Evaluating Cyber Security Evidence for Policy Advice: The Other Human Dimension

Lead Research Organisation: Cardiff University
Department Name: Cardiff Law School

Abstract

The quality of a state's capacity to respond to the challenges of cyber security is rapidly coming to be recognised as an important element of global competitiveness. This project seeks to understand the challenges faced by the UK's policy making community in interpreting, evaluating and understanding evidence about cyber security. Policy makers, sometimes with little relevant expertise and often in time-critical scenarios, are asked to assess evidence from a mix of sources including official threat intelligence, academic sources, and industry threat reports. Such a diverse evidence base is then used to make judgments on threat, risk, mitigation and consequences, and offer advice shaping the national regulatory landscape, foreign and domestic security policy, and a range of public and private sector initiatives. This element of the human dimension has significant relevance for the cyber security of the UK and is the main focus of this proposal.

Assessment of evidence is a particular problem for policy making in this context for three reasons:

First, some of the evidence is contradictory and/or potentially carries within it particular agendas or goals that may impede upon its rigour and reliability. The 'politicisation' of cyber security evidence is increasingly problematic as states sometimes privilege threat intelligence from sources located within their sovereign borders rather than based on the quality of the research they produce;

Secondly, it has proven to be extremely difficult to conclusively attribute cyber attacks and to quantify the cost of cyber insecurity. These challenges mean that evidence can only support policy makers' decisions and evaluation of cyber security risks, threats and consequences to an extent;

Finally, the landscape of cyber security is developing rapidly and spans many issue areas including national security, human rights, commercial concerns, and related infrastructure vulnerabilities. Consequently, policy makers must work to balance a range of sometimes conflicting interests that compete for attention and they must do so in a field with little precedent to draw upon.

When exploring the problems (and possible remedies) of the human dimension of cyber security, many focus on end users. While this is important, equally important is the human dimension of decision making and advice offered by civil servants who collectively influence policy level responses to cyber threats. This project focuses on policy makers in the UK, specifically those civil servants who provide short and long term policy advice, either in response to specific crisis incidents or in the context of longer term planning for capacity building. This cohort is of particular importance given:

- the unique set of technological, behavioural and policy challenges they currently face. They are a relatively small and disparate group, possessing varying levels of technical and behavioural experience;
- their responsibility and impact goes well beyond their own organisations to shape the national and international landscape; and finally,
- the lack of research to support this particular community, either in identifying specific challenges they face or in developing more effective mechanisms for doing so.

This leads to several questions: what evidence do UK policy makers rely upon in this context? What is the quality of that evidence? How effective are the judgements about threats, risks, mitigation and consequences based on that evidence? Understanding how UK policy makers select evidence, why they privilege one source over another, and how adept they are at recognising possible weaknesses or flaws in evidence is central to addressing these questions.

Planned Impact

The project stands to benefit the following groups; academia (as outlined in the Academic Beneficiaries section), UK and global policy makers, and university teachers and students.

UK Policy Makers:
For UK policy makers, WP 4.3 provides direct input to various government entities through a number of policy briefings (up to five) with the participants of the policy crisis games and any of their colleagues who wish to attend. This kind of small group briefing will allow for maximum knowledge transfer as there will be a facilitated question and answer session. Identified HMG departments include the GCHQ, DCMS, DCLG, MoD and FCO. Briefings will be coordinated for delivery at convenient venues for maximum participation.

The project also delivers impact through professional development of the participants of the cyber policy crisis game. Rehearsing them for crisis response is not the focus of the game but it will be an outcome nonetheless. In addition, they will gain insight into their own work practices, path dependencies and preferences that will help them to develop a professional self-awareness and critical approach to their work. Relevant users with whom we have had discussions about the direct benefits to their staff include GCHQ/CESG, DCMS, DCLG, Foreign Commonwealth Office, CERT UK, the Cabinet Office, Ministry of Defence and the Centre for Cyber Assessment, the letters of support from some of whom are attached as confirmation.

Global Policy Makers:
In terms of global policy makers, the focus of WP 3.2 is to develop the findings of the project into a framework for assessment that can be used in an ongoing process of evaluating and supporting cyber policy advisors in the UK but also for the private sector (at board level) and as a capacity building program for those in other countries. Part of the UK's National Cyber Security Strategy is to build capacity in key countries. By equipping policy advisors in other countries to better assess threat, risk and consequences from their own and shared evidence bases, the UK can effectively enhance its own capacity to address the human factor in cyber security.

University teachers and students:
University teachers and students will benefit from the curriculum development and pedagogical sharing that is built into the project. The PI has developed a new multi-disciplinary Masters in Digital Technologies and Global Politics to be delivered at Cardiff University from September 2017. One of the core modules is Cyber Security: Strategy, Policy and Regulation which was written to fulfil aspects of the GCHQ Cyber Security accreditation requirements. The research findings from this project will inform the teaching of this module and given that many of the applicants will be considering working in policy positions, there is a valuable continuum of knowledge transfer through the project and onto the next generation of UK cyber security policy makers. The Co-PI is involved in teaching an Ethical Hacking and Cyber Security module at Coventry University, and will incorporate elements of the policy game into capture the flag (CTF) exercises already conducted to inform the student experience on non-technical issues around social acceptability, public policy, and law. The scenarios from the policy crisis game will be annotated and posted on the project website for others to use and adapt in their teaching.

