Abstract
Due to their value and interconnected role in our societies, critical infrastructures are vulnerable national assets increasingly becoming targets of cyber-attacks. Despite there being a multitude of training programs in cybersecurity offered, human errors are still accountable for a majority of breaches. As current training and awareness courses are insufficient to meet the current cybersecurity challenges in critical infrastructures, this paper examines how they could be improved with new solutions. In addition to current training programs lacking in effectively addressing human factors, identifying appropriate outcome and performance measures to assess the effectiveness of the program remains an issue. In order to address the uniqueness of an individual’s human factors and natural learning trajectory, the need for tailored training programs, to meet the demands of each user and influence a change in cyber-behavior, is proposed. These tailored training programs would be enhanced with the inclusion of training aids such as Digital Twins and Extended Reality. Indeed, recent works started to explore how combining Digital Twins and Augmented or Virtual reality could enhance learning in different contexts. We have studied how some human features could be replicated and used in the digital twin technologies (such as personality, attention, emotions or age and gender), as well as the human factors enhanced in the overall simulated virtual experience (embodiment, engagement, situational awareness, collaboration). However, there are still ongoing challenges and ethical concerns with such solutions. We conclude with a discussion of future directions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Ardito, L., Petruzzelli, A., Panniello, U., Garavelli, A.: Towards industry 4.0: mapping digital technologies for supply chain management-marketing integration. Bus. Process Manag. J. 25(2), 323–346 (2019)
Galloway, B., Hancke, G.: Introduction to industrial control networks. IEEE Commun. surv. tutorials 15(2), 860–880 (2012)
Lehto, M.: Cyber-attacks against critical infrastructure. In: Lehto, M., Neittaanmäki, P. (eds.) Cyber Security: Critical Infrastructure Protection, pp. 3–42. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-91293-2_1
Deibert, R.J., Rohozinski, R.: Risking security: policies and paradoxes of cyberspace security. Int. Polit. Sociol. 4(1), 15–32 (2010). https://doi.org/10.1111/j.1749-5687.2009.00088.x
Cordesman, A.H.: Cyber-Threats, Information Warfare, and Critical Infrastructure Protection: Defending the Us Homeland. Greenwood Publishing Group, CA (2001)
Sarwat, A.I., Sundararajan, A., Parvez, I., Moghaddami, M., Moghadasi, A.: Toward a smart city of interdependent critical infrastructure networks. In: Amini, M.H., Boroojeni, K.G., Iyengar, S.S., Pardalos, P.M., Blaabjerg, F., Madni, A.M. (eds.) Sustainable Interdependent Networks. SSDC, vol. 145, pp. 21–45. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-74412-4_3
European Commission: Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive) 2022. https://eur-lex.europa.eu/eli/dir/2022/2555. Accessed 22 Jan 2024
Chowdhury, N., Gkioulos, V.: Key competencies for critical infrastructure cyber-security: a systematic literature review. Inf. Comput. Secur. 29(5), 697–723 (2021)
Alsharif, M., Mishra, S., AlShehri, M.: Impact of human vulnerabilities on cybersecurity. Comput. Syst. Sci. Eng. 40(3), 1153–1166 (2022). https://doi.org/10.32604/csse.2022.019938
Leach, J.: Improving user security behaviour. Comput. Secur. 22(8), 685–692 (2003)
