Research Institute in Science of Cyber Security (RISCS) Phase 2

Lead Research Organisation: University College London
Department Name: Computer Science

Abstract

The Digital Economy is a key part of the strategy for UK economic growth. But as more businesses move into the digital space, they need to be able to protect their assets (such as their Intellectual Property) and processes (such as payment and customer details). Cyber security is one of the 3 core areas in RCUK's Partnership for Conflict, Crime and Security, and the research that will be undertaken under the umbrella of RISCS is focused on developing security solutions that are effective in the context of modern organisations. The provision of accurate and meaningful metrics to measure the impact (positive and negative) of security measures, and developing models and tools for predicting the such impact, is at the core of the our research endeavour. RISCS was intially funded for 3.5 years funded by EPSRC, GHCQ and BIS, consists of 4 projects and a coordination activity. The aim of the coordination activity was to build a community of the researchers involved in the 4 funded projects to engage with each other (to share approaches to data collection, devising and evaluating solutions) and with security practitioners (to understand the challenges they face, and try to apply knowledge and methods developed by the projects). EPSRC has invited an application to continue the funding for the coordination activity for a further 5 years, to enable the community to continue and expand, and serve as a UK hub for evidence-based research aiming to improve cyber security in organisations. The hub will seek to attract funding for new projects on this topic, and offering a home for other projects and individuals conducting research on this topic.

Planned Impact

RISCS Phase 2 will be a way of exposing researchers from other disciplines to cyber security problems and current approaches - they will be able to apply their knowledge and methods towards solving these problems, but during these applications discover challenges, and knowledge and methods from other disciplines, that may help to advance their own area. We will enhance the capability of existing practioners by packaging our knowledge and skills and disseminating it in collaboration with the sponsor (GCHQ - CESG runs a certification schem) and professional bodies (IISP, ISSA, SANS institute). Will continue to work with sponsors and government to improve policy and communications about cyber security, and work with interested companies to improve or demonstrate the effectiveness of their products, and make them more competitive.
 
Description To be confirmed. Unable to complete due to system error.
Exploitation Route To be confirmed. Unable to complete due to system error.
Sectors Other

 
Description RISCS is a coordination activity that brings together academic researchers working on human, organisational, economic and societal aspets of cyber security, security practitioners and researchers from the National Technical Authority (GCHQ/NCSC). The main output developed by NCSC as a result of collaboration with RISCS researchers has been the new guidance on phishing https://www.ncsc.gov.uk/phishing. It promotes a multi-layered approach informed by results from many disciplines on how to defend effectively. This is a significant improvement from the previous state where most organisations only combatted phising by 'training users not to click on links' - an approach shown by RISCS research not only to be ineffective in reducing phishing, but damaging productivity. Through ongoing collaboration with UK security practitioners we have identified emerging research challenges, shared our research outcomes, and identified opportunities for creating testbeds to try solutions developed by researchers. In our first year, 45 practitioners from UK industry and government attended community meetings - after 2 further years, the number of practitioners that regularly connect with RISCS and use our findings - as well as contributing research challenges - has risen to 70.
First Year Of Impact 2017
Impact Types Economic,Policy & public services

 
Description Contributed to DCMS Cyber Security Regulation and Incentives Review
Geographic Reach Local/Municipal/Regional 
Policy Influence Type Implementation circular/rapid advice/letter to e.g. Ministry of Health
 
Description Contributed to NCSC Board Toolkit
Geographic Reach Local/Municipal/Regional 
Policy Influence Type Implementation circular/rapid advice/letter to e.g. Ministry of Health
 
Description Contributed to NCSC Cyber Insurance Buyers Guide
Geographic Reach Local/Municipal/Regional 
Policy Influence Type Citation in other policy documents
URL https://www.ncsc.gov.uk/guidance/cyber-insurance-guidance
 
Description Contributed to NCSC Engineering Best Practice Guidance
Geographic Reach National 
Policy Influence Type Citation in other policy documents
 
Description Contributed to NCSC Password Guidance
Geographic Reach Local/Municipal/Regional 
Policy Influence Type Citation in other policy documents
 
Description Contributed to the NCSC You Shape Security Guidance
Geographic Reach Local/Municipal/Regional 
Policy Influence Type Citation in other policy documents
 
Description DCMS Secure by Design Guidance
Geographic Reach National 
Policy Influence Type Citation in other policy documents
URL https://www.gov.uk/government/collections/secure-by-design
 
Description Directly contributed to ENISA Cybersecurity Culture Guidelines
Geographic Reach National 
Policy Influence Type Citation in other policy documents
 
