Operator Suspicion and Detection/Response to Cyber-Attacks on Unmanned Systems

Cyber-attacks against cyber-physical systems, such as unmanned vehicle systems, are emergent threats with potentially catastrophic impacts, and the topic has garnered considerable interest by military agencies. Much research is being done to address the physical security aspects of cyber-physical systems; however, research addressing the human dimensions of cyber-attack detection and responses from an operator and operational perspective is sparse. This research is a novel probe into the human factors affecting operator resilience to cyber-attacks, which are situations characterized by uncertainty and malicious intent. The variability of individual operators makes it improbable to grasp the full range of factors contributing to operator performance; however, the application of Suspicion Theory as proposed by Bobko et al. (2014) provides a starting point to aid in understanding operator performance in situations involving malicious intent (e.g. a cyber-attack). According to the theory, malicious intent is a critical component of operator suspicion which is then a key factor in operator response to cyber-attacks. The current research explored this human dimension through scenario-based, human-in-the-loop simulation experiments with Air Force personnel. It included both abstract and empirical assessments of the application of suspicion theory to operator detection and response to cyber-attacks against an unmanned vehicle system, and it took a systems-oriented approach to the problem by considering the interaction of a Human-Machine Team (HMT) in the response. The HMT was defined as an operator and a Sentinel, an automated cyber-attack detection aid. The study evaluated the effects of suspicion, as well as the effects of perceived consequence, on the operator and HMT performance. The findings show that Sentinel alerts alone do not create operator suspicion. Instead, alerts can serve as a catalyst for wider information search which could lead to formation of operator suspicion. The strong influence of cyber-attack and Sentinel alert combinations highlights the important influence of automation in responding to cyber-attacks and how the human-machine team design can influence suspicion, which in turn, influences HMT performance. Finally, a significant negative correlation between operator suspicion and task response time was noted. In addition, a direct relationship between task response time and HMT performance was noted. It is possible suspicion has a significant relationship to HMT performance through the time variable, and this may be seen through an enhanced performance measure.