CRA consultant, Andrew Wright, will present his research paper ‘Human and organisational factors in cyber security: applying STAMP to explore vulnerabilities’ at the Chartered Institute of Ergonomics & Human Factors’ (CIEHF) Ergonomics and Human Factors 2019 Conference.
Andrew’s presentation topic is a piece of research that he undertook as part of his Master’s Degree in Ergonomics and Human Factors. The research looks at using Systems-Theory Techniques developed by the Massachusetts Institute of Technology (MIT) to explore cybersecurity sociotechnical systems and identify how system control flaws can lead to ‘accidents’.
The modern security threat environment is now largely cyber-based, and security systems need to demonstrate resilient performance in order to respond and adapt to evolving threats. Security system design and risk assessment now needs to account for the numerous complex interactions between cyber security systems, physical security systems and the humans who use them.
Systems-Theory techniques developed by the MIT are being proved as highly effective for identifying hazard scenarios during the concept/design phase of modern systems and for casual analysis, and are seeing a rapid uptake in U.S. Defence, Maritime, Nuclear, Aviation, Cyber and Space sectors. Various UK organisations, including the National Cyber Security Centre (NCSC), are showing interest in these techniques, particularly the STPA-Sec method. Andrew’s research focuses on a causal analysis of the 2013/2014 Target Corporation Data Breach to demonstrate application of the method and its strengths and limitations.
The Ergonomics and Human Factors 2019 Conference will take place 29 April – 1 May 2019 in Stratford-upon-Avon. Conference bookings open in January 2019 and ticket information is available on the CIEHF website.