Related Projects

Project Reference Relationship Related To Start End Award Value
EP/P011691/1 01/06/2017 30/09/2017 £234,075
EP/P011691/2 Transfer EP/P011691/1 01/10/2017 31/10/2019 £202,589
 
Title Map of the UK Cyber Security Governance Landscape 
Description A map of the UK cybersecurity governance landscape was created both in print and digitally by combining data mining with visual software to represent governance structures. By utilising Mindjet MindManager to map governance and policy structure of the UK cybersecurity policy community - through the trawling of websites to gather data - a full visual map was created in order to assist policymakers and provide a structural understanding of the UK cybersecurity governance community for researchers and the public. 
Type Of Art Artefact (including digital) 
Year Produced 2018 
Impact A number of policymakers have proposed collaboration opportunities to the ECSEPA team to help them adapt and develop smaller, segmented maps for use within five individual Departments and also the possibility of extending the project. Subsequently, the team have visited their offices in Whitehall after the workshop to further discuss funding and logistics planning for the prospective collaborations. For example, some Departments have suggested putting the print version of the map on their office wall for training new staff, while others have expressed interest in building capabilities that would allow the digital version to be sustained indefinitely - both as an internal tool for briefing within departments and showcased externally to the public as an interactive educational resource. 
URL http://ecsepa.coventry.ac.uk/ecsepa-mapping-exercise/
 
Description The organisation of cyber security policy making across HMG is far more complex and multi-faceted than previously understood. A key factor that makes this challenging is that portfolios, programs and departments use the term 'cyber security' to refer to a wide range of practices from data protection to network infrastructure to economic prosperity.
Exploitation Route Our findings to date will inform academic approaches to the organization of cyber security policy making in large states. They will also form the basis for practitioner guidelines about enhancing cyber security policy makers' capacity to understand the ecosystem in which they operate and their evaluation of evidence.
Sectors Digital/Communication/Information Technologies (including Software),Security and Diplomacy

URL http://ecsepa.coventry.ac.uk
 
Description Our work on mapping the cyber policy landscape in the UK has been circulated and validated within HMG providing critical insight into the ways in which this issue is organized across government. In addition, the map was recommended by the George Marshall European Security Center as 'best practice' to a cohort of >50 international cyber security experts during a training program. To be confirmed. Unable to complete due to system error.
First Year Of Impact 2017
Sector Digital/Communication/Information Technologies (including Software),Security and Diplomacy
Impact Types Policy & public services

 
Description Citation in Parliament Report
Geographic Reach National 
Policy Influence Type Citation in other policy documents
Impact The following are excerpts from the Report citing Madeline's testimony: Participants in the early-career experts roundtable said the threshold for conflict had been lowered in part due to the difficulty of attributing actions in cyberspace to specific state actors. Dr Carr said that while it was often possible to attribute the geographic source of a cyber incident, i.e. to a specific location on the planet, it "can be very difficult or impossible to attribute cyber incidents conclusively to an actor". p32 Dr Carr thought that "Digital technologies have fundamentally undermined the social nature of international relations because of the capacity for anonymity and the problems that attribution brings". The "mechanisms that we use to address challenges-diplomacy, international law, political conflict-all rest on the fundamental principle that we know who we are engaging with and we understand that there is that social element to international relations." She viewed "that difficulty of not knowing who we are interacting with" as "the most challenging aspect of international relations in the information age" p38 The positions of Russia and China were a fourth factor. Dr Carr said that for 20 years, "Russia and later China have been calling for an international treaty, arguing that there is a need for some hard law and agreement on what is acceptable state behaviour in cyberspace." p41 Dr Carr identified a fifth complication: while states have agreed that international law applies in cyberspace, "they have been unable to agree how to apply it. There has been no consensus on what constitutes the use of force or an armed attack, in part because cyberspace does not have this physical dimension." p41 The choice of international forum to deliberate on international cyber issues was a sixth issue. Dr Carr said that "many of these forums we are talking about [have] old, existing cybersecurity problems [and] no capacity to understand the future problems that are either imminent or in the near future." She said the UN was "probably not agile enough to deal with those foresight problems." p41
URL https://publications.parliament.uk/pa/ld201719/ldselect/ldintrel/250/250.pdf
 
Description Expert witness testimony at the UK Parliament
Geographic Reach National 
Policy Influence Type Gave evidence to a government review
Impact ECSEPA PI Dr Madeline Carr gave evidence as an expert witness to the House of Lords Select International Relations Committee on 28 February 2018, which was broadcast live on Parliament TV (https://www.parliament.uk/business/committees/committees-a-z/lords-select/international-relations-committee/news-parliament-2017/fletcher-et-al/). The subject of the Hearing was 'Foreign policy in changed world conditions', which focused on cyber technology and security in international relations. The Rt Hon Lord John Reid had an exchange with Madeline and commented on her statement about the technical difficulty of cyberattack attribution by saying that "the point that has just been made was a fascinating one". The excerpt can be watched from the online video recording in the URL below between 11:58:30 - 12:02:00 minutes.
URL http://www.parliamentlive.tv/Event/Index/ff16d400-c52d-4ecf-8559-b0bee1377f18
 
Description RISCS Small Grants
Amount £49,536 (GBP)
Organisation Government Communications Headquarters (GCHQ) 
Sector Public
Country United Kingdom
Start 11/2017 
End 03/2018
 
