilient to cyber abuse and then to develop a rational competence improvement path for a CS specialist. When dealing with critical infrastructures or handling life mission-critical support systems, tools that enable the assessment of human traits or inherent risks are non-existent, or research components are not validated scientifically.
The envisioned results include a) identification of key performance indicators in individual/team level training/exercises to develop an evidence base for a comprehensive assessment of cyber competencies, b) development of methods to assess and predict the performance of a human in individual tasks and collaborative decision-making environments in cyberspace, c) development of specific tools to advance the performance of a human in learning to cope with challenges during stressful situations that require technological knowledge.
The Advancing Human Performance in Cybersecurity benefits from nearly €1 million grant from Iceland, Liechtenstein and Norway through the EEA Grants under the Baltic Research Programme. The aim of the programme is to consolidate the research potential of the Baltic States, Iceland, Liechtenstein and Norway, strengthen regional cooperation in research relevant to the countries of the region, and fill the gap between the national research funding and the European Union Structural Assistance.
Repository of project results on ResearchGate environment:
Grant: Baltic Research Programme, European Economic Area (EEA) Financial Mechanism 2014-2021
Programme operator: the Research Council of Lithuania
Project No: S-BMT-21-6 (LT08-2-LMT-K-01-051)
Project duration: 01/01/2021 – 31/12/2023
Project promoter: Vilnius University, project leader dr. Agnė Brilingaitė (Institute of Computer Science, Cybersecurity Laboratory)
Principal investigator at the institution: dr.sc.ing. Ginta Majore
Project partners: Vilnius University (Lithuania), General Jonas Žemaitis Military Academy of Lithuania (Lithuania), Norwegian University for Technology and Science (Norway), Østfold University College (Norway), Riga Technical University (Latvia), Tallinn University of Technology (Estonia), University of Liechtenstein, Vidzeme University of Applied Sciences (Latvia)