www.data61.csiro.au

Conceptualising human resilience and cyber

Dr Marthie Grobler

21 March 2019

Putting cyber epidemiology into context

Conceptualising human resilience and cyber | Dr Marthie Grobler2 |

epidemiology, noun, pronunciation: /ˌɛpɪdiːmɪˈɒlədʒi/

The study and analysis

of the distribution

and determinants of health and disease conditions

in defined populations

Conceptualising human resilience and cyber | Dr Marthie Grobler3 |

Conceptualising human resilience and cyber | Dr Marthie Grobler4 |

immunity, noun, pronunciation: [ɪˈmjuːnɪti]

The ability of an organism to resist disease

- active immunity: through the activities of specialized blood cells or antibodies produced by them in response to natural exposure or inoculation

- passive immunity: by the injection of antiserum or the transfer of antibodies

resilience, noun, pronunciation: /rɪˈzɪlɪəns/

Toughness - the capacity to recover quickly from difficulties.

Elasticity - the ability of a substance or object to spring back into shape.

Conceptualising human resilience and cyber | Dr Marthie Grobler5 |

Conceptualising human resilience and cyber | Dr Marthie Grobler6 |

Infection cycle Pieces of code

Only attack man made systems and designs

Not all systems will necessarily be infected

Users may knowingly infect their own or other’s systems

Users may unknowingly infect their own or other’s systems

Residual vulnerabilities

Conceptualising human resilience and cyber | Dr Marthie Grobler7 | Conceptualising human resilience and cyber | Dr Marthie Grobler7 |

Conceptualising human resilience and cyber | Dr Marthie Grobler8 |

Who will become a

cyber victim?

Conceptualising human resilience and cyber | Dr Marthie Grobler9 |

immunity, noun, pronunciation: [ɪˈmjuːnɪti]

The ability of an organism to resist infection

- active immunity: inherent to humans, something ingrained, such as intention, mindset and active behaviour

- passive immunity: firewalls, antivirus programs and other technical mechanisms

resilience, noun, pronunciation: /rɪˈzɪlɪəns/

Toughness - the capacity to recover quickly from difficulties.

Elasticity - the ability of a substance or object to spring back into shape.

Conceptualising human resilience and cyber | Dr Marthie Grobler10 |

Conceptualising human resilience and cyber | Dr Marthie Grobler11 |

cyber epidemiology, noun, pronunciation: /ˈsaɪbə(r) ɛpɪdiːmɪˈɒlədʒi/

The study and analysis

of the distribution

and determinants of cyber health and online infections in defined online populations

Conceptualising human resilience and cyber | Dr Marthie Grobler12 |

Humans are complex individuals

Conceptualising human resilience and cyber | Dr Marthie Grobler13 |

Conceptualising human resilience and cyber | Dr Marthie Grobler14 |

Targeting user groups

Conceptualising human resilience and cyber | Dr Marthie Grobler15 |

What makes you click?

Ultimate goal

to be able to identify the most vulnerable populations, and use that to craft

interventions that can limit the spread of malware via the human agent

Conceptualising human resilience and cyber | Dr Marthie Grobler17 |

Boundaries of cyber epidemiology

Resilience hardening

Security health measurement

Refinement across regions

and culture

Eliminate social desirability and

other biases

Conceptualising human resilience and cyber | Dr Marthie Grobler18 |

Discovering the science of cyber psychology | Dr Marthie Grobler19 |

Aimed at informing socio-technical attack models

as a prerequisite for designing targeted

interventions

Cross-national resilience evaluation experiment

Conceptualising human resilience and cyber | Dr Marthie Grobler20 |

Testing people’s resilience to fraudulent websites under stressor conditions

Conceptualising human resilience and cyber | Dr Marthie Grobler21 |

Conceptualising human resilience and cyber | Dr Marthie Grobler22 |

1. What are the chances that you are going to get

into contact with this threat?

2. What are the chances that you are vulnerable

to this threat?

3. What are the chances that you are going to be

affected by this threat?

Risk perception

Conceptualising human resilience and cyber | Dr Marthie Grobler23 |

Conceptualising human resilience and cyber | Dr Marthie Grobler24 |

Balloon Analogue Risk Test (BART)

Conceptualising human resilience and cyber | Dr Marthie Grobler25 |

Simple Usability Scale (SUS)

Conceptualising human resilience and cyber | Dr Marthie Grobler26 |

Task Load Index (TLX)

Conceptualising human resilience and cyber | Dr Marthie Grobler27 |

Security Behaviour Intention Scale (SEBIS)

End-User Expertise Instrument

Nine-Dimensional Canonical Risk Dimensionss

Internet Users Information Privacy Concerns (IUIPC)

Conceptualising human resilience and cyber | Dr Marthie Grobler28 |

Cultural Differences

Most people are NOT

Western, Educated, Industrialized, Rich and Democratic

Conceptualising human resilience and cyber | Dr Marthie Grobler29 |

Difficult to draw substantial

conclusions related to gender on online

risk resilience behaviour

Conceptualising human resilience and cyber | Dr Marthie Grobler30 |

Australia also has

more than

200community languages

Conceptualising human resilience and cyber | Dr Marthie Grobler31 |

Targeted online risk resilience hardening

Establishing pain points in online risk assessments | Dr Marthie Grobler32 |

Conceptualising human resilience and cyber | Dr Marthie Grobler33 |

Share research data about human behaviours to enable global trend identification and comparisons in terms of cyber resilience

Create a baseline for long term data analysis and improved evaluation of individual results

www.data61.csiro.au

Software and Computational Systems / Data61 Human Centric Cyber SecurityDr Marthie Grobler

Senior Research Scientist

t +61 3 9518 5953e marthie.grobler@data61.csiro.auw www.data61.csiro.au

THANK YOU