Ratchford, M. M., Wang, Y.: BYOD-insure: a security assessment model for enterprise byod. In: 2019 Fifth Conference on Mobile and Secure Services (MobiSecServ), pp. 1–10. IEEE, Miami Beach, FL, USA (2019)
Crossler, R., Bélanger, F.: An extended perspective on individual security behaviors: protection motivation theory and a unified security practices (USP) instrument. ACM SIGMIS Database: DATABASE Adv. Inf. Syst. 45(4), 51–71 (2014)
Alohali, M., Clarke, N., Furnell, S., Albakri, S.: Information security behavior: recognizing the influencers. In: 2017 Computing Conference, pp. 844–853. IEEE, London, UK (2017)
Nurse, J. R.: Cybercrime and you: how criminals attack and the human factors that they seek to exploit. arXiv preprint arXiv:1811.0662 (2018)
Case, D. U.: Analysis of the cyber attack on the Ukrainian power grid. Electricity Inf. Sharing Anal. Cent. (E-ISAC) 388, 1–29 (2016)
The attack on Colonial pipeline: what we’ve learned & what we’ve done over the past two years. https://www.cisa.gov/news-events/news/attack-colonial-pipeline-what-weve-learned-what-weve-done-over-past-two-years. Accessed 29 Jan 2024
IRGC-affiliated cyber actors exploit PLCs in multiple sectors, including U.S. water and wastewater systems facilities. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-335a. Accessed 29 Jan 2024
Morelli, U., Nicolodi, L., Ranise, S.: An open and flexible cybersecurity training laboratory in IT/OT infrastructures. In: Fournaris, A.P., et al. (eds.) IOSEC/MSTEC/FINSEC -2019. LNCS, vol. 11981, pp. 140–155. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-42051-2_10
Drogkaris, P., Bourka, A.: European Union Agency for Cybersecurity: Cybersecurity culture guidelines - Behavioural aspects of cybersecurity, Drogkaris, P.(eds.), Bourka, A.(editor), European Network and Information Security Agency (2018). https://doi.org/10.2824/324042
McMahon, C.: In Defence of the human factor. Front. Psychol. 11, 1390 (2020)
Canham, M.: Repeat clicking: a lack of awareness is not the problem. In: HCI International 2023 - Late Breaking Papers: 25th International Conference on Human-Computer Interaction, pp. 325–342. Copenhagen, Denmark (2023)
Sütterlin, S., et al.: The role of IT background for metacognitive accuracy, confidence and overestimation of deep fake recognition skills. In: International Conference on Human-Computer Interaction, pp. 103–119. Springer International Publishing, Cham (2022). https://doi.org/10.1007/978-3-031-05457-0_9
Sütterlin, S., et al.: Individual deep fake recognition skills are affected by viewer’s political orientation, agreement with content and device used. In: International Conference on Human-Computer Interaction, pp. 269–284. Springer Nature Switzerland, Copenhagen, Denmark, Cham (2023). https://doi.org/10.1007/978-3-031-35017-7_18
Lif, P., Sommestad, T.: Human factors related to the performance of intrusion detection operators. HAISA, pp. 265–275 (2015)
Pirta-Dreimane, R., et al.: Application of intervention mapping in cybersecurity education design. Front. Educ. 7, 998335 (2022)
Ruh, P., Morgenstern, H.: Establishing cyberpsychology at universities in the area of cyber security. In: Stephanidis, C., Antona, M., Ntoa, S. (eds.) HCII 2021. CCIS, vol. 1499, pp. 294–301. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-90179-0_38
European cybersecurity skills framework role profiles. https://www.enisa.europa.eu/publications/european-cybersecurity-skills-framework-role-profiles. Accessed 29 Jan 2024
Newhouse, W., Keith, S., Scribner, B., Witte, G.: National initiative for cybersecurity education (NICE) cybersecurity workforce framework. NIST Spec. Publ. 800(2017), 181 (2017)
