The Human Side of Cybersecurity Seminar Series: Ronald Boring and Human-in-the-Loop Reslience
Thursday, April 15, 2021
11:00 AM – 12:00 PM EST
A Cyber Concept of Operations for Human-in-the-Loop Resilience
A concept of operations (ConOp) is the overarching philosophy of how a system will be used and the role of the human operator as part of that human-system interface. ConOps for control systems cover normal and abnormal operations, but most ConOps do not explicitly cover a modality where the operators respond to cyber threats.
A common thread of much cybersecurity research is the need to build defense in depth to prevent any possible cyber intrusion. In other words, ideally, a cyber intrusion should never compromise a system enough to reach the user or operator. This operator-out-of-the-cyber-loop approach is well grounded and should absolutely remain a main thrust of a cyber protection program.
Still, there remains the possibility of infection and intrusion. What actually happens if a critical control system is compromised? This can result in corruption and inoperability of key systems, or it could also result in loss of control to an adversary or misleading monitoring information through spoofing. Though these events remain extremely low probability, they can confound or hinder the ability of the operators to control the system.
This presentation will review the crucial role of operations personnel for cyber protection. If other defenses fail, it remains the responsibility of the operator to recognize the incident. It is also their responsibility to maneuver the system to a safe point where it can be taken offline and mitigated. A cyber ConOp ensures that the operators have the right tools to recognize cyber upsets and respond safety. Several design recommendations will be presented to ensure human-in-the-loop resilience as part of general cyber ConOps. In addition, studies conducted with control room operators that reveal their ability to engage successfully with a compromised system will be reviewed.
About Ron Boring
Ron Boring is a Distinguished Scientist and Department Manager for the Human Factors and Reliability Department at Idaho National Laboratory (INL). He has led control room modernization and human risk efforts for a variety of national and international partners. He was founder of the Human Systems Simulation Laboratory at INL and led development of prototyping tools such as the Advanced Nuclear Interface Modeling Environment (ANIME) and human factors evaluation methods like the Guideline for Operational Nuclear Usability and Knowledge Elicitation (GONUKE) to support control room development at U.S. utilities. He currently leads development of the Human Unimodel for Nuclear Technology to Enhance Reliability (HUNTER) method, which creates virtual operators for risk modeling, including novel cybersecurity risk assessment for electric grid applications.
Boring has a Ph.D. in Cognitive Science from Carleton University. He was a Fulbright Academic Scholar to the University of Heidelberg, Germany, and currently holds the honorary titles of Fellow of the Center for Advanced Energy Studies and Fellow of the Human Factors and Ergonomics Society. He has published over 300 research articles in a wide variety of human reliability, human factors, and human-computer interaction forums. He is the Chair for the Annual Meeting of the Human Factors and Ergonomics Society.
Boring promises not to live up to his last name. Over the past year, he became a founding member of Quarantined Scientists with Unintended Mullets but may indeed get a haircut before his presentation. He lives in Idaho Falls with his wife of 24 years and their four children, four cats, and one giant Newfoundland dog.
About CCI Events
With a mission of research, innovation, and workforce development, the Commonwealth Cyber Initiative (CCI) focuses on the intersection of security, autonomous systems, and data. Funded by the Commonwealth of Virginia, CCI is a highly connected statewide network that engages institutions of higher education, industry, government, and nongovernmental and economic development organizations. CCI’s network includes 39 higher education institutions and 320 faculty members as well as more than 20 industry partners. CCI was established in the 2018-20 Virginia budget with an investment of approximately $20 million annually from 2020 and beyond. Follow us on Twitter, LinkedIn, Facebook, Instagram, and YouTube.