ACCEPT: Addressing Cybersecurity and Cybercrime via a co-Evolutionary aPproach to reducing human-relaTed risks

Dates

Start date: 1 April 2017
End date: 31 March 2019

Summary

This project involves a group of researchers working in five academic disciplines (Computer Science, Crime Science, Business, Engineering, Behavioural Science) at four UK research institutes (University of Surrey, UCL, University of Warwick, and TRL). It has an overall budget of £~1.1m, with 80% (£~881k) funding from EPSRC. It is expected to start in April 2017 and will last for 24 months.

Funding

EPSRC (EP/P011896/1)

Details

Researchers and practitioners have acknowledged human-related risks among the most important factors in cybersecurity, e.g. an IBM report (2014) shows that over 95% of security incidents involved “human errors”. Responses to human-related cyber risks remain undermined by a conceptual problem: the mindset associated with the term ‘cyber’-crime which has persuaded us that that crimes with a cyber-dimension occur purely within a (non-physical) ‘cyber’ space, and that these constitute wholly new forms of offending, divorced from the human/social components of traditional (physical) crime landscapes. In this context, the unprecedented linking of individuals and technologies into global social-physical networks – hyperconnection – has generated exponential complexity and unpredictability of vulnerabilities.

In addition to hyperconnectivity, the dynamic evolving nature of cyber systems is equally important. Cyber systems change far faster than biological/material cultures, and criminal behaviour and techniques evolve in relation to the changing nature of opportunities centring on target assets, tools and weapons, routine activities, business models, etc. Studying networks and relationships between individuals, businesses and organisations in a hyperconnected environment requires understanding of communities and the broader ecosystems. This complex, non-linear process can lead to co-evolution in the medium-longer term.

The focus on cybersecurity as a dynamic interaction between humans and socio-technic elements within a risk ecosystem raises implementation issues, e.g. how to mobilise diverse players to support security. Conventionally they are considered under ‘raising awareness’, and many initiatives have been rolled out. However, activities targeting society as a whole have limitations, e.g. the lack of personalisation, which makes them less effective in influencing human behaviours.

While there is isolated research across these areas, there is no holistic framework combining all these theoretical concepts (co-evolution, opportunity management, behavioural and business models, ad hoc technological research on cyber risks and cybercrime) to allow a more comprehensive understanding of human-related risks within cybersecurity ecosystems and to design more effective approaches for engaging individuals and organisations to reduce such risks.

The project’s overall aim is therefore to develop a framework through which we can analyse the behavioural co-evolution of cybersecurity/cybercrime ecosystems and effectively influence behaviours of a range of actors in the ecosystems in order to reduce human-related risks. To achieve the project’s overall aim, this research will:

  1. Be theory-informed: Incorporate theoretical concepts from social, evolutionary and behavioural sciences which provide insights into the co-evolutionary aspect of cybersecurity/cybercrime ecosystems.
  2. Be evidence-based: Draw on extensive real-world data from different sources on behaviours of individuals and organisations within cybersecurity/cybercrime ecosystems.
  3. Be user-centric: Develop a framework that can provide practical guidance to system designers on how to engage individual end users and organisations for reducing human-related cyber risks.
  4. Be real world-facing: Conduct user studies in real-world use cases to validate the framework’s effectiveness.
    The new framework and solutions it identifies will contribute towards enhanced safety online for many different kinds of users, whether these are from government, industry, the research community or the general public.

Collaborations

This project involves a group of researchers working in five academic disciplines (Computer Science, Crime Science, Business, Engineering, Behavioural Science) at four UK research institutes (University of Surrey, University College London, University of Warwick, TRL). In addition to Surrey investigators listed below, this project also involves the following co-investigators:

This project is supported by an Advisory Board with 12 international/UK cybersecurity and cybercrime experts and a Stakeholder Group formed by 13 non-academic organisations in both the public and private sectors (including law enforcement agencies, industry and NGOs).

Investigators

Page Owner: sl0022
Page Created: Monday 2 January 2017 12:25:49 by sl0022
Last Modified: Wednesday 22 March 2017 09:22:25 by sl0022
Assembly date: Fri Mar 24 09:32:47 GMT 2017
Content ID: 168977
Revision: 1
Community: 1217

Rhythmyx folder: //Sites/surrey.ac.uk/computing/research/projects
Content type: rx:ResearchProject