Cybersecurity for Critical Urban Infrastructure

When considering cyber defenses, security professionals and critical infrastructure operators immediately think about technical solutions such as intrusion detection systems or firewalls. However, hackers do not only use technical tools to break into critical infrastructure systems. Social engineering is a set of highly effective non-technical techniques that involve manipulating people and their data in order to penetrate a target system. Considering hackers use non-technical tools to break into systems, we propose that defenders should use non-technical tools to defend themselves. We are developing a new class of non-technical strategies against cyberattacks called Defensive Social Engineering. Cyber defenders can use Defensive Social Engineering along with technical tools to defeat or compromise attackers. One technique in the Defensive Social Engineering toolbox is Cyber Negotiation.