Home / Technology Policy & Ethics / March 2021 / Psybersecurity: A New Emerging Topic and Research Area Within Human Security – Part 1

Psybersecurity: A New Emerging Topic and Research Area Within Human Security – Part 1

By Carlee Franklin and Ankur Chattopadhyay, Northern Kentucky University

March 2021

1. Introduction

With the rise of technology in every facet of daily life, the increased conveniences come with multiple security risks. When imagining cybersecurity, the focus is generally on the protection of personal information, and the technology that stores this information. However, cyber-attacks can come in multiple forms. The term psybersecurity refers to the subject of securing the mental health, including protection of the human psychological wellbeing from the psychiatric consequences of technology usage, and studying the mental health attack surface plus vectors within the field of human security [1, 6]. With 1,473 reported cybersecurity breaches and over 164.68 million sensitive records exposed in the United States alone [2], the aftermath of these attacks extends beyond the technical repercussions.

Pertaining to the human wellbeing aspect, these incidents also translate into psybersecurity attacks that can seriously affect the mental health by bringing about changes in the mental setup, including mood, emotion, and behavior [4]. Given that the attack surface in psybersecurity is primarily the human mind, this makes the impact of psybersecurity attacks quite significant. Within the domain of human security, psybersecurity is an emerging topic. It has plenty of scope for future work, as there has not been much research in this area.

2. The Effects of Psybersecurity Attacks

One of the most prominent pieces of literature on psybersecurity focuses on the impact of cybersecurity incidents on the mental health of victims. Dr. Ryan Louie explains that cybersecurity attacks can lead to increased stress, anxiety, depression, symptoms similar to post-traumatic stress disorder (PTSD), and internet paranoia in human subjects [5]. With limited resources and time to combat these psybersecurity attacks, many people remain constantly on alert for potential threats, which can contribute to paranoia [4]. However, a healthy amount of discernment and awareness of technology can be beneficial to resisting psybersecurity breaches. In today’s world, an increasing number of people are left at risk of being exposed to psybersecurity attacks stemming from incidents of cybersecurity breaches, which are quite common.

Dr. Louie explains the potential for a psybersecurity threat due to “psychiatric engineering” [4, 5]. In the event that this occurs, a patient’s mental health can be severely impacted through a carefully engineered psybersecurity attack. For example, a situation in which an individual’s mind can be manipulated to result in a misunderstanding of symptoms, leading to an altered psychiatric evaluation, an altered psychiatric assessment, and eventually, wrong treatment. Instead of providing a proper diagnosis for a patient, a psychiatric care provider may be misled and can, unknowingly, become part of a well-orchestrated psychiatric engineering attack (meant for manipulating the mind, and harming the victim) through a misguided treatment process, as outlined in Figure 1. This concept of a psybersecurity breach in a literal sense differs from a technologically orchestrated social engineering attack, as it applies directly to the fields of psychology and behavioral science. However, psychiatric engineering, as a form of human manipulation-based psybersecurity attack, can be compared to common social engineering attacks, like phishing, in terms of the attacker’s awareness of the human mind’s flaws and weaknesses, as well as the manipulative tactics to exploit victims.

Even though the term “psybersecurity” has been recently introduced and sparsely used, the concept has existed for as long as cybersecurity attacks have existed. As explained by the Association for Psychological Science [3], human behavior is as centralized in cybersecurity attacks as the technology itself, and hackers consider different psychological aspects of the people they attack. Results from a study through Iowa State University [3] discovered that individuals with higher aggression, depression, or anxiety are more likely to be targeted. Such individuals are more vulnerable to cybersecurity attacks given their volatile mental states and fallible dispositions, which are factors behind their risky and insecure behavior. Because of their already damaged psychological states and poor habits, the experience of a cybersecurity breach could catalyze outstanding mental health problems and lead to further health-related complications, ensuing in a higher level of mental disintegration. Hence, successful integration of cybersecurity, psychology, and other behavioral sciences is needed in order to understand and combat psybersecurity threats from multiple angles and interdisciplinary perspectives. This interesting and emerging research area opens different avenues for pursuing work towards mitigating psybersecurity risks, deal-ing with elements of human security, studying the mental aspects related to cybersecurity attacks, and addressing mental health issues [3].