Description RISCS Fellows
Amount £105,000 (GBP)
Organisation National Cyber Security Centre 
Sector Public
Country United Kingdom
Start 03/2021 
End 03/2022
 
Description RISCS PHASE 3
Amount £250,000 (GBP)
Organisation Engineering and Physical Sciences Research Council (EPSRC) 
Sector Public
Country United Kingdom
Start 03/2020 
End 07/2022
 
Description Understanding cyber offenders, criminal careers and business models
Amount £368,643 (GBP)
Organisation Home Office 
Sector Public
Country United Kingdom
Start 03/2018 
End 03/2019
 
Description Home Office Cyber Crime Projects 
Organisation Home Office
Country United Kingdom 
Sector Public 
PI Contribution https://www.riscs.org.uk/riscs-annual-report-and-project-catalogue/
Collaborator Contribution Supported the life cycle of the project.
Impact https://www.riscs.org.uk/riscs-annual-report-and-project-catalogue/
Start Year 2018
 
Description RISCS2 
Organisation Government Communications Headquarters (GCHQ)
Country United Kingdom 
Sector Public 
PI Contribution holding workshop to develop problem statement and research call
Collaborator Contribution providing funding and technical expertise
Impact research funding call for project in developer-centred security
Start Year 2016
 
Description A private roundtable held with the World Economic Forum on the role of cyber insurance in cyber security 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Industry/Business
Results and Impact A private roundtable held with the WEF on the role of cyber insurance in cyber security. Attended by 15 participants from Fortune 500 businesses, US law enforcement, and representatives from several international governments.
Year(s) Of Engagement Activity 2020
 
Description Advisory meeting with Canadian Chief Science Advisor at the Canadian High Commission in the UK 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Policymakers/politicians
Results and Impact ECSEPA member Dr Alex Chung participated in a round-table discussion with Canada's Chief Science Advisor, Dr Mona Nemer, on 9 February 2018. Organised by the Canadian High Commission in the UK, the event took place in Canada House in London. Dr Nemer asked the eight young researchers for recommendations to take back to the Prime Minister of Canada, Justin Trudeau on what Canada can learn from the UK's research and education systems. In particular, she sought advice on how the experience of Canadian scholars who are currently conducting science-related research in the UK, and those who seek to come to the UK, could be enhanced. The scholars unanimously agreed upon one potential area of improvement, which is to focus on channels of communication for academic funding opportunities between the two countries through networks of information sharing and exchange coordinated by the High Commission and jointly facilitated by partnering academic institutions. Alex highlighted the need for overseas funding programmes aimed at interdisciplinary studies with a combined science and public policy focus, citing the example of the Science, Technology, and Engineering Policy Advice Module within the Master's in Public Administration degree programme offered by UCL STEaPP. Two weeks after the meeting, Prime Minister Justin Trudeau's administration released its 2018 budget on 27 February. It includes almost CAD$4 billion (US$3.1 billion) in new funding for science over the next five years, a large portion of which is aimed at supporting research that is "international, interdisciplinary, fast-breaking and higher-risk", and much of which will be reserved for early and mid-career researchers. (https://www.nature.com/articles/d41586-018-02529-6)
Year(s) Of Engagement Activity 2018
URL https://www.law.ox.ac.uk/news/2018-02-11-canadian-chief-science-advisor
 
Description Attribution in Cyberspace 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Industry/Business
Results and Impact "Attribution in Cyberspace"
Norwegian Institute of International Affairs
Year(s) Of Engagement Activity 2020
 
Description Can we make people value IT security? 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact University of Cambridge Computer Lab's annual Wheeler lecture
Year(s) Of Engagement Activity 2017
URL https://www.cl.cam.ac.uk/seminars/wheeler/angela-sasse/index.html
 
Description Can we make the Internet of things secure enough for humans? 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact The event was for IoT and Cybersecurity specialists and explored the best practice for protecting IoT devices and services across a range of industries and the potential for innovation opportunities in IoT cyber security.
Year(s) Of Engagement Activity 2017
URL https://censis.org.uk/2017/03/21/iot-meets-cyber-security/
 
Description Cyber Metrics Research Event 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Industry/Business
Results and Impact Series of talks and group discussions to define a way to take forward the national conversation on the topic of cyber metrics and communicating with the board. This was a collaborative event with SASIG and NCSC
Year(s) Of Engagement Activity 2018
 
