Cyber Teaming and Role Specialization in a Cyber Security Defense Competition

Norbou Buchler¹, Claire Genevieve La Fleur¹, Blaine Hoffman¹, Prashanth Rajivan², Laura Marusich¹, Lewis Lightner³

Affiliations

¹ U.S. Army Research Laboratory, Adelphi, MD, United States.
² Industrial & Systems Engineering, University of Washington, Seattle, WA, United States.
³ National CyberWatch Center, Largo, MD, United States.

PMID: 30510527
PMCID: PMC6252333
DOI: 10.3389/fpsyg.2018.02133

Cyber Teaming and Role Specialization in a Cyber Security Defense Competition

Norbou Buchler et al. Front Psychol. 2018.

. 2018 Nov 19:9:2133.

doi: 10.3389/fpsyg.2018.02133. eCollection 2018.

Authors

Norbou Buchler¹, Claire Genevieve La Fleur¹, Blaine Hoffman¹, Prashanth Rajivan², Laura Marusich¹, Lewis Lightner³

Affiliations

¹ U.S. Army Research Laboratory, Adelphi, MD, United States.
² Industrial & Systems Engineering, University of Washington, Seattle, WA, United States.
³ National CyberWatch Center, Largo, MD, United States.

PMID: 30510527
PMCID: PMC6252333
DOI: 10.3389/fpsyg.2018.02133

Abstract

A critical requirement for developing a cyber capable workforce is to understand how to challenge, assess, and rapidly develop human cyber skill-sets in realistic cyber operational environments. Fortunately, cyber team competitions make use of simulated operational environments with scoring criteria of task performance that objectively define overall team effectiveness, thus providing the means and context for observation and analysis of cyber teaming. Such competitions allow researchers to address the key determinants that make a cyber defense team more or less effective in responding to and mitigating cyber attacks. For this purpose, we analyzed data collected at the 12th annual Mid-Atlantic Collegiate Cyber Defense Competition (MACCDC, http://www.maccdc.org), where eight teams were evaluated along four independent scoring dimensions: maintaining services, incident response, scenario injects, and thwarting adversarial activities. Data collected from the 13-point OAT (Observational Assessment of Teamwork) instrument by embedded observers and a cyber teamwork survey completed by all participants were used to assess teamwork and leadership behaviors and team composition and work processes, respectively. The scores from the competition were used as an outcome measure in our analysis to extract key features of team process, structure, leadership, and skill-sets in relation to effective cyber defense. We used Bayesian regression to relate scored performance during the competition to team skill composition, team experience level, and an observational construct of team collaboration. Our results indicate that effective collaboration, experience, and functional role-specialization within the teams are important factors that determine the success of these teams in the competition and are important observational predictors of the timely detection and effective mitigation of ongoing cyber attacks. These results support theories of team maturation and the development of functional team cognition applied to mastering cybersecurity.

Keywords: collaboration; computer personnel selection; cyber defense; cybersecurity; expertise; skill composition; team development; teamwork.

PubMed Disclaimer

Figures

**Figure 1**
The 10-region National Collegiate Cyber Defense Competition with Mid-Atlantic Region circled.

**Figure 2**
“Man vs. Machine” Internet-of-Things scenario description given to participants.

**Figure 3**
The network diagram of the We-B-Smart network.

**Figure 4**
The composite overall team score in the MACCDC 2017 competition was composed of five performance metrics. These included: (1) Maintaining Services, (2) CEO Reporting, (3) Scenario Injects, (4) Incident Response, and (5) Red Team Activity. Performance scores are normalized z-scores and the teams arrayed with increasing composite performance by team number.

**Figure 5**
**(Top)** Heatmap representation depicting the skill composition of the various cybersecurity teams with darker colors indicating the proportion of team members endorsing a particular skill or role. **(Bottom)** Histogram of average years experience by each team.

**Figure 6**
Heatmap representation depicting the skill composition of the various cybersecurity tasks.

**Figure 7**
**(A)** Posterior distributions of regression parameters for Model 1 predicting Maintaining Services score with β1 (Communication & Collaboration Factor), β2 (Years Experience), and β3 (Number of Roles) as predictors of team performance. Strong predictors (Number of Roles) indicated by red type. **(B)** Posterior distributions of difference among parameters indicate unique predictive quality of β1, β2 and β3 to Maintaining Services scored performance.

**Figure 8**
**(A)** Posterior distributions of regression parameters for the simultaneous model predicting Incident Response score with β1 (Communication and Collaboration Factor), β2 (Leadership Factor), and β3 (Number of Skill Roles) as predictors of team performance. Strong predictors indicated by red type. **(B)** Posterior distributions of difference among parameters indicates unique predictive quality of β1 and β3 to Incident Response scores.

**Figure 9**
Comparison of Bayesian Multiple Linear Regression Models predictors across the MACCDC 2016 **(Top)** and MACCDC 2017 **(Bottom)** events for the scored performance dimensions of **(Left)** Maintaining Services, **(Middle)** Scenario Injects, **(Right)** Incident Response.

See this image and copyright information in PMC

References

1. Beal D. J., Cohen R. R., Burke M. J., McLendon C. L. (2003). Cohesion and performance in groups: a meta-analytic clarification of construct relations. J. Appl. Psychol. 88, 989–1004. 10.1037/0021-9010.88.6.989 - DOI - PubMed
1. Besnard D., Arief B. (2004). Computer security impaired by legitimate users. Comput. Secur. 23, 253–264. 10.1016/j.cose.2003.09.002 - DOI
1. Bishop M., Conboy H. M., Phan H., Simidchieva B. I., Avrunin G. S., Clarke L. A., et al. (2014). Insider threat identification by process analysis, in SPW '14 Proceedings of the 2014 IEEE Security and Privacy Workshops (Washington, DC: ), 251–264.
1. Buchler N., Fitzhugh S. M., Marusich L. R., Ungvarsky D. M., Lebiere C., Gonzalez C. (2016a). Mission command in the age of network-enabled operations: social network analysis of information sharing and situation awareness. Front. Pscyhol. 7:937. 10.3389/fpsyg.2016.00937 - DOI - PMC - PubMed
1. Buchler N., Hoffman B., Collman S., Marvel L.M., Cuneo J., Hoye J. (2016b). Measuring Team Effectiveness in Cyber-Defense Exercises: Multi-scale, multi-level Data Aggregation and Analysis. U.S. Army Research Laboratory-Technical Report.

LinkOut - more resources

Full Text Sources

Save citation to file

Email citation

Add to Collections

Add to My Bibliography

Your saved search

Create a file for external citation management software

Your RSS Feed

Cyber Teaming and Role Specialization in a Cyber Security Defense Competition

Affiliations

Cyber Teaming and Role Specialization in a Cyber Security Defense Competition

Authors

Affiliations

Abstract

Figures

References

LinkOut - more resources

Full Text Sources