Knox, B.J., Lugo, R.G., Sütterlin, S.: Cognisance as a human factor in military cyber Defence education. IFAC-Pap. OnLine 52(19), 163–168 (2019)
Huff, P., Leiterman, S., Springer, J.: Cyber arena: an open-source solution for scalable cybersecurity labs in the cloud. In: Proceedings of the 54th ACM Technical Symposium on Computer Science Education V. 1, pp. 221–227. ACM, Toronto, Canada (2023)
Jelo, M., Helebrandt, P.: Gamification of cyber ranges in cybersecurity education. In: 2022 20th International Conference on Emerging eLearning Technologies and Applications (ICETA), pp. 280–285. IEEE, Stary Smokovec, Slovakia (2022)
Di Domenico, S.I., Ryan, R.M.: The emerging neuroscience of intrinsic motivation: a new frontier in self-determination research. Front. Hum. Neurosci. 11, 145 (2017)
Jin, G., Tu, M., Kim, T.-H., Heffron, J., White, J.: Evaluation of game-based learning in cybersecurity education for high school students. J. Educ. Learn. 12, 150 (2018)
Jøsok, Ø., Knox, B.J., Helkala, K., Lugo, R.G., Sütterlin, S., Ward, P.: Exploring the hybrid space. In: Schmorrow, D.D.D., Fidopiastis, C.M.M. (eds.) AC 2016. LNCS (LNAI), vol. 9744, pp. 178–188. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-39952-2_18
Staheli, D., et al.: Collaborative data analysis and discovery for cyber security. In: Twelfth Symposium on Usable Privacy and Security (SOUPS 2016) (2016)
Steinke, J., et al.: Improving cybersecurity incident response team effectiveness using teams-based research. IEEE Secur. Priv. 13(4), 20–29 (2015)
Klein, G.A., Calderwood, R.: Decision models: some lessons from the field. IEEE Trans. Syst. Man Cybernet. 21, 1018–1026 (1991)
Wright, R.T., Jensen, M.L., Thatcher, J.B., Dinger, M., Marett, K.: Research note-influence techniques in phishing attacks: an examination of vulnerability and resistance. Inf. Syst. Res. 25(2), 385–400 (2014)
Suh, A., Prophet, J.: The state of immersive technology research: a literature analysis. Comput. Hum. Behav. 86, 77–90 (2018)
Milgram, P., Kishino, F.: A taxonomy of mixed reality visual displays. IEICE Trans. Inf. Syst. 77(12), 1321–1329 (1994)
Knoll, M., Stieglitz, S.: Augmented Reality und Virtual Reality-Einsatz im Kontext von Arbeit, Forschung und Lehre. HMD Praxis der Wirtschaftsinformatik 59(1), 6–22 (2022)
Ask, T.F., Kullman, K., Sütterlin, S., Knox, B.J., Engel, D., Lugo, R.G.: A 3D mixed reality visualization of network topology and activity results in better dyadic cyber team communication and cyber situational awareness. Front. Big Data 6, 1042783 (2023)
Seo, J.H., Bruner, M., Payne, A., Gober, N., McMullen, D., Chakravorty, D.K.: Using virtual reality to enforce principles of cybersecurity. J. Comput. D Sci. Educ. 10(1), 81–87 (2019)
Anwar, M. S., et al.: Immersive learning and AR/VR-based education: cybersecurity measures and risk management. In: Cybersecurity Management in Education Technologies, pp. 1–22. CRC Press (2023)
Veneruso, S.V., Ferro, L.S., Marrella, A., Mecella, M., Catarci, T.: CyberVR: an interactive learning experience in virtual reality for cybersecurity related issues. In: Proceedings of the International Conference on Advanced Visual Interfaces, pp. 1–8. ACM, Salerno, Italy (2020)
Makransky, G., Borre-Gude, S., Mayer, R.E.: Motivational and cognitive benefits of training in immersive virtual reality based on multiple assessments. J. Comput. Assist. Learn. 35(6), 691–707 (2019)
Makransky, G., Petersen, G.B.: The cognitive affective model of immersive learning (CAMIL): a theoretical research-based model of learning in immersive virtual reality. Educ. Psychol. Rev. 33, 937–958 (2021)
