Application of Work Domain Analysis for Cybersecurity

Cyber Physical Systems (CPSs) are pervasive in businesses and critical infrastructures that are becoming targets of cyber attack by our adversaries. The presence of advanced persistent threats or zero-day attacks suggests that cyber defense must include recovery response from cyber intrusions. Recovery response must rely on adaptive ability of the CPS as the impact of zero-day attacks cannot be anticipated. In unanticipated situations, human adaptive ability can contribute greatly to the recovery from cyber intrusions. This paper presents Work Domain Analysis (WDA) as a human factors engineering tool for evaluating system and identifying solutions supporting operators in their response to cyber threats. The cyber attack on Australian Maroochy Water Services is used as illustrative case study to demonstrate the potential of WDA in enhancing cyber security of CPS.

[1]  Rajeev Alur,et al.  Principles of Cyber-Physical Systems , 2015 .

[2]  Stamatis Karnouskos,et al.  Stuxnet worm impact on industrial cyber-physical system security , 2011, IECON 2011 - 37th Annual Conference of the IEEE Industrial Electronics Society.

[3]  Catherine M. Burns,et al.  Ecological Interface Design , 2004 .

[4]  Neelam Naikar Work Domain Analysis: Concepts, Guidelines, and Cases , 2013 .

[5]  G. Manimaran,et al.  Data integrity attacks and their impacts on SCADA control system , 2010, IEEE PES General Meeting.

[6]  William C. Mann,et al.  The Gator Tech Smart House: a programmable pervasive space , 2005, Computer.

[7]  M. A. Champion,et al.  Team-based cyber defense analysis , 2012, 2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support.

[8]  Gregory J. Funke,et al.  Human Factors of Cyber Attacks , 2014 .

[9]  Thomas M. Chen,et al.  Lessons from Stuxnet , 2011, Computer.

[10]  Ke Tang,et al.  Insider cyber threat situational awareness framwork using dynamic Bayesian networks , 2009, 2009 4th International Conference on Computer Science & Education.

[11]  Edward A. Lee Cyber Physical Systems: Design Challenges , 2008, 2008 11th IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing (ISORC).

[12]  J Rasmussen A framework for cognitive task analysis in systems design , 1986 .

[13]  Dorothy E. Denning Stuxnet: What Has Changed? , 2012, Future Internet.

[14]  G. Skraaning,et al.  Ecological Interface Design in the Nuclear Domain: An Empirical Evaluation of Ecological Displays for the Secondary Subsystems of a Boiling Water Reactor Plant Simulator , 2008, IEEE Transactions on Nuclear Science.

[15]  H. D. Stensel,et al.  Wastewater Engineering: Treatment and Reuse , 2002 .

[16]  Gavan Lintern,et al.  Use of Cognitive Work Analysis Across the System Life Cycle: From Requirements to Decommissioning , 1999 .

[17]  Xinghuo Yu,et al.  SCADA system security: Complexity, history and new developments , 2008, 2008 6th IEEE International Conference on Industrial Informatics.

[18]  K. J. Vicente,et al.  Cognitive Work Analysis: Toward Safe, Productive, and Healthy Computer-Based Work , 1999 .

[19]  Aditya Bagri,et al.  Supervisory Control and Data Acquisition , 2014 .

[20]  Gregory J. Funke,et al.  Effects of Cyber Disruption in a Distributed Team Decision Making Task , 2013 .

[21]  Karen M. Feigh,et al.  Option and constraint generation using Work Domain Analysis , 2014, 2014 IEEE International Conference on Systems, Man, and Cybernetics (SMC).

[22]  Catherine M. Burns,et al.  Understanding Automated Financial Trading Using Work Domain Analysis , 2015 .

[23]  Helen Gill,et al.  Cyber-Physical Systems , 2019, 2019 IEEE International Conference on Mechatronics (ICM).

[24]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[25]  Joe Weiss,et al.  Industrial Control System (ICS) Cyber Security for Water and Wastewater Systems , 2014 .

[26]  Ulf Ahlstrom,et al.  Work domain analysis for air traffic controller weather displays. , 2005, Journal of safety research.

[27]  P. Hancock,et al.  The Human Factors of Cyber Network Defense , 2015 .

[28]  Rafal Rohozinski,et al.  Stuxnet and the Future of Cyber War , 2011 .

[29]  Jill Slay,et al.  Lessons Learned from the Maroochy Water Breach , 2007, Critical Infrastructure Protection.

[30]  M. S. Young,et al.  Using cognitive work analysis to explore activity allocation within military domains , 2008, Ergonomics.

[31]  James C. Christensen,et al.  Human Factors in Cyber Warfare II , 2014 .

[32]  Alexander Kott,et al.  Introduction and Preview , 2016 .