Cyber Operator Competencies: The Role of Cognitive Competencies in Cyber Operator Practice and Education

PhD Dissertations in Child and Youth Participation and Competence Development (BUK): 17. Articles 2, 3 and 4 have been removed from the digital thesis due to lack of permission from the publishers. These can be viewed in the relevant journals/books, and in the printed thesis.The theme of this thesis is the role of cognitive competencies in cyber operator practice and education. Cyber operator practice is a new field of research where the importance and attention is growing rapidly. Research has accumulated a solid amount of knowledge about the technical skills required by a cyber operator. However, less is known about the cognitive competencies that support cyber operator proficiency. In order to gain insight into the cognitive demands of cyber operators, the cognitions of young cyber officers(1) attending the Norwegian Defence Cyber Academy have been studied. Findings contributes to the development of theory and evidence-based knowledge needed to develop educational guidelines for the cyber operator workforce. This dissertation proposes and take steps towards validation of a conceptual framework, The Hybrid Space, that describes the cognitive work environment of military cyber operators. The Hybrid Space conceptual framework is introduced in the first article of this thesis and is used in all parts of the study. Methodological contributions include a method and a software to collect quantitative data on cyber operators’ cognitive focus and assess cognitive agility. Cognitive agility is proposed as a competence and a measure of cyber operator performance. Empirical data collected during a cyber defence exercise support our theoretical assumption and helps to further develop The Hybrid Space conceptual framework. Findings indicate that knowledge and understanding of cyberspace as a domain of operations and the cognitive competencies supporting cyber operator proficiency are limited. Cognitive agility is proposed as a cognitive competency and is associated with higher levels of selfregulation. These findings suggest that cognitive competencies can indeed support cyber operator performance. This thesis therefore contributes to cyber operator practice and education by suggesting that education and training would benefit from including the development of cognitive competencies alongside the technical education and training needed to become a cyber operator. In this way, this thesis adds new insight and perspective into the novel area of cyber operator practice. The results provide the first indications that cyber operator performance can be supported by the development of cognitive competencies during education. 1 Cyber officer and cyber operator are used interchangeably throughout the articles and this extended abstract. The reason is that the students undergo the same education, but the position they later get determine their career path and the accompanying title. The use of the terms is maturing in both military and civilian sectors. As of now neither finite guidelines nor agreed upon norms exist that guide the use of the titlesSammendrag Temaet for denne doktoravhandlingen er rollen til kognitive kompetanser i cyber operator praksis og utdanning. Cyber operator praksis er et nytt forskningsfelt som har fatt stor oppmerksomhet de siste arene. Forskning pa omradet har produsert kunnskap om hvilke tekniske kunnskaper og ferdigheter en cyber operator ma ha. Mindre kunnskap finnes om de kognitive kompetansene som en cyber operator trenger for a kunne utove sin praksis effektivt. For a fa bedre innsikt i de kognitive kravene som cyber operatorer stilles ovenfor har jeg studert unge cyber offiserer under utdanning pa Forsvarets Ingeniorhogskole (2) (FIH). Denne avhandlingen bidrar med kunnskap og empirisk grunnlag for a utvikle forskningsbasert utdanning for fremtidens cyber operatorer. Avhandlingen fremholder og starter validering et konseptuelt rammeverk, The Hybrid Space, som beskriver de kognitive kravene militare cyber operatorer ma forholde seg til i utovelsen av sitt virke. Rammeverket blir introdusert i forste artikkel av denne avhandlingen og blir brukt som konseptuelt fundament i resten av avhandlingen. Avhandlingen fremlegger ogsa en metode og et dataverktoy som kan brukes til a samle inn kvantitative data om cyber operatorers kognitive fokus. Dette dataverktoyet kan ogsa benyttes til a undersoke hvordan cyber operatorer utviser kognitiv fleksibilitet over tid nar de gjennomforer en cyber operasjon. Kognitiv fleksibilitet foreslas som et prestasjonsmal for cyber operatorer. Empiriske data innhentet under en cyberforsvars ovelse bekrefter vare teoretiske hypoteser og bidrar til videre utvikling av det konseptuelle rammeverket. Hovedfunnene indikerer at kunnskap om og forstaelse for cyberspace som operasjonsdomene og rollen til kognitive kompetanser i cyber operatorens utforelse av cyber operasjoner er begrenset. Denne avhandlingen argumenter for at evne til fleksibel kognitiv manover i operasjonsmiljoet, definert som ‘cognitive agility’, er en viktig kognitiv kompetanse for cyber operatorer som kan predikeres ved a undersoke evne til selvregulering. Disse funnene indikerer at kognitive kompetanser kan bidra til a understotte cyber operatorers prestasjon. Avhandlingen bidrar til cyber operator praksis og utdanning ved a vise til at utvikling av cyber operator kompetanse bor inkludere utvikling av kognitive kompetanser i tillegg til utvikling av tekniske kunnskaper og ferdigheter. Med disse funnene bidrar denne avhandlingen bidrar til ny innsikt og perspektiv pa cyber operator praksis og utdanning. 2 Forsvarets Ingeniørhøgskole (FIH) endret i 2018 navn til Cyberingeniørskolen (CIS) og ble samtidig underlagt Forsvarets Høgskole (FHS)