Shafto, M., et al.: Draft modeling, simulation, information technology & processing roadmap. Technol. Area 11, 1–32 (2010)
Semeraro, C., Lezoche, M., Panetto, H., Dassisti, M.: Digital twin paradigm: a systematic literature review. Comput. Ind. 130, 103469 (2021)
Löcklin, A., Jung, T., Jazdi, N., Ruppert, T., Weyrich, M.: Architecture of a human-digital twin as common interface for operator 4.0 applications. Procedia CIRP 104, 458–463 (2021)
Naudet, Y., Baudet, A., Risse, M.: Human digital twin in industry 4.0: concept and preliminary model. In: IN4PL, pp. 137–144. ISBN (2021)
Karvonen, A., Saariluoma, P.: Cognitive mimetics and human digital twins: towards holistic AI design. ERCIM News 2023(132), 17–18 (2023)
Yin, Y., Zheng, P., Li, C., Wang, L.: A state-of-the-art survey on augmented reality-assisted digital twin for futuristic human-centric industry transformation. Robot. Comput. Integr. Manuf. 81, 102515 (2023)
Kaarlela, T., Pieskä, S., Pitkäaho, T.: Digital twin and virtual reality for safety training. In: 2020 11th IEEE International Conference on Cognitive Infocommunications (CogInfoCom), pp. 000115–000120. IEEE, Mariehamn, Finland (2020)
Tähemaa, T., Bondarenko, Y.: Digital twin based Synchronised control and simulation of the industrial robotic cell using virtual reality. J. Mach. Eng. 19(1), 128–144 (2019)
Wu, P., Qi, M., Gao, L., Zou, W., Miao, Q., Liu, L.L.: Research on the virtual reality synchronization of workshop digital twin. In: 2019 IEEE 8th Joint International Information Technology and Artificial Intelligence Conference (ITAIC), pp. 875–879. IEEE, Chongqing, China (2019)
Voordijk, H., Vahdatikhaki, F., Hesselink, L.: Digital twin-based asset inspection and user-technology interactions. J. Eng. Des. Technol. (2023)
McConnell, M.M., Eva, K.W.: The role of emotion in the learning and transfer of clinical skills and knowledge. Acad. Med. J. Assoc. Am. Med. Coll. 87(10), 1316–1322 (2012)
Brosch, T., Scherer, K., Grandjean, D., Sander, D.: The impact of emotion on perception, attention, memory, and decision-making. Swiss Med. Wkly. 143(1920), w13786–w13786 (2013)
Lerner, J.S., Keltner, D.: Beyond valence: toward a model of emotion-specific influences on judgement and choice. Cogn. Emot. 14(4), 473–493 (2000)
Amara, K., Kerdjidj, O., Ramzan, N.: Emotion recognition for affective human digital twin by means of virtual reality enabling technologies. IEEE Access 11, 74216–74227 (2023)
Magalhães, M., Coelho, A., Melo, M., Bessa, M.: Measuring users’ emotional responses in multisensory virtual reality: a systematic literature review. Multimed. Tools Appl. 83, 1–41 (2023)
Greenfeld, A., Lugmayr, A., Lamont, W.: Comparative reality: measuring user experience and emotion in immersive virtual environments. In: 2018 IEEE International Conference on Artificial Intelligence and Virtual Reality (AIVR), pp. 204-209. IEEE, Taichung, Taiwan (2018)
Tyng, C.M., Amin, H.U., Saad, M.N., Malik, A.S.: The influences of emotion on learning and memory. Front. Psychol. 8, 1454 (2017)
Zhang, X.A., Borden, J.: How to communicate cyber-risk? An examination of behavioral recommendations in cybersecurity crises. J. Risk Res. 23(10), 1336–1352 (2020)
Gulenko, I.: Improving passwords: influence of emotions on security behaviour. Inf. Manag. Comput. Secur. 22(2), 167–178 (2014)
Bachura, E., Valecha, R., Chen, R., Rao, H.R.: The OPM data breach: an investigation of shared emotional reactions on Twitter. MIS Q. 46(2), 881–910 (2022)
Oberauer, K.: Working memory and attention - a conceptual analysis and review. J. Cogn. 2(1), 1–23 (2019)
