New study to improve online safety for public and companies
University of Surrey to lead a £1.1m study into how people’s behaviour can lead to cybersecurity risks, including how people become victims of cybercrimes.
The study will also explore new personalised approaches to encourage more secure human behaviours and their impacts on individuals, organisations and society as a whole.
A new study being led by the University of Surrey will see academics exploring how best to tackle the future threats of cybersecurity and cybercrime, focusing on how to better understand and influence behaviours of cybercriminals, victims, people who operate cybersecurity systems, business and governmental bodies.
The project will involve 12 cybercrime and cybersecurity experts from across the world, as well as governmental (especially law enforcement) agencies, industry (cybersecurity companies) and NGOs, and will use real-world scenarios to investigate how personalised approaches can help people and organisations better to reduce human-related risks and fight against cybercrime.
The overall aim of the project is to develop a framework to analyse the behaviours of a range of stakeholders in the cybersecurity and cybercrime ecosystems including criminals, victims, people who operate cybersecurity systems and define policies, business and governmental organisations such as law enforcement. It will also produce better knowledge about human behaviours that leave companies and individual users vulnerable to cyberattacks/cybercrimes, as well as software tools for capturing, analysing, influencing and evaluating those behaviours to reduce such risks. As the nature of the threat evolves as the technological background develops, and criminals and security personnel continually adapt to each other’s countermeasures, the project will adopt an explicitly evolutionary approach drawing on perspectives ranging from biological to military arms races.
The Surrey-led research project is entitled “Addressing Cybersecurity and Cybercrime via a co-Evolutionary approach to reducing human-related risks”, and will be coordinated by the University of Surrey as the lead institute. It will involve a group of researchers working in five academic disciplines (Computer Science, Crime Science, Business, Engineering, Behavioural Science) at four UK research institutes (University of Surrey, UCL, University of Warwick, and TRL). The project has an overall budget of £1.1m, with 80% (£881k) funding from the Engineering and Physical Sciences Research Council (EPSRC), is expected to start in April 2017 and will last for two years.
The new framework and solutions it will identify will contribute towards enhanced safety in the cyber-physical world for many different kinds of users such as citizens, employees, business managers, policy and law makers, governments, and industry. The project will apply the developed framework to two selected real-world use cases, which are expected to be human-related cyber risks within global transaction and exchange networks and those within hybrid transportation networks involving key cyber elements such as connected vehicles. Uniquely, the project will be within a ‘sandbox’ of a live environment, with individuals having their own personal data store, enabled by the HAT ecosystem. The project will be joining the HAT Community Foundation to provision HATs, facilitated by the University of Warwick.
Dr Li said: “I am very excited about starting this project and working with a wonderful team of researchers from different disciplines and four different institutes. We believe that this research will open up new opportunities for the cybersecurity research community and the society at large, and will provide new knowledge and tools that make our highly digitised and connected world a safer place to live and to do business. We also welcome more researchers and organisations interested in our project to approach us to become part of this exciting project.”
The UK Government has identified cybersecurity as a Tier 1 threat to the UK, which has led to significant investment in how to address it. The National Cyber Security Programme, set up in 2011 to deliver the strategy’s vision of ‘a vibrant, resilient and secure cyberspace’, was recently given another 5-year investment boost with £1.9 billion until 2021.
As an integral part of this national initiative, the EPSRC looked for proposals to address five challenges identified at the 2014 workshop on Human Dimensions of Cyber Security: 1) design, build and measure; 2) a theory of everyone; 3) risk, trust and response; 4) understanding people; 5) evolution of cybercrime. The call had a focus on promoting collaborative, international and problem-driven research in this less funded area of cybersecurity.
The grant call received a total of 16 research proposals, and a total of seven projects will be funded over the next 2-3 years on topics such as cybercrime, security policies, risk management, human behaviours, threat analysis, decision making, and secure software development.
At Surrey the project will involve Dr Michael McGuire of the Department of Sociology, a criminologist known by his research on cybercrime, Prof Roger Maull of Surrey Business School’s Centre of the Digital Economy (CODE), a business researcher with great expertise on business models and digital economy, and Dr Helen Treharne of the Department of Computer Science and Surrey Centre for Cyber Security (SCCS), as co-investigators. Co-investigators from other partner institutes include Dr Hervé Borrion, Dr Gianluca Stringhini and Prof Paul Ekblom of UCL, Prof Irene Ng, Dr Xiao Ma and Dr Ganna Pogrebna of the University of Warwick, and Prof Alan Stevens of TRL.