alt Hacker NewsYep totally. It's something I've incorporated. Especially where the main incident commander gets overwhelmed with decisions, tunnel vision or distraction. For example getting trapped into threat hunting rather than commanding.
I actually think most cyber incident responder training for the commander is pretty weak because it doesn't do a great job of instituting the stress element. Physical security training does it in a much better way. The result is the need to create custom stuff. Because some shitty off the shelf big vendor table top or similar ain't gonna do it.
Exactly, it's that overwhelmed state with resulting tunnel vision or chasing the wrong thing that is so common in aviation incidents. If you have a big issue, the ECAM screen lights up light a Christmas tree. There is logic in the system to ensure messages are prioritised, but in the end the humans still have to systematically figure out what's going on.
What causes more issues in flight is that you have to maintain control of the aircraft while determining the issue and making a plan. Which in zero visibility doing manual flight has a significant mental load by itself, so if the automation is affected by whatever issues you have, one crew member can't sit back and 100% think.
It's probably hard to simulate that extra load/stress for cyber incidents. For MCC training it's done in a flight simulator so all the noise, alarms, and having to maintain control is there.