Wang, C.C., Hung, J.C., Chen, H.C.: How prior knowledge affects visual attention of Japanese mimicry and onomatopoeia and learning outcomes: evidence from virtual reality eye tracking. Sustain. 13(19), 1–28 (2021)
Mirault, J., Albrand, J.P., Lassault, J., Grainger, J., Ziegler, J.C.: Using virtual reality to assess reading fluency in children. Fronti. Educ. 6, 693355 (2021)
Al’Absi, M., Hugdahl, K., Lovallo, W.R.: Adrenocortical stress responses and altered working memory performance. Psychophysiol. 39(1), 95–99 (2002)
Anderson, B.B., Kirwan, C.B., Jenkins, J.L., Eargle, D., Howard, S., Vance, A.: How polymorphic warnings reduce habituation in the brain: insights from an fMRI study. In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, pp. 2883–2892. ACM, Seoul, Korea (2015)
Montañez, R., Golob, E., Xu, S.: Human cognition through the lens of social engineering cyberattacks. Front. Psychol. 11, 1755 (2020)
Anwar, M., He, W., Ash, I., Yuan, X., Li, L., Xu, L.: Gender difference and employees’ cybersecurity behaviors. Comput. Hum. Behav. 69, 437–443 (2017)
Tømte, C., Hatlevik, O.E.: Gender-differences in self-efficacy ICT related to various ICT-user profiles in Finland and Norway. How do self-efficacy, gender and ICT-user profiles relate to findings from PISA 2006. Comput. Educ. 57(1), 1416–1424 (2011)
Branley-Bell, D., Coventry, L., Dixon, M., Joinson, A., Briggs, P.: Exploring age and gender differences in ICT cybersecurity behaviour. Hum. Behav. Emerg. Technol. 2022, 1–10 (2022)
Miller, M.E., Spatz, E.: A unified view of a human digital twin. Hum. Intell. Syst. Integr. 4(1–2), 23–33 (2022)
Rammstedt, B., John, O.P.: Measuring personality in one minute or less: a 10-item short version of the big five inventory in English and German. J. Res. Pers. 41(1), 203–212 (2007)
Condori-Fernandez, N., Suni-Lopez, F., Muñante, D., Daneva, M.: How can personality influence perception on security of context-aware applications? In: Groß, T., Viganò, L. (eds.) STAST 2020. LNCS, vol. 12812, pp. 3–22. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-79318-0_1
Shappie, A.T., Dawson, C.A., Debb, S.M.: Personality as a predictor of cybersecurity behavior. Psychol. Popular Media 9(4), 475 (2020)
Thorp, S.O., Rimol, L.M., Grassini, S.: Association of the big five personality traits with training effectiveness, sense of presence, and cybersickness in virtual reality. Multimodal Technol. Interact. 7(2), 11 (2023)
Montañez, R., Atyabi, A., Xu, S.: Social engineering attacks and defenses in the physical world vs. cyberspace: a contrast study. In: Cybersecurity and Cognitive Science, pp. 3–41. Academic Press (2022)
Wilson, M.: Six views of embodied cognition. Psychon. Bull. Rev. 9(4), 625–636 (2002)
Wei, C.W., Chen, H.H., Chen, N.S.: Effects of embodiment-based learning on perceived cooperation process and social flow. Procedia. Soc. Behav. Sci. 197, 608–613 (2015)
Marre, Q., Huet, N., Labeye, E.: Embodied mental imagery improves memory. Q. J. Exp. Psychol. 74(8), 1396–1405 (2021)
Harackiewicz, J.M., Smith, J.L., Priniski, S.J.: Interest matters: the importance of promoting interest in education. Policy Insights Behav. Brain Sci. 3(2), 220–227 (2016)
Rajivan, P., Cooke, N.: Impact of team collaboration on cybersecurity situational awareness. Theory Models Cyber Situation Awareness, pp. 203–226 (2017)
Dykstra, J., Rowe, N., Shimeall, T., Horneman, A., Midler, M.: Introduction: on the nature of situational awareness. Digital Threats Res. Pract. 2(4), 1–3 (2021)
Munsinger, B., Beebe, N., Richardson, T.: Virtual reality for improving cyber situational awareness in security operations centers. Comput. Secur. 132, 103368 (2023)
