Potential Operator Overloads
SOC Operator overload and saturation may jeopardise the potential gains from the IMPETUS solution. The precautionary means can be aligned with the enabling means.
The IMPETUS solution will contribute with data from many different sources which extends the SOC information space substantially. Moreover, several of these tools employ Artificial Intelligence (AI) for collecting and analysing information. Hence, IMPETUS will convey an increase in both the quality, relevance, and volume of information. This increase may however have an overwhelming effect on the SOC operator.
Data/information overload may be seen as "a condition where a domain practitioner, supported by artifacts and other human agents, finds it extremely challenging to focus in on, assemble, and synthesise the significant subset of data for the problem context into a coherent assessment of a situation, where the subset of data is a small portion of a vast data field" [Woods et al., 2001]. This is an imminent danger for practically all users of IMPETUS tools, not at least because IMPETUS users might also be responsible for monitoring other sources, in addition to the IMPETUS platform. To avoid that the operators will struggle with data overload or work overload related to task management, several organisational issues should be raised in conjunction with the introduction of IMPETUS tools. The same issues that are highlighted for reaping the benefits from the IMPETUS solutions, will also be occasions for defining precautionary means against overload and saturation of SOC operators, namely:
Manning assessment, including number of tools per user, and division of responsibilities clarified based on authority and set of skills.Â
Appropriate training calibrated to different end users, promoting understanding on how to efficiently use the different tools and how to analyse and understand the platform output, including awareness of limitations and shortcomings of the technology, and the need for human-in-the-loop.
Clarifications of responsibilities and mandates for correlating and combining the platform output and making decisions based on the findings.
Awareness of biases in AI tools, and proper organising of human monitoring before decisions/actions are taken based on AI output.
Â
Â