Title Computational and corpus linguistics threat analysis 
Description The ECSEPA team have been using computational tools to develop a database of frequently used linguistic features from the UK National Cyber Security Centre's (NCSC) weekly threat reports. We have established a baseline of terms and phrases which we will then apply to other evidentiary sources that UK policy makers draw upon. We built this baseline through a pilot reader response study we conducted in 2017 with a cohort of UCL STEaPP master's students, where we used a selected set of "linguistically interesting" threat reports to see how they evaluate, interpret and assess the information contained within them - the aim being to get a better understanding of how linguistic choices influence reader perceptions. We identified and measured some of the linguistic queues that influenced the way they engaged with the reports such as keywords, lexical bundles and semantic groups. For example, when compared with all other threat reports combined, there were certain reports which contained a significantly higher frequency of positive emotion words or personal pronouns, while other reports contained a lot of modality or stance markers. In terms of the tools used for this method, Sketch Engine was used to examine words, terms and collocational patterns. Wmatrix was used to look at "Keyness" (words and semantic domains which are statistically overused or underused in each threat report when compared with a reference corpus - in this case the British National Corpus). LIWC (Linguistic Inquiry and Word Count) was used to identify the percentage of negative and positive emotion words, analytic words, adjectives, cognitive processes, and so on. 
Type Of Material Improvements to research infrastructure 
Year Produced 2018 
Provided To Others? No  
Impact The methodology developed through the pilot study will be used to analyse the results of the policy crisis game to be conducted in September 2018. Therefore, the research method has not created any notable impact yet. 
 
Title ECSEPA Mapping Exercise 
Description A new technique and iterative approach to researching and understanding policy frameworks/communities/domains was used to develop a map of the UK cybersecurity governance landscape through the Mindjet software. The Government websites were seminal to the process, which began with the National Cyber Security Centre website and nodes were created in the structure deduced from the information provided on the website. Then, the focus moved outwards to other Departments and agencies in the Government. Throughout this process connections between programmes, units, and departments became more evident and these were also drawn on through the 'relationships' tool. This process for such a widely ranging policy issue like cyber security is extremely ad hoc in discovering new programmes and teams within departments. Many of these were derived from third party sources such as an official press release as opposed to a programme or unit website. Furthermore, the nature of the policy issue is consistently shaping and re-shaping the security landscape, and the Government reacts to these changes. Thus, the map is constantly shifting in structure to accurately represent the different outputs/teams/departments with cybersecurity programmes or teams. Through this iterative methodology allowances of accuracy must be made due to the available information from URL sources, especially those from such a large entity like the UK Government. Often the information on URLs are outdated as a result of the consistently changing structures and programmes within HMG, therefore it is not possible to obtain complete accuracy. However, the mapping of alternative policy issues may be easier. For instance, the mapping of the environmental policy network does not shift so quickly because current Government emphasis on policy and security is directed towards cybersecurity and not the environment. Furthermore, each department does not create environmental policies and thus the map will be smaller and more organised. The composition of the map (complexity, scope, etc.) will depend largely on the nature of the policy issue and its organisation/emphasis within the Government. After the HTML map was generated a commenting function was coded into the map in order to allow users to individually comment on the accuracy of the map, thereby enabling faster validation. This was created by the ECSEPA team who also assessed the map for further iterations and liaised with an external graphic designer to create an interactive, user-friendly web version. 
Type Of Material Improvements to research infrastructure 
Year Produced 2018 
Provided To Others? No  
Impact Through this new technique readily available mind mapping tools can be used to generate visually accessible policy network analysis and be exported in several useful formats. The most important and useful exporting format is HTML, whereby a user can interact with the map through opening/closing nodes, attaching URL links, documents, and notes to each node which enable enhanced accessibility. This can significantly increase the impact of research by exploring network analysis and provide a comprehensive tool for readers/users, which could significantly change how academics carry out policy network analysis. This software enables a tangible visual representation of organisational structure, allowing for more in-depth analysis of networks but also provide a usable product that could be significant to their research design and outputs. This method could also provide a step in the creation of widely distributed maps. For example, through the Mindjet software a basic map was created with all essential information, structures and links, and the next step is to provide a graphic designer with the map to create a more marketable and user-friendly version as we have done in our research. Such maps have been very well-received by the Government as a potential skills, training, and educational tool for staff working in the public and private sectors. It is also regarded as a useful product for the general public to learn about what the cybersecurity landscape looks like within the Government and how its governance is being carried out. 
URL https://www.mindjet.com/
 
Title ECSEPA policy crisis game: table top cybersecurity policy game framework 
Description The ECSEPA team developed a game model which uses a table top escalating incident response game scenarios with a mixed set of evidence items, along with an assessment framework that compares expert assessment of cybersecurity evidence to participant response to the scenarios. This tool will support policymakers in their judgement of the quality of evidence items when they are faced with conflicting evidence under time constraints, aimed at ultimately leading to better decision making under uncertainty. 
Type Of Material Improvements to research infrastructure 
Year Produced 2019 
Provided To Others? No  
Impact None yet, though the ECSEPA team is discussing with MHCLG and Cabinet Office how to deploy the game so that the government can make use of this tool as part of their coordinate cyber incident response exercises conducted with local authorities. 
URL https://www.ucl.ac.uk/steapp/news/2019/feb/ecsepa-policy-crisis-game
 