Kabil, A., Duval, T., Cuppens, N., Le Comte, G., Halgand, Y., Ponchel, C.: From cyber security activities to collaborative virtual environments practices through the 3D CyberCOP platform. In: Ganapathy, V., Jaeger, T., Shyamasundar, R.K. (eds.) ICISS 2018. LNCS, vol. 11281, pp. 272–287. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-05171-6_14
Ask, T.F., Lugo, R.G., Knox, B.J., Sütterlin, S.: Human-human communication in cyber threat situations: a systematic review. In: Stephanidis, C., et al. (eds.) HCII 2021. LNCS, vol. 13096, pp. 21–43. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-90328-2_2
Dubovi, I.: Cognitive and emotional engagement while learning with VR: the perspective of multimodal methodology. Comput. Educ. 183, 104495 (2022)
Chi, M.T., Wylie, R.: The ICAP framework: linking cognitive engagement to active learning outcomes. Educ. Psychol. 49(4), 219–243 (2014)
Greene, B.A.: Measuring cognitive engagement with self-report scales: reflections from over 20 years of research. Educ. Psychol. 50(1), 14–30 (2015)
Giaretta, A.: Security and privacy in virtual reality–a literature survey (2022). arXiv preprint arXiv:2205.00208
23andMe confirms hackers stole ancestry data on 6.9 million users. https://tcrn.ch/47Hzimn. Accessed 21 Jan 2024
Braun, M., Krutzinna, J.: Digital twins and the ethics of health decision-making concerning children. Patterns (NY) 3(4), 100469 (2022)
Stanton, B., Theofanos, M.F., Prettyman, S.S., Furman, S.: Security fatigue. IT Prof. 18(5), 26–32 (2016)
Dykstra, J., Paul, C. L.: Cyber operations stress survey (COSS): studying fatigue, frustration, and cognitive workload in cybersecurity operations. In: Proceedings of the 11th USENIX Workshop on Cyber Security Experimentation and Test (CSET 18), pp. 1–8. ACM, Baltimore, USA (2018)
Ferreira, A., Lenzini, G.: An analysis of social engineering principles in effective phishing. In: 2015 Workshop on Socio-Technical Aspects in Security and Trust, pp. 9–16. IEEE, Verona, Italy (2015)
Agyepong, E., Cherdantseva, Y., Reinecke, P., Burnap, P.: Challenges and performance metrics for security operations center analysts: a systematic review. J. Cyber Secur. Technol. 4, 125–152 (2020)
Lugo, R.G., Sütterlin, S.: Cyber officer profiles and performance factors. In: Harris, D. (ed.) EPCE 2018. LNCS (LNAI), vol. 10906, pp. 181–190. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-91122-9_16
Childs, E., et al.: An overview of enhancing distance learning through augmented and virtual reality technologies. arXiv Preprint arXiv:2101.11000 (2021). https://doi.org/10.48550/arXiv.2101.11000
Acknowledgement
The project ATHENA is funded by the European Union (Digital Europe Programme) under Grant Agreement No. 101127970 and is supported by the European Cybersecurity Competence Centre. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or the European Cybersecurity Competence Centre. Neither the European Union nor the European Cybersecurity Competence Centre can be held responsible for them.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Zehnder, E. et al. (2024). Digital Twins and Extended Reality for Tailoring Better Adapted Cybersecurity Trainings in Critical Infrastructures. In: Schmorrow, D.D., Fidopiastis, C.M. (eds) Augmented Cognition. HCII 2024. Lecture Notes in Computer Science(), vol 14694. Springer, Cham. https://doi.org/10.1007/978-3-031-61569-6_15
Download citation
DOI: https://doi.org/10.1007/978-3-031-61569-6_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-61568-9
Online ISBN: 978-3-031-61569-6
eBook Packages: Computer ScienceComputer Science (R0)