Page Index Toggle Pages: 1 Send TopicPrint
Normal Topic Emotional Recognition Technology (ERT) and Psycho-Physiological Devices: Implications for Combating the Insider Threat in the Cyber Domain (Read 562 times)
Ethan S. Burger, Esq.
New User
*
Offline



Posts: 3
Joined: Aug 24th, 2016
Emotional Recognition Technology (ERT) and Psycho-Physiological Devices: Implications for Combating the Insider Threat in the Cyber Domain
Aug 24th, 2016 at 2:39am
Print Post  

{Please note that Ithe message below was posted on several LinkedIn Blogs.  I recognize that individuals reviewing posts on this website will know most of the information discussed below, but not necessarily the cybersecurity angle. 

The attachment repeats this message. followed by the best post received on LinkedIn}

Many organizations are examining how better to combat the ‘insider’ threat. 
See https://www.ncsc.gov/issues/ithreat/index.html. 

Cyber operates as a force-multiplier.  It dramatically increases the potential for harm caused by insider attackers. https://www.ncsc.gov/issues/cyber/index.html; see also https://ccdcoe.org/sites/default/files/multimedia/pdf/Insider_Threat_Study_CCDCOE.pdf

Members of the national security community (including academia, businesses, government, and research institutions) are seeking to develop better practices to mitigate against the insider threat. 
See http://www.cert.org/insider-threat/research/database.cfm?  https://www.ncsc.gov/issues/docs/Common_Sense_Guide_to_Mitigating_Insider_Threats.pdf and http://www.cert.org/insider-threat/publications/index.cfm.

In general, it would seem that there are no technological quick fixes to improving cyber-security.   Nonetheless, there may be new tools around the corner, which if properly integrated into comprehensive cyber-defense systems, could allow organizations to improve their ability to withstand cyber-attacks and sabotage. 

Many persons with responsible for their organizations’ security will want to see if they can reduce their risk of cyber-attack.  For example, Emotional Recognition Technology (ERT) and Psycho-Physiological tools could conceivably pay vital roles in allowing organizations to improve their cyber-defenses.
See e.g. http://developer.affectiva.com/ and http://isyou.info/jisis/vol6/no1/jisis-2016-vol6-no1-02.pdf.

On the other hand, it might be reasonable to expect that the use of these technologies reduces organizations’ cybersecurity for many reasons, as was the case with polygraph machines.  Polygraph machines largely measure anxiety.   

The use of polygraph examinations for security purposes results in numerous false negatives and false positives the results if which can be very real and undesirable.  Consequently, persons who are trained to ‘beat’ polygraph machines (as well as persons lacking a strong sense of conscience, e.g.  psychopaths), are likely not to be found to be deceptive. 

This outcome leaves organizations exposed to persons inaccurately deemed to be reliable.  False positives can lead to the purge of well-trained personnel. 

Also, a culling might lead to undesirable secondary effects.  This situation is difficult to remedy quickly and in a cost-effective manner.   The colleagues of the individual who was ‘forced out’ of their job due to a ‘bad’ polygraph experience as likely to be troubled by the situation. 

They may decide to seek new employment since they fear being wrongfully found to be potential security risks based on the polygraph ‘test’ results. 

This situation also will rob organizations of vital expertise.  Also, in some cases, organizations may be held liable for wrongful termination.   

It would seem to reason that the underlying scientific basis for these machines  use in certain situations (employment screening and event investigation) is not based on sound science. 

If the justification for using polygraph examinations as part of a personnel security system is flawed, it would seem that the use of more ‘accurate’ tools to monitor human behavior and responses to stimuli would be inappropriate.
See http://www.apa.org/research/action/polygraph.aspx, http://www8.nationalacademies.org/onpinews/newsitem.aspx?RecordID=10420, and https://www.fas.org/sgp/crs/intel/RL31988.pdf.

What are you thoughts on the new technologies?

Thank you for your time.
  

2016_--_Cyber-Psychology_Thoughts.docx ( 79 KB | 109 Downloads )
Back to top
 
IP Logged
 
Page Index Toggle Pages: 1
Send TopicPrint
Bookmarks: del.icio.us Digg Facebook Google Google+ Linked in reddit StumbleUpon Twitter Yahoo