The United States’ intelligence community is turning its gaze towards the psychological weaknesses of criminal hackers to improve cybersecurity. The Intelligence Advanced Research Projects Activity (IARPA) is behind a new project, called Reimagining Security with Cyberpsychology-Informed Network Defenses (ReSCIND), aimed at studying hackers’ psychology, discovering their blind spots, and building software to exploit their deficiencies to improve computer security.
The initiative is an open competition inviting expert teams to submit proposals for how they would study hackers’ psychological weaknesses and then build software exploiting them. The project asks participants to recruit computer security experts and carry out human-subject research to determine what types of “cognitive vulnerabilities” might be exploited by defenders. The overall aim is to identify deficiencies, habits, and patterns of behavior that can be used against criminal hackers.
The vulnerabilities that a cyber psychological defense system might exploit include the sunk cost fallacy and the Peltzman Effect. The sunk cost fallacy is the tendency of a person to continue investing resources in an effort when the more rational choice would be to abandon it and pursue another. A network defense context might involve tricking an attacker into breaking into a network via a frustrating, time-consuming technique, for example. The Peltzman effect refers to the tendency of people to engage in more risky behavior when they feel safe. Cyber psychological findings could create the perception that a network is poorly defended, resulting in less well-concealed attacks.
While cybersecurity companies are already using some tools of cyber psychology in designing defenses, they have not done much to integrate the study of human behavior. Meanwhile, the tools of behavioral science have been used to revolutionize the fields of economics, advertising, and political campaigning. ReSCIND aims to do the same in cybersecurity by creating systems that address personal weaknesses.
ReSCIND is a high-risk, high-reward project that without government funding would not receive support. Research like this is crucial amid widespread computer vulnerabilities and only halting progress in securing online life. “We’ve had 50 or 60 years of cybersecurity and look where we are now: Everything is getting worse,” said Mary Aiken, a cyber psychologist and strategic adviser to Paladin Capital Group, a cybersecurity-focused venture capital firm.
Ediorial
Reimagining Security with Cyberpsychology-Informed Network Defenses (ReSCIND) is an initiative aimed at studying and understanding the psychology of criminal hackers to beat them on their home turf. Cybersecurity researchers have long focused on how to make the average person behind the keyboard better at digital self-defense but have ignored the psychological weaknesses of attackers.
A weakness exploited by hackers is the sunk cost fallacy, where the most rational choice would be to abandon an effort and pursue another. In a network defense context that might involve tricking an attacker into breaking into a network via a frustrating, time-consuming technique. The Peltzman effect is another vulnerability where cyber psychological findings could create the perception that a network is poorly defended, inducing a sense of safety and less well-concealed attacks.
Cybersecurity companies are using some tools of cyber psychology in designing defenses, but they have not done much to integrate the study of human behavior and thereby identify hackers’ psychological weaknesses. Therefore, initiatives such as ReSCIND may revolutionize the cybersecurity industry by placing the behavior of human beings at the center of designing a defensive system that addresses human frailties.
Advice
As cybercrime escalates, individuals and organizations must invest more money and time into cybersecurity. This evolutionary approach must always be looking for solutions to secure our personal and financial information. The effectiveness of cybersecurity requires a balance between technological innovation and disaster recovery strategy, but with the help of initiatives like ReSCIND, the gap between technology and human behavior will be addressed,thus creating a more secure online presence for everyone.
<< photo by cottonbro studio >>