Description Cyber Metrics:Getting the conversation straight between technical and non-technical actors 
Form Of Engagement Activity Engagement focused website, blog or social media channel
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Industry/Business
Results and Impact On May 23, 2018, RISCS held a workshop in London that looked at the utility of cyber security metrics. The purpose of the workshop was to develop a deeper understanding of the ways in which cyber security metrics are used in decision-making more generally, and also to raise questions about how data is best presented to the board and the policy community more specifically. We wanted to explore the potential for metrics to help but we also want to take a critical approach to the underlying values that can shape metrics - and consequently, decisions.
Year(s) Of Engagement Activity 2018
URL https://www.riscs.org.uk/2019/03/12/cyber-metrics-getechnical-actors/
 
Description Cybersecurity Culture Guidelines: Behavioural Aspects of Cybersecurity 
Form Of Engagement Activity Engagement focused website, blog or social media channel
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Industry/Business
Results and Impact The report is concerned with human aspects of cybersecurity including not only psychology and sociology, but also ethnography, anthropology, human biology, behavioural economics and any other subject that takes humans as its main focal point.
Year(s) Of Engagement Activity 2018
URL https://www.enisa.europa.eu/publications/cybersecurity-culture-guidelines-behavioural-aspects-of-cyb...
 
Description Digital Responsibility Workshop 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Third sector organisations
Results and Impact Digital Responsibility Workshop hosted by Knowinnovation and Lizzie Coles- Kemp
Year(s) Of Engagement Activity 2020
 
Description Digital technical standards: Strengthening the Multi-stakeholder System" G7 Digital and Technology Ministers sidebar event 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact Participation in Digital technical standards: Strengthening the Multi-stakeholder System"G7 Digital and Technology Ministers sidebar eventwith DCMS and Chatham House
Year(s) Of Engagement Activity 2020
 
Description Dysfunctional Relationships in Security - and how to overcome them 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Industry/Business
Results and Impact Dysfunctional Relationships in Security - and how to overcome them. Opening Keynote speech, ESORICS STAST Workshop, Unversity of Surrey
Year(s) Of Engagement Activity 2020
 
Description ECSEPA Cyber Security Mapping Validation Workshop 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact The ECSEPA team held a Mapping Validation Workshop on 8 February 2018 at The Wesley Hotel in Euston, London. The event brought together policymakers working in cybersecurity across the UK Government to discuss how best to represent our 'Map of the UK Cyber Security Governance Landscape.' Participants included those working at the forefront of the UK's cybersecurity policy issues from Cabinet Office, Foreign & Commonwealth Office (FCO), Ministry of Housing, Communities & Local Government (MHCLG), Her Majesty's Revenue & Customs (HMRC), Department of Digital, Culture, Media & Sports (DCMS), and many more.

At the workshop we presented our key findings, discussed map functionality and posed map usability questions to the audience who provided insight into the challenges the Government face in cybersecurity governance. The majority of the time was spent on roundtable discussions critiquing and refining the maps' accuracy, utility and design. Using an A0 map in print, policymakers were able to draw directly onto the maps whilst discussing with each other how their respective Departments interact with one another on cybersecurity policy. A number of policymakers also proposed collaboration opportunities to the team to help them adapt and develop smaller, segmented maps for use within five individual Departments and also the possibility of extending the project. Subsequently, we were invited to their offices in Whitehall after the workshop to further discuss funding and logistics planning for the prospective collaborations.

Representatives from academia were also present at the workshop, which included EPSRC Senior Portfolio Manager Dr Miriam Dowle, as well as two researchers from UCL's Department of Geography: Dr Artemis Skarlatidou who works in Human Computer Interaction and User Experience, and PhD candidate Alex Papadopoulos who specialises in Human Computer Interaction and Spatial Data. Through their input and conversation with policymakers, we developed a comprehensive list of findings to be incorporated into the map as it progresses onto the next stage of graphic design.
Year(s) Of Engagement Activity 2018
URL http://ecsepa.coventry.ac.uk/ecsepa-mapping-validation-workshop-2/
 
Description ECSEPA website hosted by Coventry 
Form Of Engagement Activity Engagement focused website, blog or social media channel
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Policymakers/politicians
Results and Impact The ECSEPA project website was created in October 2017 by Coventry University, the home institution of the project Co-I, Professor Siraj Shaikh, Mr Atif Hussain, and Dr Emma Moreton. The purpose is to maintain an online presence for the project through an overview of the study and its associated research activities. The main Coventry University website and its affiliated research project webpages are regularly visited by a wide-ranging set of audience from around the world as shown by the answer to the question above. It is a particularly useful tool for advertising our study for the purpose of recruiting potential participants, since an official institutional website adds to the bona fides of ECSEPA due to the need to forge new contacts with senior-level policymakers who often use the website to double-check the credentials of the researchers and the legitimacy of the project.
Year(s) Of Engagement Activity 2017,2018
URL http://ecsepa.coventry.ac.uk/
 
