Emergent cyber-attack threats against cyber-physical systems can create potentially catastrophic impacts. The operators must intervene at the right moment when suspected attacks occur, without over-reliance on systems to detect the cyber-attacks. However, military operators are normally trained to trust, rather than suspect systems. We applied suspicion theory to explore how operators detect and respond to cyber-attacks against an unmanned ground vehicle (UGV) system in the operational context of a human-machine team (HMT). We investigated the relationships between the operator suspicion and HMT performance by conducting human-in-the-loop experiments on eight mission scenarios with 32 air-force officers. The experiment yielded a significant, negative relationship between operator suspicion and HMT performance (quantified both in terms of the desirability of decision response and the time to respond). Notably, operator suspicion increased with the combined effects of cyber-attacks and a sentinel alert but not with the alert alone. This finding was particularly meaningful for ''false-negative'' scenarios, in which no sentinel alert was sent despite cyber-attacks having occurred. Although the operators did not receive an alert, the operators grew more suspicious, seeking more information; it took longer for the operators to respond, and their decision responses were highly divergent (17.2% came with less-desirable responses, and 21.9% were considered instances of over-reliance). In contrast, in ''false-positive'' scenarios, 95.3% of the operator responses were highly desirable. This experiment has implications for the role of a sentinel alert in engineering trustworthy HMT systems so that the operators can quickly transition through state-suspicion to the most desirable decision. INDEX TERMS Suspicion, trust, human machine team, cyber security, human-in-the-loop simulation, unmanned ground vehicle control.
Cyber-attacks against cyber-physical systems (CPS), such as unmanned vehicles, are emergent threats with potentially catastrophic impacts, and this issue has drawn considerable interest by military agencies. Abundant body of research has attempted to address the physical security aspects of CPS; however, research addressing the human dimensions of cyber-attack detection and responses from an operator and operational perspective is sparse. This research has provided a novel probe into the human factors affecting operator resilience in responding to cyber-attacks, which are situations characterized by uncertainty and malicious intent. The variability of individual operators makes it improbable to grasp the full range of factors contributing to operator performance; however, the application of Suspicion Theory as proposed by Bobko et al. (2013), provides a starting point to aid in understanding operator performance in situations involving malicious intent (e.g. a cyber-attack). According to the theory, malicious intent is a critical component of operator suspicion, which is a key factor in operator response to cyber-attacks. The current research explored this human dimension through scenario-based, human-in-the-loop simulation experiments with Air Force personnel. It included both abstract and empirical assessments of the application of Suspicion Theory to operator detection and responses to cyber-attacks against an unmanned vehicle system, and it took a systems-oriented approach to the problem by considering the interaction of a Human-Machine Team (HMT) in the response. The HMT here refers to an operator and a Sentinel, which is an automated cyber-attack detection aid. The study evaluated the effects of suspicion, as well as the effects of perceived consequence, on the operator, and the resulting HMT quality of performance in responding to alerts, including both false alarms and properly detected cyber-attack scenarios. The findings show that Sentinel alerts alone do not create operator suspicion. Instead, alerts can serve as a catalyst for a wider information search by the operator, which, on a situational basis can lead to formation of increased operator suspicion. The analysis of experimental results pointed to a negative correlation between operator suspicion and performance score that measured the quality of a response to the given scenario. In addition, a strong correlation between HMT performance score and task response time was noted.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.