Title Evidence Quality Assessment Model (EQAM) 
Description The ECSEPA team constructed the EQAM that effectively evaluates evidence fitness and credibility in the context of cybersecurity policy using key variables and attributes. The model is divided into four quadrants with evidence credibility on x-axis and evidence sources on y-axis. The evidence is represented in one of these quadrants based on the evidence quality result from a set of defined variables. In the first quadrant (Q1), the evidence may be using various data sources but elements such as opinions and source distrust may result in less credibility, yet the value of coverage or scope of data can be observed. The second quadrant (Q2) is considered most desirable since it represents evidence has great coverage in terms of trusted and verifiable sources and is highly supported by facts, transparent methodology and effectively communicates the associated risks. The evidence in third quadrant (Q3) shows higher credibility but has less or insufficient source coverage. This could mean expert knowledge or evidence received from human intelligence which is highly credible and authentic but has fewer sources. The fourth quadrant (Q4) is least desirable, representing untested views, biases or opinions and distrust on the evidence sources. 
Type Of Material Improvements to research infrastructure 
Year Produced 2018 
Provided To Others? Yes  
Impact ECSEPA team member Mr Atif Hussain attended the "Twelfth Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection" held in Arlington, US, on 12-14 March 2018 to present our paper of which he is the lead author. The paper is titled: 'An Evidence Quality Assessment Model for Cybersecurity Policymaking.' The purpose was to obtain feedback on the evidence model that we are building to improve it and incorporate it into the ECSEPA policy crisis game design. The conference was also an opportunity contribute our novel methodology and preliminary findings to the field of critical national infrastructure protection by engaging with policymakers, practitioners, and academics who are technical specialists and experts on the subject matter. 
 
Title Database of UK Government cybersecurity policy 
Description Using open source data from the internet, ECSEPA team members have mined the internet to create databases both in spreadsheet format and mindmap format of all relevant policy documents of UK Government cybersecurity and the functions and positions/roles associated with the organisational departments, agencies, and units involved in this field. 
Type Of Material Database/Collection of data 
Year Produced 2018 
Provided To Others? No  
Impact The type of data mined from open sources stored in such databases could potentially be transferred into other fields of research, where the data could be used to construct and subsequently explore policy networks to allow in-depth analysis of the changes that have taken place within the policymaking landscape and its associated governance issues. 
 
Description Oxford OBOR-DES 
Organisation University of Oxford
Country United Kingdom 
Sector Academic/University 
PI Contribution ECSEPA member Dr Alex Chung joined the Oxford University One Belt One Road Digital Economy & Society (OBOR-DES) Programme as the coordinator. OBOR-DES was launched at the Oxford University OBOR Summit 2017, an international conference, on 13-14 September (https://www.law.ox.ac.uk/events/obor-summit). As the coordinator, Alex organised the two-day conference and co-chaired the Digital Economy session by putting together a panel of six speakers. The event was covered and published by international news media outlets (including the official news agency of China, Xinhua News) and also on the website of the Oxford University Law Faculty where the event was held. Podcast and presentation slides from the conference are available on the Oxford OBOR website, and the papers from the talks are to be published later in 2018.
Collaborator Contribution The OBOR-DES programme provides a platform from which future activities relevant to ECSEPA can be launched. For example, Alex has been invited to speak as an ECSEPA member and UCL STEaPP researcher at the 9th Meeting of the United Nations Conference on Trade and Development Research Partnership Platform in Geneva in July 2018 (http://unctad.org/en/Pages/MeetingDetails.aspx?meetingid=1704). The topics covered by the session includes policies, best practices, and anti-competitive law and practices concerning the digital economy, sharing economy, and cybersecurity.
Impact This is a multi-disciplinary collaboration as the scope of both ECSEPA and OBOR-DES covers a number of subjects situated within the wider academic divisions of sciences, social sciences, and humanities subjects. A list of outcomes arising from this collaboration can be found below: 1). https://www.law.ox.ac.uk/news/2017-09-17-update-obor-summit-2017-programme-launch-event 2). https://www.law.ox.ac.uk/one-belt-one-road/obor-pr 3). https://www.law.ox.ac.uk/news/2017-08-18-press-interview-obor-launch-event-obor-summit-2017 4). http://www.oboreurope.com/en/belt-road-initiative-oxford/ 5). http://www.globaltimes.cn/content/1062423.shtml 6). http://www.xinhuanet.com/english/2017-09/14/c_136607522.htm 7). http://www.xinhuanet.com/world/2017-09/13/c_1121659467.htm 8). http://ydyl.people.com.cn/n1/2017/0811/c411837-29465635.html
Start Year 2017
 
Description RAI 
Organisation Royal Anthropological Institute
Country United Kingdom 
Sector Charity/Non Profit 
PI Contribution ECSEPA members and UCL members are interested in joining the Royal Anthropological Institute (RAI).
Collaborator Contribution The RAI has provided and will continue to provide venue space and meeting facilities at their building in central London for the regular bi-monthly ECSEPA stakeholder project meetings, which would otherwise normally cost £350 per session for room hire by non-members of the RAI. The RAI is informed about the aims and objectives of the ECSEPA project and is supportive of the use of their venue for the purpose of our research gatherings.
Impact The collaboration is multi-disciplinary as the RAI's work falls under humanities division whereas ECSEPA research sits within both sciences and social sciences subjects. The ECSEPA team has held regular stakeholder project meetings at the RAI, through which they have received constructive feedback from the stakeholder groups by validating the preliminary findings and improving the methodological approach of the project. The comments received by the team during these events and gatherings have been extremely useful in shaping the trajectory of the project; the stakeholders have found the preliminary findings valuable to the work of their organisations.
Start Year 2017
 
