INTELLIGENCE VALUE
Solutions from the ReSCIND program will provide defenders a much-needed advantage by expanding the traditional cyber defense toolkit to leverage well-established cognitive vulnerabilities and human limitations that can be intensified and manipulated to impede cyber attackers. This will help to rebalance the asymmetry of cyber defense, providing a low-risk force-multiplier to help protect National Security Systems and other intelligence community (IC) assets across various phases of a cyber attack.
SUMMARY
In the cyber domain, it is often harder to defend than it is to attack. The ReSCIND program looks to rebalance this asymmetry by exploring novel methods for manipulating the human behind the attack during various stages of a cyber attack. Rather than just detecting and stopping suspicious movement on the network, performers will develop solutions to increase the effort and resources spent by cyber attackers by impacting their decision-making. To support and protect the IC mission, the ReSCIND program’s objectives are to: 1) identify cognitive vulnerabilities or human limitations relevant to cyber attack behavior, 2) develop technology to induce these vulnerabilities in the cyber domain and measure the effects of the vulnerability on cyber attacker behavior and successes, 3) provide algorithms for automated adaptation of the solutions, 4) supply cyber-specific computational cognitive models based on observed cyber operations cognition and behavior.
Utilizing the scientific foundation of cyberpsychology and how attacker cognition and behavior can be influenced, performer solutions will take advantage of psychological vulnerabilities, such as innate decision-making patterns and human limitations, to manipulate an attacker’s judgement and reaction, potentially causing long-term effects. Performers will create vulnerability sensors that can measure the presence of a vulnerability using typically available cyber data, as well as cyber triggers that create an on-network situation to increase or exacerbate the vulnerabilities. These sensors and triggers will be combined to create cyberpsychology-informed defenses (CyphiDs). ReSCIND seeks to augment traditional cyber defenses to help rebalance the asymmetry of cyber defense by imposing a cyber penalty on attackers--causing wasted time and effort--thus delaying and thwarting attacks.
Performer solutions were submitted to the ReSCIND Testing & Evaluation (T&E) teams for controlled experimentation through human subjects research (HSR) with cyber experts. The ReSCIND program began in 2023 and has a duration of 45 months. The program comprises three phases, including an 18-month long phase one, a 15-month long phase two, and a 12-month long phase three.
ReSCIND Data Sets
The 20+ human subjects research (HSR) studies performed as part of the ReSCIND program have amassed a wealth of data, including cyber and human psychometric, decision-making, and behavioral data, under differing conditions and among different populations, measuring human cognitive vulnerabilities in relation to cyber behavior.