Description ECSEPA website hosted by UCL STEaPP 
Form Of Engagement Activity Engagement focused website, blog or social media channel
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Media (as a channel to the public)
Results and Impact The ECSEPA project website was created in November 2017 by University College London, Department of Science, Technology, Engineering and Public Policy (UCL STEaPP), the home institution of the project PI, Dr Madeline Carr and team members Dr Alex Chung and Ms Sneha Dawda. The purpose is to maintain an online presence for the project through an overview of the study and its associated research activities. The main UCL STEaPP departmental website and its affiliated research project webpages are regularly visited by a wide-ranging set of audience from around the world as shown by the answer to the question above. It is a particularly useful tool for advertising our study for the purpose of recruiting potential participants, since an official institutional website adds to the bona fides of ECSEPA due to the need to forge new contacts with senior-level policymakers who often use the website to double-check the credentials of the researchers and the legitimacy of the project.
Year(s) Of Engagement Activity 2017,2018
URL https://www.ucl.ac.uk/steapp/research/projects/ecsepa
 
Description ECSEPA_Presentation to Cabinet Office_ 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact Presented research findings of the mapping exercise to the Public Sector Cyber Security Working Group lead by Cabinet Office.
Year(s) Of Engagement Activity 2018
 
Description First Cyber 9/12 Student Challenge in the UK 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Policymakers/politicians
Results and Impact ECSEPA members were part of a coaching team led by Dr Irina Brass (UCL STEaPP) that trained and accompanied four UCL students (three STEaPP MPAs and one PhD) to compete in Cyber 9/12 Challenge UK on 26-27 February 2018 in London, UK. In preparation for the competition, the team held three workshops and put together a training programme that helped the students to quickly gain familiarity with cybersecurity policy and international relations. One of the workshops also involved a senior practitioner/policymaker from the UK National Police Chiefs Council who advised the students on how serious incident response operations are managed at the highest levels of the UK Government in real-life crisis scenarios. During the competition, the UCL team were able to mobilise their diverse knowledge and skills in order to produce a rigorous assessment of a complex cyber threat to the UK's critical infrastructure, and to evaluate and recommend a preferred course of action to Central Government. On the first day of the two-day event, BBC Radio 4 Today show interviewed Paul Chichester, Director Operations at the UK National Cyber Security Centre about the competition. Participants on the judging panels and the competing teams not only included UK policymakers and practitioners (e.g. DCMS and Defence Academy) but also those from various European countries such as Sweden and bodies such as Europol.
Year(s) Of Engagement Activity 2018,2019
URL https://www.ucl.ac.uk/steapp/steapp-news-publication/2018/students-at-cyber-9-12-student-challenge
 
Description From "security awareness" to secure behaviour - what is stopping us? 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Industry/Business
Results and Impact From "security awareness" to secure behaviour - what is stopping us?
Keynote SWITCH Security awareness day, Bern, Switzerland
Year(s) Of Engagement Activity 2020
 
Description From the Ground Up: Polarization, Fragmentation and Hybridity in the Research and Practice of Cyber Norms 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Industry/Business
Results and Impact "From the Ground Up: Polarization, Fragmentation and Hybridity in the Research and Practice of Cyber Norms" (Keynote Speaker)
The Hague Conference on Cyber Norms
The Hague
Year(s) Of Engagement Activity 2020
 
Description Future Directions in Cyber Crime Research 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact A workshop with policy makers, law enforcement and academic colleagues from a range of disciplines, to help identify the key evidence gaps and future research opportunities in relation to cyber crime. This was set in the context of exciting plans for the expansion of the Research Institute in the Science of Cyber Security (RISCS), and future funding opportunities.
Year(s) Of Engagement Activity 2017
 
Description Future Directions in Cyber Crime Research 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact ECSEPA member Dr Alex Chung attended a workshop on 30 November 2017 that led directly to a multi-year research call that closed on March 8 2018. The workshop, held at the UK National Cyber Security Centre (NCSC) organised by the Research Institute in Science of Cyber Security (RISCS) and the Home Office, brought together policy makers, law enforcement and academics to discuss future research priorities and evidence gaps in relation to cyber crime. The topics for the round-table discussions included: 1) the scale, costs and consequences of cyber crime; 2) profiles and pathways into offending; 3) victimisation and how to improve cyber security behaviours amongst public and businesses; 4) effectiveness of interventions to prevent, deter and disrupt offending. The contributions made during this workshop and the findings led to the subsequent 'Call for Multi-Year Research Proposals: "Understanding cyber offenders, criminal careers and business models" in January 2018, which was funded by the UK National Cyber Security Programme (NCSP) and coordinated by the Home Office and RISCS (https://www.riscs.org.uk/wp-content/uploads/2018/01/Home-Office_multi-year-grant-call_Jan2018.pdf).
Year(s) Of Engagement Activity 2017
URL https://www.eventbrite.co.uk/e/future-directions-in-cyber-crime-research-registration-38726695589?ut...
 
