Normal Topic Emotional Recognition Technology (ERT) and Psycho-Physiological Devices: Implications for Combating the Insider Threat in the Cyber Domain (Read 1824 times)
Paste Member Name in Quick Reply Box Ethan S. Burger, Esq.
New User
*
Offline



Posts: 3
Joined: Aug 24th, 2016
Emotional Recognition Technology (ERT) and Psycho-Physiological Devices: Implications for Combating the Insider Threat in the Cyber Domain
Aug 24th, 2016 at 2:39am
Mark & QuoteQuote Print Post  

{Please note that Ithe message below was posted on several LinkedIn Blogs.  I recognize that individuals reviewing posts on this website will know most of the information discussed below, but not necessarily the cybersecurity angle.   

The attachment repeats this message. followed by the best post received on LinkedIn}

Many organizations are examining how better to combat the ‘insider’ threat.   
See https://www.ncsc.gov/issues/ithreat/index.html.   

Cyber operates as a force-multiplier.  It dramatically increases the potential for harm caused by insider attackers. https://www.ncsc.gov/issues/cyber/index.html; see also https://ccdcoe.org/sites/default/files/multimedia/pdf/Insider_Threat_Study_CCDCOE.pdf

Members of the national security community (including academia, businesses, government, and research institutions) are seeking to develop better practices to mitigate against the insider threat.   
See http://www.cert.org/insider-threat/research/database.cfm?  https://www.ncsc.gov/issues/docs/Common_Sense_Guide_to_Mitigating_Insider_Threats.pdf and http://www.cert.org/insider-threat/publications/index.cfm.

In general, it would seem that there are no technological quick fixes to improving cyber-security.   Nonetheless, there may be new tools around the corner, which if properly integrated into comprehensive cyber-defense systems, could allow organizations to improve their ability to withstand cyber-attacks and sabotage.   

Many persons with responsible for their organizations’ security will want to see if they can reduce their risk of cyber-attack.  For example, Emotional Recognition Technology (ERT) and Psycho-Physiological tools could conceivably pay vital roles in allowing organizations to improve their cyber-defenses. 
See e.g. http://developer.affectiva.com/ and http://isyou.info/jisis/vol6/no1/jisis-2016-vol6-no1-02.pdf.

On the other hand, it might be reasonable to expect that the use of these technologies reduces organizations’ cybersecurity for many reasons, as was the case with polygraph machines.  Polygraph machines largely measure anxiety.   

The use of polygraph examinations for security purposes results in numerous false negatives and false positives the results if which can be very real and undesirable.  Consequently, persons who are trained to ‘beat’ polygraph machines (as well as persons lacking a strong sense of conscience, e.g.  psychopaths), are likely not to be found to be deceptive.   

This outcome leaves organizations exposed to persons inaccurately deemed to be reliable.  False positives can lead to the purge of well-trained personnel.   

Also, a culling might lead to undesirable secondary effects.  This situation is difficult to remedy quickly and in a cost-effective manner.   The colleagues of the individual who was ‘forced out’ of their job due to a ‘bad’ polygraph experience as likely to be troubled by the situation.   

They may decide to seek new employment since they fear being wrongfully found to be potential security risks based on the polygraph ‘test’ results.   

This situation also will rob organizations of vital expertise.  Also, in some cases, organizations may be held liable for wrongful termination.    

It would seem to reason that the underlying scientific basis for these machines  use in certain situations (employment screening and event investigation) is not based on sound science.   

If the justification for using polygraph examinations as part of a personnel security system is flawed, it would seem that the use of more ‘accurate’ tools to monitor human behavior and responses to stimuli would be inappropriate. 
See http://www.apa.org/research/action/polygraph.aspx, http://www8.nationalacademies.org/onpinews/newsitem.aspx?RecordID=10420, and https://www.fas.org/sgp/crs/intel/RL31988.pdf.

What are you thoughts on the new technologies?

Thank you for your time.
  
Back to top
 
IP Logged
 
Emotional Recognition Technology (ERT) and Psycho-Physiological Devices: Implications for Combating the Insider Threat in the Cyber Domain

Please type the characters that appear in the image. The characters must be typed in the same order, and they are case-sensitive.
Open Preview Preview

You can resize the textbox by dragging the right or bottom border.
Insert Hyperlink Insert FTP Link Insert Image Insert E-mail Insert Media Insert Table Insert Table Row Insert Table Column Insert Horizontal Rule Insert Teletype Insert Code Insert Quote Edited Superscript Subscript Insert List /me - my name Insert Marquee Insert Timestamp No Parse
Bold Italicized Underline Insert Strikethrough Highlight
                       
Change Text Color
Insert Preformatted Text Left Align Centered Right Align
resize_wb
resize_hb







Max 200000 characters. Remaining characters:
Text size: pt
More Smilies
View All Smilies
Collapse additional features Collapse/Expand additional features Smiley Wink Cheesy Grin Angry Sad Shocked Cool Huh Roll Eyes Tongue Embarrassed Lips Sealed Undecided Kiss Cry
Attachments More Attachments Allowed file types: txt doc docx ics psd pdf bmp jpe jpg jpeg gif png swf zip rar tar gz 7z odt ods mp3 mp4 wav avi mov 3gp html maff pgp gpg
Maximum Attachment size: 500000 KB
Attachment 1:
X