cyber challenge team at work (National Cyberwatch Center)

Want better security? Start by shutting up

It turns out that the less time cybersecurity team members spend time talking about a responding to an attack, the better the outcome is likely to be.

At least that's what Army researchers found when they studied how the performance of cyber defense teams during head-to-head team competition at the Mid-Atlantic Collegiate Cyber Defense Competition. Teams had to defend and maintain their networks against a cyberattack on critical infrastructure and were evaluated on maintaining services, incidence response and scenario injects. In responding to scenario events, team members were assigned tasks by a role-playing CEO and were required to submit incident reports to authorities.

Contestants wore sociometric badges, devices developed at MIT that use infrared sensors to measure the frequency and duration of face-to-face interactions and that can shed light on individual and collective patterns of behavior and identify social affinity among team members. The researchers also gathered data from a questionnaire in which team members evaluated their team's leadership style, task distribution, team meetings, communication and collaboration.

It's no surprise that teams with effective leadership and functional specialization were more successful. However, face-to-face interactions, as measured by the sociometric badges, emerged as a strong negative predictor of success in the competition, according to Norbou E. Buchler, a cognitive scientist within Army Research Laboratory's Human Research and Engineering Directorate and team leader with the ARL Cyber and Networked Systems Branch. "In other words, the teams whose members interacted less during the exercise were usually more successful," he said. "Successful cyber teams don't need to discuss every detail when defending a network; they already know what to do."

High-performing teams have fewer interactions because all the team members know each other's roles and work interdependently.  "The responsibility for performing the various tasks and sub-tasks necessary to accomplish the team's goal is divided and parceled-out among the team," Buchler said.

The results are important because they show the importance of both functional specialization and leadership in cybersecurity teams, which could help with detection and mitigation of threats.  Currently, Buchler said, "training programs commonly emphasize cybersecurity knowledge and do not provide training on effective team management," he said.

The research also highlights benefits derived from wearable technology.  Social-sensing platforms like the sociometric badges can "enhance human measurement and validate and refine theories regarding the factors influencing human performance and teamwork over time," Buchler said.

About the Author

Susan Miller is executive editor at GCN.

Over a career spent in tech media, Miller has worked in editorial, print production and online, starting on the copy desk at IDG’s ComputerWorld, moving to print production for Federal Computer Week and later helping launch websites and email newsletter delivery for FCW. After a turn at Virginia’s Center for Innovative Technology, where she worked to promote technology-based economic development, she rejoined what was to become 1105 Media in 2004, eventually managing content and production for all the company's government-focused websites. Miller shifted back to editorial in 2012, when she began working with GCN.

Miller has a BA from West Chester University and an MA in English from the University of Delaware.

Connect with Susan at or @sjaymiller.

inside gcn

  • data wrangler

    Data wrangling: How data goes from raw to refined

Reader Comments

Tue, May 1, 2018 Quest

This article is misleading. I agree with the previous comment. Mature practices really improve response time.

Mon, Apr 30, 2018

I think it is key to pull the thread a bit more: the headline and body text appears to indicate that teams that collaborate are worse than teams that just sit at their terminals.

The point is that teams with good leadership and experienced roles do better. Because the teams and processes are more mature, they waste less time asking “what do we do?”

It is dangerous to assume face to face is counter indicative to success, because that fuels the perception that a bunch of Uber nerds chained to their terminals, not talking, is a good model for teams.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group