Old Keys May Not Open New Doors: The Necessity of Agility in Cybersecurity Policymaking

The volatile and dynamic nature of cyberspace has raised concerns over security and organisations are trying to make policies to protect their digital assets. However, policymaking in this field is still using traditional methods, which are slow and incompatible with the pace of change in the environment. Thus, it is vital to increase the speed of policy development in an agile and flexible manner. The question is, what does agility mean here and why is it important for organisations? To answer these questions, this study uses a systematic literature review approach and investigates 42 selected papers. By analysing the selected papers, a definition of cybersecurity policymaking agility is provided, and its importance in combating new cyberthreats is discussed. Building on and extending the organisational agility, policymaking and cybersecurity management research streams, the findings of this study propose new research opportunities for future studies

Policy Helix and Antecedents of Cybersecurity Policymaking Agility

The cyber threat landscape is constantly changing, and organisations need to stay current with the dynamism of their internal and external environment. One important aspect is to be agile in cybersecurity policymaking (CSPM) to identify signals, devise proper policies, and mitigate risks. However, the literature in this aspect is still understudied, and this paper strives to fill this gap by investigating the notion of agility in cybersecurity policymaking and identifying its antecedents. The paper investigates the importance of agility as a means to counter emerging threats, contributing actionable insights and best practices to the ongoing discourse on cybersecurity policymaking. The findings emphasise the vital role of agility in pursuing cyber resilience and encourage policymakers and stakeholders to embrace this principle. Ultimately, this study deepens the understanding of the agile policymaking process and introduces asset management, vulnerability management, cyber risk management, and robust awareness processes as the antecedents of CSPM agility. The findings can provide insights for both the theory and practice of IS research by introducing the concept of agility in CSPM and identifying its antecedents

Education for Cognitive Agility: Improved Understanding and Governance of Cyberpower

publishedVersio

Combating False Reports for Secure Networked Control in Smart Grid via Trustiness Evaluation

Smart grid, equipped with modern communication infrastructures, is subject to possible cyber attacks. Particularly, false report attacks which replace the sensor reports with fraud ones may cause the instability of the whole power grid or even result in a large area blackout. In this paper, a trustiness system is introduced to the controller, who computes the trustiness of different sensors by comparing its prediction, obtained from Kalman filtering, on the system state with the reports from sensor. The trustiness mechanism is discussed and analyzed for the Linear Quadratic Regulation (LQR) controller. Numerical simulations show that the trustiness system can effectively combat the cyber attacks to smart grid.Comment: It has been submitted to IEEE International Conference on Communications (ICC

RISKY BUSINESS: AN ANALYTICAL APPROACH TO SERVICES SUPPLY CHAIN RISK MANAGEMENT

Cyber threats, economic upheavals, and environmental disasters threaten global supply chains. These vulnerabilities impact the readiness of U.S. forces and their capacity to defend the nation. Consumers and the government need a framework for assessing vulnerabilities and establishing effective supply chains. MITRE’s System of Trust (SoT) serves as a framework to measure trustworthiness and identify risk factors affecting their supply chain security. The SoT develops a taxonomy of risk factors, defines risk measures attributable to those risk factors, and creates a framework for organizations to objectively quantify supply chain risk. Our study validates the services risk factors and identifies techniques and best practices to mitigate risk unique for services. Our research questions are: What are the primary indicators of supply chain risk, and which are unique to Department of Defense services? Furthermore, what are the best practices for preventing, mitigating, and responding to service-specific supply chain risks? This research draws on qualitative interview data to obtain insight into the services aspect of supply chains, systematically evaluate MITRE’s risk factors and risk measures, and identify gaps in available data. Our research results in a Services Supply Chain Risk Management Framework that managers should use to evaluate and mitigate risks within their supply chains.Captain, United States Air ForceCaptain, United States Air ForceApproved for public release. Distribution is unlimited