A new study being led by the University of Surrey will see academics exploring how best to tackle the future threats posed by cyber security and cyber crime, focusing on how to better understand and influence the behaviours of cyber criminals, victims, those who operate cyber security systems, business and Government bodies.
The project will involve 12 cyber crime and cyber security experts from across the world, as well as Government (especially law enforcement) agencies, industry (cyber security companies) and NGOs, and will use real-world scenarios to investigate how personalised approaches can help people and organisations reduce the human-related risks and fight against cyber crime.
The overall aim of the project is to develop a framework to analyse the behaviours of a range of stakeholders in the cyber security and cyber crime ecosystems including criminals, victims, people who operate cyber security systems and define policies, business and Government organisations such as law enforcement.
The project will also produce better knowledge about human behaviours that leave companies and individual users vulnerable to cyber attacks/cyber crimes, as well as software tools for capturing, analysing, influencing and evaluating those behaviours to reduce such risks. With the nature of the threat evolving as the technological background develops, and criminals and security personnel continually adapt to each other’s countermeasures, the project will adopt an explicitly evolutionary approach drawing on perspectives ranging from biological to military arms races.
The Surrey-led research project is entitled Addressing Cyber Security and Cyber Crime via a co-Evolutionary Approach to Reducing Human-Related Risks and will be co-ordinated by the University of Surrey as the lead institute. It will involve a group of researchers working in five academic disciplines (Computer Science, Crime Science, Business, Engineering and Behavioural Science) at four UK research institutes (the University of Surrey, UCL, the University of Warwick and TRL).
The project’s underpinned by an overall budget of £1.1 million, with 80% (£881,000) funding from the Engineering and Physical Sciences Research Council (EPSRC). It’s expected to start in April and scheduled to last for two years.
Enhanced cyber-physical safety
The new framework and solutions the project is set to identify will contribute towards enhanced safety in the cyber-physical world for many different kinds of users such as citizens, employees, business managers, policy and law makers, Government and industry.
The project will apply the developed framework to two selected real-world use cases, which are expected to be human-related cyber risks within global transaction and exchange networks and those within hybrid transportation networks involving key cyber elements such as connected vehicles.
Uniquely, the project will be within a ‘sandbox’ of a live environment, with individuals having their own personal data store, enabled by the HAT ecosystem. The project will be joining the HAT Community Foundation to provision HATs, facilitated by the University of Warwick.
The project lead is Dr Shujun Li, deputy director of the Surrey Centre for Cyber Security (SCCS) and a senior lecturer within the University of Surrey’s Department of Computer Science.
Dr Li explained: “I’m very excited about starting this project and working with a wonderful team of researchers from different disciplines and four different institutes. We believe that this research will open up new opportunities for the cyber security research community and society at large, providing new knowledge and tools that make our highly digitised and connected world a safer place in which to live and transact business. We also welcome more researchers and organisations who may be interested in our project to approach us with a view to joining in.”
Tier 1 threat to the UK
The UK Government has identified cyber security as a Tier 1 threat to the UK, which has led to significant investment in how to address this issue. The National Cyber Security Programme, set up in 2011 to deliver the strategy’s vision of ‘a vibrant, resilient and secure cyber space’, was recently given another five-year investment boost with £1.9 billion funding until 2021.
As an integral part of this national initiative, the EPSRC looked for proposals to address five challenges identified at the 2014 Workshop on the Human Dimensions of Cyber Security: (1) Design, build and measure (2) A theory of everyone (3) Risk, trust and response 4) Understanding people and (5) Evolution of cyber crime. The call had a focus on promoting collaborative, international and problem-driven research in this less-funded area of cyber security.
The grant call received a total of 16 research proposals. A total of seven projects will be funded over the next two-to-three years on topics such as cyber crime, security policies, risk management, human behaviours, threat analysis, decision-making and secure software development.
At the University of Surrey the project will involve Dr Michael McGuire of the Department of Sociology (a criminologist known for his research on cyber crime), Professor Roger Maull of Surrey Business School’s Centre of the Digital Economy (CODE) (a business researcher with great expertise on business models and digital economy) and Dr Helen Treharne of the Department of Computer Science and the SCCS as co-investigators.
Co-investigators from other partner institutes include Dr Hervé Borrion, Dr Gianluca Stringhini and Professor Paul Ekblom of UCL, Professor Irene Ng, Dr Xiao Ma and Dr Ganna Pogrebna of the University of Warwick and Professor Alan Stevens of TRL.