Description RISCS 
Organisation Research Institute in Science of Cyber Security
Country United Kingdom 
Sector Learned Society 
PI Contribution ECSEPA PI Dr Madeline Carr was appointed the Interim Director of the Research Institute in Science of Cyber Security (RISCS) in January 2018. Since 2017, Madeline and the ECSEPA team have contributed to the knowledge base and diversified the research portfolio of RISCS by becoming part of the research network and participating in its events. Madeline will take on the responsibility of leading the Institute's research work and coordinating its forthcoming events. Alex has taken on a managerial role in RISCS since February 2019.
Collaborator Contribution RISCS has been very supportive toward ECSEPA by providing a network of expertise and contacts to draw on for the fieldwork and consultation portions of the project, as well as logistical assistance with the ECSEPA Mapping Validation workshop such as helping to find and book a venue in central London. As a not-for-profit organisation at the forefront of cybersecurity research in the UK, RISCS is a superbly valuable platform on which ECSEPA is able to present and publicise its work to both national and international audiences, including via a RISCS workshop held in June 2017 and a series of RISCS blogs on the ECSEPA rationale and its work in progress.
Impact Please see the other ResearchFish sections for the RISCS blog entries and Home Office/RISCS Cybercrime call for proposals, as well as the Mapping Exercise further funding involving RISCS which was successfully won by the ECSEPA team.
Start Year 2017
 
Description SHOC RUSI 
Organisation Royal United Services Institute
Country United Kingdom 
Sector Charity/Non Profit 
PI Contribution ECSEPA member Dr Alex Chung has contributed to SHOC RUSI by attending invite-only workshops for members and practitioners on the topics of organised and cyber crime research. For example, Alex has participated in a roundtable discussion on 20 July 2017 titled 'The Serious & Organised Crime Threat facing the UK', where SHOC members and representatives from the National Crime Agency discussed the effectiveness of the UK Serious & Organised Crime Strategy (https://shoc.rusi.org/informer/shoc-workshop-summary-%E2%80%93-serious-and-organised-crime-threat-uk-and-our-strategic-response).
Collaborator Contribution RUSI has provided invaluable support throughout the ECSEPA data collection process in two ways: some of the law enforcement contacts were recruited for project interviews through networking at relevant RUSI events on organised crime and security topics, while others were provided directly by RUSI at the request of Alex as an expert member of the research network. The cyber team at RUSI has also offered research and logistical assistance for future joint ECSEPA events and potential research collaborations.
Impact At least five direct contacts and intermediary contacts have been acquired during the fieldwork which resulted in successful ECSEPA interviews being conducted (please see above for details).
Start Year 2017
 
Description 22 Oct 2018 RUSI round-table workshop on JUEST Network Launch: Towards a Comprehensive UK-EU Security Treaty 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact On 22 October, Alex attended RUSI's Strategic Hub for Organised Crime Research (SHOC) event in collaboration with Aston University and Northumbria University to launch the UK-EU Security and Criminal Justice Cooperation (JUEST) Network. He shared ECSEPA's work in progress with the invited attendees (see below) during the roundtable discussions, including suggesting mapping out the complex Brexit landscape as a a way of better understanding what's at stake, modelled on ECSEPA's mapping exercise. The suggestion was well-received. He also discussed the main evidence portion of ECSEPA with various attendees.

The JUEST network encourages multidisciplinary research and engagement to influence, irrespective of the course Brexit takes, the future development of strong and sustainable EU-UK security and criminal justice cooperation. Whilst the Network is politically neutral, researchers will be united by a common goal: encouraging the creation of a treaty capable of responding to an ever-changing security landscape.

The event brought together around 30 academics, parliamentarians and public officials with the aim of establishing what policymakers need from the academic community, and what the academic community can offer to policymakers during the treaty drafting process. The focus will be on elements of the treaty covering cross-border security arrangements, exchange of information and operational cooperation to combat transnational organised crime. However, discussion will also extend to defence cooperation, among other topics.

Speakers included Lord Jay of Ewelme, Chair of the House of Lords EU Home Affairs Sub-Committee; Alex Ellis, Director General at the Department for Exiting the European Union (DExEU); Dr Helena Farrand-Carrapico, Co-Director of the Aston Centre for Europe, Aston University; and Professor Tim J Wilson, Northumbria Law School, Northumbria University.
Year(s) Of Engagement Activity 2018
URL https://shoc.rusi.org/events/juest-network-launch-towards-comprehensive-uk-eu-security-treaty?utm_so...
 
Description A series of meetings between February 2018 and March 2019 with institutional stakeholders in HMG to discuss collaboration on mapping 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact A series of meetings (see list below) between February and July 2018 with institutional stakeholders in HMG to discuss collaboration on mapping. As a result, we are now planning joint activities that will take place in late 2018 and throughout 2019.

