Cybercrime Network

The complicated interworking of players/parties and technology, embedded in society's legal and cultural context, implies that cybercrime research should consists of (and preferably integrate) multiple disciplines: it must understand the 'business' case behind the crime, the associated legal complexities in cyber space, the social and psychological enablers, the means and effectiveness of deterrence, the technology of the cyber systems, as well as the intricate relation between all of these. As a consequence, the Network aims to be highly interdisciplinary, bringing together researchers from all the mentioned disciplines, with roughly equal emphasis on technologists (computer scientists, engineers) and non-technologists (lawyers, social scientists and psychologists).

Technology-wise, the Network aims to help in the coordination of 'practical security' or 'applied security' (for lack of better terms) research. Practical and applied security research thrives best if it is done in collaboration with the parties that eventually are targeted to use the research results. Interaction between researchers and end users is useful in the design stage (from requirements capturing to more 'intimate' user- and experience- driven design), in the development stage (through continuous feedback) and in the technology transfer stage. The Network proposes innovative ways to get researchers and end users together (professionally run workshop, actors for role playing, etc.), and encourages and supports its members to innovate in the ways it interacts with end users.

The programme of networking is defined in two dimensions: time and space, as follows:
- In 'time', we identify a first phase (18 months nominally) to initiate interaction and a second phase (also 18 months as a first estimate) to deliver results that help future research. In the first 18 months, the idea is to organise workshops and other events that bring together researchers and end users in order to understand the challenges faced in tackling cybercrime fully and to develop sound solutions. To achieve this, we will indeed need to put the emphasis on the end users in the first stage. The second 18 months will carry out consolidated workshops based on the lessons learnt in the first 18 months, and the emphasis will be shifted towards research and the establishment of research proposals and new networks, among others.
- In 'space', the Network will have a number of Themes, each with its own leader and set of networking activities. We predefine three Themes to kick things off, but Network participants will have the opportunity to develop additional Themes (or even modify or tailor the existing ones) within the above framework. We identify the Themes as: (i) Internet safety, (ii) usable security, and (iii) cloud. The three user groups that we have identified so far are (i) victims, (ii) law enforcement, and (iii) SMEs, enterprises and organisation. We expect involvement of these end users in each Theme.

We envisage potential impact of this work on various beneficiaries: end users (including cybercrime victims, system designers, business organisations, law enforcement agencies, and policy makers); as well as interdisciplinary academic researchers in computer security in general, and cybercrime in particular.

The main interaction with potential end users will be carried out through targeted workshops and other public events. Where appropriate, training and awareness events will be held to educate general public on the dangers of cybercrime and how to avoid becoming a victim.

Our main academic contribution is the opening of dialogue between various disciplines, facilitating a more inclusive perspective of cybercrime, its impact and ways to tackle it, from a wide range of fields such as computing science, economy, law, psychology and sociology. We intend to disseminate our approach, methodologies and developed solutions/systems through open source approach, allowing other researchers (both in academia and industry) to build on our work, or even collaborate together in order to exploit the contribution of the Network further.

We will also endeavour to influence cybercrime and security policies in the EU, through lobbying and extended networking activities with appropriate EU-funded projects, clusters, and agencies.