Figure 1. The Mental Health Attack Surface: Psychiatric Engineering [6].

References 

  1. Louie, R. K. (2020). Psybersecurity Clinic. https://psybersecurity.clinic/.
  2. Clement, J. (2020, October 1). U.S. data breaches and exposed records 2020. Statista. https://www.statista.com/statistics/273550/data-breaches-recorded-in-the-united-states-by-number-of-breaches-and-records-exposed/.
  3. Michel, A. (2017). Psyber Security: Thwarting Hackers with Behavioral Science. APS Observer, 30(9).
  4. Louie, R. K. “#Psybersecurity: The Mental Health Attack Surface”. 41st IEEE Symposium on Security and Privacy. May 19, 2020
  5. Louie, R. K. “#Psybersecurity: Mental Health Impacts of Cyberattacks”. RSA Conference 2020. San Francisco, California. February 28, 2020.
  6. Levy, Y., & Mattord, H. (2018). Final Report of the ACM/IEEE/AIS/IFIP Joint Task Force (JTF) on Cybersecurity Education.

 

Carlee Franklin Carlee Franklin is currently a L.I.F.E. Foundation Fellow student, pursuing her bachelor’s in Computer Science at Northern Kentucky University (NKU). She has been working as an undergraduate research assistant with Dr. Ankur Chattopadhyay since Fall 2020. She is currently exploring research topics in the areas of cybersecurity, privacy, trust, and computational biomedical sciences. She hopes to pursue further research within the disciplines of computer science and cybersecurity in greater depth, and gain more experience in the area of web development.

Dr. Ankur Chattopadhyay earned his Ph.D. in Computer Science from the University of Colorado at Colorado Springs (UCCS), and is currently an Assistant Professor of Cybersecurity & Computer Science in the Computer Science Department at Northern Kentucky University (NKU). His research interests include visual privacy, privacy-enhanced computer vision, He is currently an Editorial Board Member with the IEEE Future Directions Newsletter, Technology Policy and Ethics. He is an active professional member of IEEE and ACM. He has over 30 peer-reviewed publications, including conference papers, news-letter articles, and journal papers. He has more than 15 years of work experience in both academics and industry. Ankur is originally from Kolkata, India, where he did his Bachelors in Computer Engineering from the Institute of Engineering & Management (IEM), and was employed with Tata Consultancy Services, a global computer consul-tancy firm, for almost 7 years. Before joining NKU, he was an Assistant Professor of Computer Science at the University of Wisconsin – Green Bay (UWGB), where he founded and directed the Center of Cybersecurity Educa-tion & Outreach. He was the principal investigator (PI) and the project director of the first-ever NSA/NSF Gen-Cyber program in the state of Wisconsin at UWGB, where he has led and hosted the GenCyber program for three years. He has also worked with Google and Microsoft as the PI/project lead for the Google IgniteCS and Microsoft TechSpark grant programs at UWGB. His industry profile includes multiple roles like IT Analyst, Software Engineer and Embedded Systems Engineer.

Editor: 

Dr.Muhammad Bilal is an assistant professor of computer science with the Department of Computer and Electronic Systems Engineering, Hankuk University of Foreign Studies, Yongin, Korea. He received a Ph.D. degree in information and communication network engineering from School of Electronics and Telecommunications Research Institute (ETRI), Korea University of Science and Technology, Daejeon, Korea, MS in computer engineering from Chosun University, Gwangju,  Korea, and a BS degree in computer systems engineering from University of Engineering and Technology, Peshawar, Pakistan Prior to joining Hankuk University of Foreign Studies, he was a Postdoctoral Research Fellow with the Smart Quantum Communication Center, Korea University. He is an editorial board member of IEEE Future Direction Newsletter. He has served as a reviewer of various international Journals including IEEE Communication Magazine, IEEE Systems Journal, IEEE Access, IEEE Communications Letters, IEEE Transactions on Network and Service Management, Journal of Network and Computer Applications, Personal and Ubiquitous Computing, and International Journal of Communication Systems. He has also served as a program committee member on many international conferences. His primary research interests are Design and Analysis of Network Protocols, Network Architecture, Network Security, Blockchain Technologies, IoT, Named Data Networking, Cryptology, and Future Internet.