Description GIG-ARTS 2018 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Policymakers/politicians
Results and Impact The ECSEPA team will present a paper at the Second European Multidisciplinary Conference on Global Internet Governance Actors, Regulations, Transactions and Strategies (GIG-ARTS 2018) from 26-27 April 2018 in Cardiff, Wales. The paper, based on the preliminary findings from ECSEPA, is titled: 'Overcoming Inequalities in Internet Governance: framing digital policy capacity building strategies'. The international conference will be attended by delegates from around the world, including academics, policymakers, and practitioners, with whom the team will exchange knowledge on the subject matters of cybersecurity policy and internet governance.
Year(s) Of Engagement Activity 2018
URL https://www-npa.lip6.fr/gig-arts/conference/
 
Description GREPSEC III meeting 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Postgraduate students
Results and Impact Invited speaker at an NSF supported workshop for women and underrepresented groups interested in computer security research.
Year(s) Of Engagement Activity 2017
URL http://www.ieee-security.org/grepsec/schedule.html
 
Description ICCIP 2018 Conference Presentation 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact ECSEPA team member Mr Atif Hussain attended the "Twelfth Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection" held in Arlington, US, on 12-14 March 2018 to present our paper of which he is the lead author. The paper is titled: 'An Evidence Quality Assessment Model for Cybersecurity Policymaking.' The purpose was to obtain feedback on the evidence model that we are building to improve it and incorporate it into the ECSEPA policy crisis game design. The conference was also an opportunity contribute our novel methodology and preliminary findings to the field of critical national infrastructure protection by engaging with policymakers, practitioners, and academics who are technical specialists and experts on the subject matter.
Year(s) Of Engagement Activity 2018
URL http://www.ifip1110.org/Conferences/ConferenceProgram2018.pdf
 
Description Interview on ECSEPA for UCL STEaPP online blog 
Form Of Engagement Activity Engagement focused website, blog or social media channel
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Postgraduate students
Results and Impact The online blog entry published on 7 March 2018 is intended to help drive up the interest and enrolment numbers for UCL STEaPP's MPA degree course 2018-19 intake. It features an interview with ECSEPA member Dr Alex Chung on his experience working on the research project. In particular, it highlights how ECSEPA is unique in that it embodies STEaPP's impact-driven 'mode of research' - interdisciplinary research that tackles real-world challenges through co-design, co-production, and action research by engaging with policy actors.
Year(s) Of Engagement Activity 2018
URL https://www.ucl.ac.uk/steapp/research/projects/digital-policy-lab/featured-researcher/featured-resea...
 
Description Invited talk at IoT Security Foundation 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Industry/Business
Results and Impact Invited talk to 250 participants on International Politics and IoT Standards
Year(s) Of Engagement Activity 2020
 
Description Invited talk on Closing the Gap: Careers in Cyberspace EU Cyber Direct 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Policymakers/politicians
Results and Impact invited talk on "Closing the Gap: Careers in Cyberspace
Year(s) Of Engagement Activity 2020
 
Description Invited talk on States and Cyberspace: Deterrence, Attribution and Retaliation 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Policymakers/politicians
Results and Impact Invited talk on "States and Cyberspace: Deterrence, Attribution and Retaliation"
at the Cyber 2020 Conference.
Year(s) Of Engagement Activity 2020
 
Description Key note speech on Cyber security's biggest vulnerability? "People are the weakest link" 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact Cyber security's biggest vulnerability? "People are the weakest link"
Karen Sparck Jones Lecture 2020
Year(s) Of Engagement Activity 2020
URL https://www.bcs.org/events/2020/december/webinar-karen-spaerck-jones-lecture-2020/
 
Description Live media appearance TRT World News Channel, Turkey 
Form Of Engagement Activity A press release, press conference or response to a media enquiry/interview
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Public/other audiences
Results and Impact Live interview broadcast on Turkish television: Global aspects of cybersecurity
Year(s) Of Engagement Activity 2019
 
