DAMOCLES

The project DAMOCLES (Detection And Mitigation Of Cyber attacks that exploit human vuLnerabilitiES) aims at providing a framework for the digital defense of Italian PAs from security incidents caused by human errors. This is achieved by applying vulnerability prevention and mitigation techniques tailored to employees’ behavior. The framework is grounded on two main pillars: the Human Vulnerability Assessment (HVA) and Human Vulnerability Mitigation (HVM).

The proposal has been funded among Italian Relevant National Projects (NRRP), year 2022 by the Italian Minister for the University and Research and the European Commission (Next-Generation EU).

The project’s Principal Investigator is Prof. Giuseppe Desolda, leading the research unit at the University of Bari. Prof. Lucio Davide Spano is the substitute Principal Investigator and leads the research unit at the University of Cagliari. Finally, Prof. Vincenzo Deufemia leads the third research unit at the University of Salerno.

Abstract

Cyber attacks are emerging as problems caused not only by technological aspects but also by human factors neglected when designing interactive systems. Reports from cybersecurity giants like IBM and Verizon highlighted that up to 95% of security incidents are due to human errors. This phenomenon is dramatically amplified in contexts such as public administrations (PA), which often do not have the economic and human resources to adequately defend themself from cyber attacks. The DAMOCLES research project aims at providing a framework for the digital defense of Italian PAs from security incidents caused by human errors. This is achieved by applying vulnerability assessment and mitigation techniques tailored to employees’ behavior. The framework is grounded on two main pillars: the Human Vulnerability Assessment (HVA) and Human Vulnerability Mitigation (HVM).

The HVA leverages three different activities, namely prevention, detection, and simulation. They support the identification of human factors (e.g., behaviors, knowledge, skills, preferences) that can result in human incidents on different aspects of cybersecurity and that can make users, and thus the entire PA, more vulnerable. Prevention is carried out through questionnaires that identify wrong user behaviors causing human incidents and their degree of severity. Detection is performed by executing safe tests of cyber-attacks inside the PA, to monitor employees’ responses to the threats they are most vulnerable to (e.g., sending them safe phishing emails to monitor how they react). Simulation is performed by means of Digital Twins (DT) of the employees, which mirror their behaviors, allowing the identification of cybersecurity threats its physical counterpart may be most susceptible to.

The HVM starts from the results of the HVA to educate the employees according to the vulnerabilities they are more likely to be exposed to. Specifically, customized training programs will teach users to avoid wrong behaviors in cyber contexts. Different training approaches will be adopted to improve the effectiveness of the HVM phase, for example, podcasts, video tutorials, role-playing games that simulate attacks from which the players have to defend, and messages embedded in working software.

To simplify and enhance the adoption of DAMOCLES, we will offer the possibility to customize it to the specific PA easily. To this aim, the three main no-coding approaches, which are adequate for non-technical users, will be adopted: component-based representations for visualizing abstractions, rule-based for user-initiative policies definition, and example-based for system-initiative suggestions. Finally, we will develop a proof-of-concept web-based platform that simplifies the selection, administering and analysis of the questionnaires, the assignment and execution of tailored training programs, the execution of safe attacks, and the DT simulations.