• Parliamentary Office of Science and Technology, July 2018
• Ministry of Housing, Communities and Local Government, July 2018
• Bank of England, July 2018
• National Police Chiefs' Council (Modernising Justice Conference), June 2018
• Mayor's Office for Policing and Crime, March 2018
• Department of Digital, Culture, Media and Sports, March 2018
• Ministry of Defence, February 2018
Year(s) Of Engagement Activity 2018,2019
 
Description Advisory meeting with Canadian Chief Science Advisor at the Canadian High Commission in the UK 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Policymakers/politicians
Results and Impact ECSEPA member Dr Alex Chung participated in a round-table discussion with Canada's Chief Science Advisor, Dr Mona Nemer, on 9 February 2018. Organised by the Canadian High Commission in the UK, the event took place in Canada House in London. Dr Nemer asked the eight young researchers for recommendations to take back to the Prime Minister of Canada, Justin Trudeau on what Canada can learn from the UK's research and education systems. In particular, she sought advice on how the experience of Canadian scholars who are currently conducting science-related research in the UK, and those who seek to come to the UK, could be enhanced. The scholars unanimously agreed upon one potential area of improvement, which is to focus on channels of communication for academic funding opportunities between the two countries through networks of information sharing and exchange coordinated by the High Commission and jointly facilitated by partnering academic institutions. Alex highlighted the need for overseas funding programmes aimed at interdisciplinary studies with a combined science and public policy focus, citing the example of the Science, Technology, and Engineering Policy Advice Module within the Master's in Public Administration degree programme offered by UCL STEaPP. Two weeks after the meeting, Prime Minister Justin Trudeau's administration released its 2018 budget on 27 February. It includes almost CAD$4 billion (US$3.1 billion) in new funding for science over the next five years, a large portion of which is aimed at supporting research that is "international, interdisciplinary, fast-breaking and higher-risk", and much of which will be reserved for early and mid-career researchers. (https://www.nature.com/articles/d41586-018-02529-6)
Year(s) Of Engagement Activity 2018
URL https://www.law.ox.ac.uk/news/2018-02-11-canadian-chief-science-advisor
 
Description BBC Radio interview on NCSC attribution of cyber attacks to Russia 
Form Of Engagement Activity A broadcast e.g. TV/radio/film/podcast (other than news/press)
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Media (as a channel to the public)
Results and Impact BBC Radio interview on NCSC attribution of cyber attacks to Russia
Year(s) Of Engagement Activity 2018
 
Description Digital Policy Lab talk on ECSEPA project at UCL STEaPP to new MPA cohort 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Postgraduate students
Results and Impact On 27 September, the Digital Policy Lab showcased projects undertaken by researchers currently at UCL STEaPP. Alex Chung gave a talk that provided an overview of the ECSEPA project.
Year(s) Of Engagement Activity 2018
 
Description ECSEPA Cyber Security Mapping Validation Workshop 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact The ECSEPA team held a Mapping Validation Workshop on 8 February 2018 at The Wesley Hotel in Euston, London. The event brought together policymakers working in cybersecurity across the UK Government to discuss how best to represent our 'Map of the UK Cyber Security Governance Landscape.' Participants included those working at the forefront of the UK's cybersecurity policy issues from Cabinet Office, Foreign & Commonwealth Office (FCO), Ministry of Housing, Communities & Local Government (MHCLG), Her Majesty's Revenue & Customs (HMRC), Department of Digital, Culture, Media & Sports (DCMS), and many more.

At the workshop we presented our key findings, discussed map functionality and posed map usability questions to the audience who provided insight into the challenges the Government face in cybersecurity governance. The majority of the time was spent on roundtable discussions critiquing and refining the maps' accuracy, utility and design. Using an A0 map in print, policymakers were able to draw directly onto the maps whilst discussing with each other how their respective Departments interact with one another on cybersecurity policy. A number of policymakers also proposed collaboration opportunities to the team to help them adapt and develop smaller, segmented maps for use within five individual Departments and also the possibility of extending the project. Subsequently, we were invited to their offices in Whitehall after the workshop to further discuss funding and logistics planning for the prospective collaborations.

Representatives from academia were also present at the workshop, which included EPSRC Senior Portfolio Manager Dr Miriam Dowle, as well as two researchers from UCL's Department of Geography: Dr Artemis Skarlatidou who works in Human Computer Interaction and User Experience, and PhD candidate Alex Papadopoulos who specialises in Human Computer Interaction and Spatial Data. Through their input and conversation with policymakers, we developed a comprehensive list of findings to be incorporated into the map as it progresses onto the next stage of graphic design.
Year(s) Of Engagement Activity 2018
URL http://ecsepa.coventry.ac.uk/ecsepa-mapping-validation-workshop-2/
 
Description ECSEPA Policy Crisis Game 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact The ECSEPA team conducted a one-day policy crisis game on 21 February with 20 participants from the UK policy community.
Year(s) Of Engagement Activity 2019
URL https://www.ucl.ac.uk/steapp/news/2019/feb/ecsepa-policy-crisis-game
 
Description ECSEPA Policy Crisis Game on STEaPP Blog 
Form Of Engagement Activity Engagement focused website, blog or social media channel
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Public/other audiences
Results and Impact Alex and Madeline wrote a blog entry by ECSEPA team members dated 25 February 2019 (forthcoming on STEaPP website) described the objectives and running of the ECESPA Policy Crisis Game, the headlining event of the ECSEPA project aimed at data collection.
Year(s) Of Engagement Activity 2019
URL http://ecsepa.coventry.ac.uk/ecsepa-game-invite/
 
Description ECSEPA on RISCS Blog 
Form Of Engagement Activity Engagement focused website, blog or social media channel
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Other audiences
Results and Impact The blog entry by the Research Institute in Science of Cyber Security (RISCS) dated 3 July 2017 reports on a talk on the project overview delivered by the ECSEPA team during a RISCS workshop in June 2017. The attendees of the workshop comprise of researchers, policymakers, and practitioners at the forefront of the UK cybersecurity research. The regular audience of and potential visitors to the RISCS online blog spans a wide range of background as shown by the answer to the 'other audiences' question above. The blog entry was also instrumental to the recruitment phase of ECSEPA where new contacts (senior-level policymakers) would use the website to confirm the bona fides of the project and the researchers. In addition, the blog has also featured project PI Dr Madeline Carr in an entry created in November 2017 (https://www.riscs.org.uk/2017/11/10/madeline-carr-its-about-power/).
Year(s) Of Engagement Activity 2017
URL https://www.riscs.org.uk/2017/07/03/the-other-human-dimension/
 