Description National Cyber Security Centre: UK Cyber Security Research Institutes 2017 Conference 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact At the annual National Cyber Security Centre conference on 17 October 2017, which focused on "Delivering cybersecurity research with real-world impact" (NCSC quote), the ECSEPA team presented a poster with an overview of the project to elicit interest from policymakers to engage with the project. Our aim was to identify and recruit relevant policymakers from UK Government Departments to participate in the data collection process - interviews, online survey, and policy crisis game - and to showcase our project to the core UK academic and policy community working in cybersecurity. We were able to acquire the contacts of senior policy advisors across the UK Government and maintain our existing relationships with project stakeholders through this event to further the aims of the project.
Year(s) Of Engagement Activity 2017
URL http://ecsepa.coventry.ac.uk/cyber-security-annual-showcase-event/
 
Description Opportunities for Sociotechnical Cybersecurity Collaboration with Singapore Cyber Global Expert Mission, Knowledge Transfer Network 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Industry/Business
Results and Impact Invited talk on 'Opportunities for Sociotechnical Cybersecurity Collaboration with Singapore' at the Cyber Global Expert Mission, Knowledge Transfer Network
Year(s) Of Engagement Activity 2020
 
Description Oxera/ABI event - 'A Known, Unknown: Evolving Cyber Threats and the Future of the UK Cyber Insurance Market 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Industry/Business
Results and Impact Dr Jason Nurse represented the project as a panellist at an insurance industry event.
Year(s) Of Engagement Activity 2020
URL https://www.oxera.com/events/a-known-unknown-evolving-cyber-threats-and-the-future-of-the-uk-cyber-i...
 
Description Panellist: Cyberwarfare and Artificial Intelligence 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Other audiences
Results and Impact Panel: Cyberwarfare and Artificial Intelligence at Conference "A Shifting World Order: What to Expect in 2019" held in Beirut, Lebanon.
Organised by The Carnegie Middle East Center
Year(s) Of Engagement Activity 2018
 
Description Participated in expert round-table discussion 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Policymakers/politicians
Results and Impact Invited participant on expert roundtable on Preventative Diplomacy and the Peaceful Resolution of Disputes in the Context of International Cyber Security. Discussion fed into a paper
Year(s) Of Engagement Activity 2019
 
Description Phishing attacks: defending your organisation 
Form Of Engagement Activity Engagement focused website, blog or social media channel
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Industry/Business
Results and Impact This guidance is an important addition to the NCSC's portfolio of anti-phishing measures. It is aimed at organisations of all sizes, in all sectors. Produced in collaboration with CPNI, government, academia and industry, it describes how to protect an organisation against email phishing threats, drawing on knowledge and research across real working environments.
Year(s) Of Engagement Activity 2018
URL https://www.ncsc.gov.uk/guidance/phishing
 
Description RISCS Annual Report 2018 
Form Of Engagement Activity Engagement focused website, blog or social media channel
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Other audiences
Results and Impact The annual report contains project updates and summaries of the work carried out during the previous academic year. It is made available on the RISCS website and circulated via hard copy at events such as joint research institute summit, cyber security workshops and conferences.
Year(s) Of Engagement Activity 2018
URL https://www.riscs.org.uk/category/publications/
 
Description RISCS Community Meeting (August 2016) 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact Organisation of RISCS Community Meeting, London, August 2016
Year(s) Of Engagement Activity 2016
 
Description RISCS Community Meeting (February 2017) 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact Organisation of RISCS Community Meeting, London, 10th February 2017.
Preceded by a RISCS Practitioner Panel on 9th February 2017.
Year(s) Of Engagement Activity 2017
URL https://www.riscs.org.uk/2017/03/09/theory-plus-practice/
 
Description RISCS Community Meeting (February 2018) 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Other audiences
Results and Impact Series of talks on the Science of Cyber Security
Year(s) Of Engagement Activity 2018
URL https://www.riscs.org.uk/2018/03/26/joining-social-science-and-computer-science-obstacles-and-opport...
 
Description RISCS Community Meeting (May 2018) 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact Two day workshop focused on the theme of cyber metrics. Day one explored the use of metrics in the healthcare sector. This is a valuable use case because the interpretation of complex inputs in healthcare is crucial to informing risk decisions around data-sharing and public safety. Day 2 looked at how we can make decisions without the benefit of the kind of
certainty or clarity that metrics might provide.
Led to further work on cyber metrics such as collaborative workshops on the use of metrics to communicate with the board.
Year(s) Of Engagement Activity 2018
URL https://www.riscs.org.uk/2018/06/18/riscs-community-meeting-23-24-may-2018/
 
Description RISCS Community Meeting (November 2016) 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact Organisation of RISCS Community Meeting - "Focus on Security Behaviour", London, 23rd November 2016
Year(s) Of Engagement Activity 2016
 
