Home U.S. intelligence uses psychology to stop attacks

U.S. intelligence uses psychology to stop attacks

Feb 13 –  In the U.S., the main research group that’s connected to the U.S. intelligence community is searching for ways to leverage psychology in order to thwart cyber attacks.

There hasn’t been adequate focus on “…understanding how cyber attackers behave, make decisions, select strategies, how their cognition works,” said Kimberly Ferguson-Walter, manager of the program at the Intelligence Advanced Research Projects Activity (IARPA).

Ultimately, researchers hope that algorithms embedded in tools could adapt to hackers’ observed behavior.

More information

While social scientists rely on psychology to understand how activities like bullying, dating and gambling have evolved to fit internet culture, the research principles haven’t been broadly applied to cyber security, according to Ferguson-Walter.

In Europe, police are zeroing in on cyber psychology to comprehend diverse types of criminal attackers, including children and teenagers who choose to hack devices.

Amidst the global cyber security talent shortage, organizations of all types are struggling to hire cyber security professionals, making automated detection and defense a must.

Cyber psychology and business

Previously, IARPA has developed technology that has made its way into the private sector. Ferguson-Walter says that the emerging social science and psychological research could also have implications for the private sector.

Next month, IARPA is holding an event to hear up to 30 initial pitches from researchers concerning specific areas of cyber psychology, including means of redirecting and quantifying behavior of cyber attackers.

CISOs and a new normal

The thought is that for Chief Information Security Officers, new psychology-based technology that assists with the identification of specific kinds of suspicious digital behavior might free up cyber security engineers to work on more sophisticated projects.

Stephen Schmidt, chief of security at Amazon says “I can’t afford -both from the [perspective of]…people and from [the perspective of] dollars- to be able to hire the number of engineers that I need to scale with the business. I need tools.” When building Amazon’s cyber security defenses, Schmidt says that he thought about four motivations driving hackers: ego, money, ideology and coercion.

“You have to practice psychology at the same time and psychology in the sense of understanding why this person is doing what they’re doing, what they are motivated by. Because that informs what they are going to do next.”

For the full story, please visit The Wall Street Journal. Lastly, to receive cutting-edge cyber security news, best practices and resources in your inbox each week, please sign up for the CyberTalk.org newsletter.