Description ECSEPA website hosted by Coventry 
Form Of Engagement Activity Engagement focused website, blog or social media channel
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Policymakers/politicians
Results and Impact The ECSEPA project website was created in October 2017 by Coventry University, the home institution of the project Co-I, Professor Siraj Shaikh, Mr Atif Hussain, and Dr Emma Moreton. The purpose is to maintain an online presence for the project through an overview of the study and its associated research activities. The main Coventry University website and its affiliated research project webpages are regularly visited by a wide-ranging set of audience from around the world as shown by the answer to the question above. It is a particularly useful tool for advertising our study for the purpose of recruiting potential participants, since an official institutional website adds to the bona fides of ECSEPA due to the need to forge new contacts with senior-level policymakers who often use the website to double-check the credentials of the researchers and the legitimacy of the project.
Year(s) Of Engagement Activity 2017,2018
URL http://ecsepa.coventry.ac.uk/
 
Description ECSEPA website hosted by UCL STEaPP 
Form Of Engagement Activity Engagement focused website, blog or social media channel
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Media (as a channel to the public)
Results and Impact The ECSEPA project website was created in November 2017 by University College London, Department of Science, Technology, Engineering and Public Policy (UCL STEaPP), the home institution of the project PI, Dr Madeline Carr and team members Dr Alex Chung and Ms Sneha Dawda. The purpose is to maintain an online presence for the project through an overview of the study and its associated research activities. The main UCL STEaPP departmental website and its affiliated research project webpages are regularly visited by a wide-ranging set of audience from around the world as shown by the answer to the question above. It is a particularly useful tool for advertising our study for the purpose of recruiting potential participants, since an official institutional website adds to the bona fides of ECSEPA due to the need to forge new contacts with senior-level policymakers who often use the website to double-check the credentials of the researchers and the legitimacy of the project.
Year(s) Of Engagement Activity 2017,2018
URL https://www.ucl.ac.uk/steapp/research/projects/ecsepa
 
Description ECSEPA_Presentation to Cabinet Office_ 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact Presented research findings of the mapping exercise to the Public Sector Cyber Security Working Group lead by Cabinet Office.
Year(s) Of Engagement Activity 2018
 
Description Evidence Initiative Launch Event by The Economist and Pew Trust at theThe Economist Group and The Pew Charitable Trusts on October 11th, 2018 at The Kensington Palace Pavilion 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Third sector organisations
Results and Impact Alex attended launch event by The Economist Group and The Pew Charitable Trusts on October 11th, 2018 at The Kensington Palace Pavilion. The event explored the relationship between individuals and the information they use to form opinions, and to pose the question: how can we shape a future where facts and evidence are the basis upon which opinions are formed and actions are taken? Alex shared ECSEPA's work in progress with the invited attendees (see below) during the event, including the organisers from the Pew Trust and other charitable foundations.
Year(s) Of Engagement Activity 2018
URL https://events.economist.com/events-conferences/emea/evidenceinitiative-launchevent
 
Description First Cyber 9/12 Student Challenge in the UK 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Policymakers/politicians
Results and Impact ECSEPA members were part of a coaching team led by Dr Irina Brass (UCL STEaPP) that trained and accompanied four UCL students (three STEaPP MPAs and one PhD) to compete in Cyber 9/12 Challenge UK on 26-27 February 2018 in London, UK. In preparation for the competition, the team held three workshops and put together a training programme that helped the students to quickly gain familiarity with cybersecurity policy and international relations. One of the workshops also involved a senior practitioner/policymaker from the UK National Police Chiefs Council who advised the students on how serious incident response operations are managed at the highest levels of the UK Government in real-life crisis scenarios. During the competition, the UCL team were able to mobilise their diverse knowledge and skills in order to produce a rigorous assessment of a complex cyber threat to the UK's critical infrastructure, and to evaluate and recommend a preferred course of action to Central Government. On the first day of the two-day event, BBC Radio 4 Today show interviewed Paul Chichester, Director Operations at the UK National Cyber Security Centre about the competition. Participants on the judging panels and the competing teams not only included UK policymakers and practitioners (e.g. DCMS and Defence Academy) but also those from various European countries such as Sweden and bodies such as Europol.
Year(s) Of Engagement Activity 2018,2019
URL https://www.ucl.ac.uk/steapp/steapp-news-publication/2018/students-at-cyber-9-12-student-challenge
 
Description Future Directions in Cyber Crime Research 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact ECSEPA member Dr Alex Chung attended a workshop on 30 November 2017 that led directly to a multi-year research call that closed on March 8 2018. The workshop, held at the UK National Cyber Security Centre (NCSC) organised by the Research Institute in Science of Cyber Security (RISCS) and the Home Office, brought together policy makers, law enforcement and academics to discuss future research priorities and evidence gaps in relation to cyber crime. The topics for the round-table discussions included: 1) the scale, costs and consequences of cyber crime; 2) profiles and pathways into offending; 3) victimisation and how to improve cyber security behaviours amongst public and businesses; 4) effectiveness of interventions to prevent, deter and disrupt offending. The contributions made during this workshop and the findings led to the subsequent 'Call for Multi-Year Research Proposals: "Understanding cyber offenders, criminal careers and business models" in January 2018, which was funded by the UK National Cyber Security Programme (NCSP) and coordinated by the Home Office and RISCS (https://www.riscs.org.uk/wp-content/uploads/2018/01/Home-Office_multi-year-grant-call_Jan2018.pdf).
Year(s) Of Engagement Activity 2017
URL https://www.eventbrite.co.uk/e/future-directions-in-cyber-crime-research-registration-38726695589?ut...
 