Description RISCS Community Meeting (October 2018) 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact This Meeting focused on two themes: 'Incentives in Cyber Security' and 'Realising impact from research'. Explored spectrum of levers that are available to influence better cyber security behaviours. Discussion about how impact from the academic research across all four Research Institutes can be most effectively delivered back to the stakeholder community. Discussion of what research activity RISCS should promote in 2019.
Year(s) Of Engagement Activity 2018
URL https://www.riscs.org.uk/2018/10/13/riscs-community-meeting-thursday-18th-october-2018/
 
Description RISCS Community Meeting October 2017 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact Organisation of RISCS Community Meeting - RISCS Phase 2, London, 18 October 2017
Year(s) Of Engagement Activity 2017
 
Description RISCS Cyber Crime Showcase 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Policymakers/politicians
Results and Impact An invitation only event with experts from across the RISCS community, DCMS, Home Office and NCSC. The discussion focused on matters as paramount as:
o the challenges in the field of online victimisation
o the policy impact of current research on online victims
o the evidence gaps and future research needed in the field
Year(s) Of Engagement Activity 2021
 
Description RISCS Developer-centred Security Workshop 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact Organisation of Developer-centred Security Workshop, London, 24th November 2016
Year(s) Of Engagement Activity 2016
URL https://www.riscs.org.uk/2017/02/17/developer-centred-security-call/
 
Description RISCS Fellows showcase 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Industry/Business
Results and Impact Presentations from 5 RISCS Fellows, followed by panel discussion with key stakeholders.
Year(s) Of Engagement Activity 2021
URL https://www.eventbrite.co.uk/e/riscs-showcase-tickets-137315037975
 
Description RISCS workshop on emerging risk in the IoT 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact Through the RISCS community, we hosted a workshop on emerging risk in the IoT. A report will be disseminated to all participants and other interested stakeholders.
Year(s) Of Engagement Activity 2018
 
Description RUSI and University of Kent workshop 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach Regional
Primary Audience Industry/Business
Results and Impact A private workshop with approx. 40 representatives from DCMS, NCSC, the insurance industry and cyber security providers.
Year(s) Of Engagement Activity 2020
 
Description Robust Cyber Defences Against Adversarial Strategies 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact Dr Panaousis presented MERIT during this invited talk that took place in December, 22nd. This was the monthly "virtual" seminar of the Cyber Security Group at the University of Delft. It was an opportunity to discuss the practicality of the MERIT outputs and receive feedback on current developments.
Year(s) Of Engagement Activity 2020
 
Description Roundtable with Higher Education sector on Cyber Security and Collaboration 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Other audiences
Results and Impact A 'by invitation' executive roundtable, hosted by UCL, to discuss the opportunities and challenges that UK universities and higher education institutions face in responding effectively to growing cyber-attacks. The roundtable will bring together leading security professionals from across UK universities and higher education institutions to share insight and ideas for security cultures and collaboration across the sector. The discussions will form part of the wider Cyber Readiness for Boards Project being led by UCL and commissioned by the NCSC.
Year(s) Of Engagement Activity 2021
 
Description SASIG workshop - Cybersecurity: reaching the boardroom with meaningful metrics 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Industry/Business
Results and Impact Invited talk which addressed the following questions:

How can improved corporate governance better support board and executive level decision-making around cyber risk. How do we apply cyber metrics to decision making more generally, and how can data be best presented to the board and the policy community? What underlying values should shape metrics and consequent decisions? What metrics are the cybersecurity community willing and able to provide compared with those metrics the board wants and needs.
Year(s) Of Engagement Activity 2018
 
Description Secure Development Workshop 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Industry/Business
Results and Impact Agenda

The agenda for the workshop is as follows:

13:00 - Workshop opening presentation on RISCS theme and breakout group topics [Shamal Faily, Bournemouth University]
13:15 - HMG perspective on the RISCS Secure Development Practices theme [Helen L, NCSC]
13:30 - Panel - Secure Development Practices: what works and what doesn't [Awais Rashid (University of Bristol), Fraser Scott (Capital One), Helen Sharp (Open University), Charles Weir (Lancaster University)]
14:30 - Break
14:50 - Breakout groups
15:50 - Plenary discussion on breakout group results [Breakout group scribes]
16:15 - Workshop close [Shamal Faily, Bournemouth University]
Year(s) Of Engagement Activity 2020
 
Description Stakeholder Meetings 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact The ECSEPA team has held regular stakeholder project meetings - four formal group meetings and several informal one-to-one validation meetings -
since the project began (excluding the one-off mapping validation workshop under another ResearchFish entry). The purpose of these regular, bimonthly meetings, which is still on-going and will continue until the end of the project, is designed for the team to get constructive feedback from the stakeholder group comprising policymakers and practitioners through validating the preliminary findings and improving the methodological approach of the project. The comments received by the team during these events and gatherings have been extremely useful in shaping the trajectory of the project; the stakeholders have found the preliminary findings valuable to the work of their organisations.
Year(s) Of Engagement Activity 2017,2018
 
