The Intelligence Advanced Research Projects Activity (IARPA), the research and development arm of the Office of the Director of National Intelligence, has launched a new program that will focus on evaluating and potentially exploiting weaknesses in the psychology of cyber attackers.
The project, called Reimagining Security with Cyberpsychology-Informed Network Defenses (ReSCIND), seeks to revolutionize cybersecurity defenses by exploiting the cognitive limitations and biases inherent in human decision-making to disrupt cyber attacks. Oedipal fantasies and “Peter Pan syndrome” aside, the program aims to reverse the current trend where attackers exploit human errors by instead targeting the attackers’ cognitive weaknesses. By integrating traditional cybersecurity measures with the emerging field of cyberpsychology, ReSCIND aims create a novel type of cyber defense technology.
“ReSCIND will enable the Intelligence Community’s cyber defenders to penalize attackers with the costs of wasted time and effort, which will delay, and potentially thwart, attacks and more rapidly expose the identities behind them,” said ReSCIND Program Manager, Dr. Kimberly Ferguson-Walter in a press release. “This novel approach of focusing on the human behind the attack will significantly enhance our layered cyber defenses.”
IARPA has awarded ReSCIND research contracts through a competitive Broad Agency Announcement to several teams, including Charles River Analytics, Inc., GrammaTech, Inc., Peraton Labs, Raytheon Technologies Research Center, and SRI International. The test and evaluation work for the program will be conducted by the University of Maryland Applied Research Laboratory for Intelligence and Security, MIT Lincoln Laboratory, Lawrence Livermore National Laboratory, and MITRE.
Set to run for nearly four years, it will seek to identify and model human cognitive biases relevant to cyber attack behavior, understand and induce changes in cyber attack behavior, and provide algorithms for automated adaptation of these solutions based on observed behavior.
The program’s structure is divided into three phases over its duration. The first 18 months will focus on identifying cognitive vulnerabilities (CogVuls) relevant to offensive cyber operators, including methods to induce, exacerbate, and measure each cognitive vulnerability. The subsequent 15 months will be dedicated to researching and developing Cyberpsychology-informed Defenses (CyphiDs) that map to observed attacker attributes and measurably disrupt cyber attack behavior across the Cyber Kill Chain, increasing the negative impact on attacker performance and success. The final 12 months will concentrate on providing algorithms for automated adaptation of these solutions based on observed behavior.
ReSCIND’s innovative approach is not only about creating new cyber defense technologies but also about understanding the psychology behind cyber attacks. By focusing on the human element, the program aims to develop more effective strategies to protect against cyber threats by moving away from a purely technical perspective, and into a more holistic approach.
MJ Banias is a journalist who covers security and technology. He is the host of The Debrief Weekly Report. You can email MJ at mj@thedebrief.org or follow him on Twitter @mjbanias.