Description UCL STEaPP Digital Policy Laboratory Featured Researcher: Sneha Dawda 
Form Of Engagement Activity Engagement focused website, blog or social media channel
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Postgraduate students
Results and Impact The online blog entry published in February 2018 was intended to help drive up the interest and enrolment numbers for UCL STEaPP's MPA degree course for the 2018-19 intake. It features a piece by ECSEPA member Ms Sneha Dawda on her experience working on the Mapping Exercise portion of the research project. In particular, it highlights Sneha's unique combination of interdisciplinary background and innovative utilisation of mind-mapping tools to create a visual representation of the map. The piece also notes the importance of the internal mapping validation process by engaging with the relevant policymakers and project stakeholders, employing STEaPP's impact-driven mode of research.
Year(s) Of Engagement Activity 2018
URL https://www.ucl.ac.uk/steapp/research/projects/digital-policy-lab/featured-researcher/profile-sneha-...
 
Description UK Cyber Security Research Conference 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact UK Cyber Security Research Conference, "Delivering cybersecurity research with real- world impact", 18th October 2016, London.
Cross-RI conference co-organised by Research Institute Science of Cyber Security (RISCS), Research Institute Automated Programme Analysis & Verification (RIAPAV), and Research Institute Trustworthy Industrial Control Systems (RITICS), in association with the National Cyber Security Centre (NCSC).
Year(s) Of Engagement Activity 2016
URL https://www.riscs.org.uk/2017/01/31/riscs-annual-report-2016-published/
 
Description UK Cyber Security Research Conference - 2017 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact Collaborative annual highlight event of the four National Cyber Security Programme (NCSP)-sponsored cyber security Research Institutes (RISCS, VETSS, RITICS, The Research Institute in Hardware Security). The purpose of the conference is to present this leading edge initiative and its outcomes to decision-makers and leaders from academia, government and industry
Year(s) Of Engagement Activity 2017
 
Description UK Delegation to the ITU Plenipot 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Policymakers/politicians
Results and Impact I participated as a member of the UK delegation to this meeting providing support on IoT and cyber security.
Year(s) Of Engagement Activity 2018
 
Description UN Internet Governance Forum Roundtable on the Whois Database and CERTs 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact Together with APNIC, we designed and hosted a panel discussion at the 2018 UN Internet Governance Forum on the changes in access for CERTs to the Whois Database under the GDPR. We engaged with ICANN, FIRST, human rights NGOs and international lawyers. As a consequence of the discussion, ICANN agreed to look at differentiated access to Whois for CERTs.
Year(s) Of Engagement Activity 2018
URL https://www.intgovforum.org/multilingual/content/igf-2018-day-3-salle-ix-ws50-who-is-collected-discl...
 
Description UNESCO High Level Futures Literacy Summit 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Policymakers/politicians
Results and Impact A live webinar and presentation at the UNESCO Future Literacy Summit on RISCS Cyber Security Futures. A panel discussion followed the presentation.
Year(s) Of Engagement Activity 2021
 
Description Uncertainty & Complexity in the Internet of Things: Analysis of the IoT Smart Family Workshop 
Form Of Engagement Activity Engagement focused website, blog or social media channel
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact RISCS is focused on giving organisations more evidence, to allow them to make better decisions, leading to the development of cybersecurity as a science. It collects evidence about what degree of risk mitigation can be achieved through a particular method - not just the costs of its introduction, but ongoing costs such as the impact on productivity - so that the total cost of ownership can be balanced against the risk mitigation that has been achieved. RISCS's main goal is to move security from common, established practice to an evidence-based practice.
On May 24, 2018, RISCS held a workshop in London that looked at highly complex decision-making. It followed on from the previous day's look at the utility of cyber security metrics. On Day 2, we asked, "What happens when levels of complexity and uncertainty go beyond the capabilities of cyber metrics?"
Year(s) Of Engagement Activity 2018
URL https://www.riscs.org.uk/wp-content/uploads/2018/08/20180722-Smart-Family-IoT-workshop-24May18-analy...
 
Description Workshop on Cyber Risk at the ACE-CSR Conference 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact Jointly designed and delivered a workshop on emerging risks in the IoT with colleagues from Warwick University. Generated data for a report which will be circulated to all participants and which will feed into wider views about emerging risk.
Year(s) Of Engagement Activity 2018