Description GIG-ARTS 2018 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Policymakers/politicians
Results and Impact The ECSEPA team will present a paper at the Second European Multidisciplinary Conference on Global Internet Governance Actors, Regulations, Transactions and Strategies (GIG-ARTS 2018) from 26-27 April 2018 in Cardiff, Wales. The paper, based on the preliminary findings from ECSEPA, is titled: 'Overcoming Inequalities in Internet Governance: framing digital policy capacity building strategies'. The international conference will be attended by delegates from around the world, including academics, policymakers, and practitioners, with whom the team will exchange knowledge on the subject matters of cybersecurity policy and internet governance.
Year(s) Of Engagement Activity 2018
URL https://www-npa.lip6.fr/gig-arts/conference/
 
Description Global Cyberspace Peace Regime 2018 conference 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Policymakers/politicians
Results and Impact Madeline addressed the Global Cyberspace Peace Regime 2018 conference at the Foreign Ministry, South Korea in October on responding to cybersecurity threats.
Year(s) Of Engagement Activity 2018
URL https://twitter.com/MadelineCarr/status/1060039568177684480/photo/1
 
Description Government Security Group Public Sector Cyber Working Group 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact At the event in December, Madeline presented and discussed the ECSEPA mapping tool and exercise with policymakers.
Year(s) Of Engagement Activity 2018
 
Description ICCIP 2018 Conference Presentation 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact ECSEPA team member Mr Atif Hussain attended the "Twelfth Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection" held in Arlington, US, on 12-14 March 2018 to present our paper of which he is the lead author. The paper is titled: 'An Evidence Quality Assessment Model for Cybersecurity Policymaking.' The purpose was to obtain feedback on the evidence model that we are building to improve it and incorporate it into the ECSEPA policy crisis game design. The conference was also an opportunity contribute our novel methodology and preliminary findings to the field of critical national infrastructure protection by engaging with policymakers, practitioners, and academics who are technical specialists and experts on the subject matter.
Year(s) Of Engagement Activity 2018
URL http://www.ifip1110.org/Conferences/ConferenceProgram2018.pdf
 
Description Interview on ECSEPA for UCL STEaPP online blog 
Form Of Engagement Activity Engagement focused website, blog or social media channel
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Postgraduate students
Results and Impact The online blog entry published on 7 March 2018 is intended to help drive up the interest and enrolment numbers for UCL STEaPP's MPA degree course 2018-19 intake. It features an interview with ECSEPA member Dr Alex Chung on his experience working on the research project. In particular, it highlights how ECSEPA is unique in that it embodies STEaPP's impact-driven 'mode of research' - interdisciplinary research that tackles real-world challenges through co-design, co-production, and action research by engaging with policy actors.
Year(s) Of Engagement Activity 2018
URL https://www.ucl.ac.uk/steapp/research/projects/digital-policy-lab/featured-researcher/featured-resea...
 
Description Joint Research Institutes Summit 2019 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact Madeline and Alex participated in the first annual summit that brought together representatives from the UK Government, EPSRC, and the Directors and personnel of the four UK Research Institutes working in cybersecurity. The one-day event explored past achievements, areas for improvement, and future directions. They garnered the interests of the participants in the ECSEPA map and showed it to them. Further planning was undertaken to incorporate the map into RISCS as a research tool.
Year(s) Of Engagement Activity 2019
 
Description NCSC pilot policy crisis game 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact The ECSEPA team conducted a one-day validation pilot policy crisis game on 10 October with 9 NCSC experts.
Year(s) Of Engagement Activity 2018
 
Description National Cyber Security Centre: UK Cyber Security Research Institutes 2017 Conference 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact At the annual National Cyber Security Centre conference on 17 October 2017, which focused on "Delivering cybersecurity research with real-world impact" (NCSC quote), the ECSEPA team presented a poster with an overview of the project to elicit interest from policymakers to engage with the project. Our aim was to identify and recruit relevant policymakers from UK Government Departments to participate in the data collection process - interviews, online survey, and policy crisis game - and to showcase our project to the core UK academic and policy community working in cybersecurity. We were able to acquire the contacts of senior policy advisors across the UK Government and maintain our existing relationships with project stakeholders through this event to further the aims of the project.
Year(s) Of Engagement Activity 2017
URL http://ecsepa.coventry.ac.uk/cyber-security-annual-showcase-event/
 
Description RISCS community day workshop on incentives and impact 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact Madeline gave talks and chaired the RISCS workshop on 18 October, with the support of the NCSC, on cybersecurity incentives, research impact, and the Institute's future planning. The ECSEPA team distributed flyers for the ECSEPA main project, the mapping exercise, and the policy crisis game. The team also displayed an ECSEPA pull-up banner and engaged with various stakeholders to update the work in progress.
Year(s) Of Engagement Activity 2018
URL https://www.riscs.org.uk/2018/10/13/riscs-community-meeting-thursday-18th-october-2018/
 
Description RISCS workshop on cyber metrics 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact Madeline hosted a RISCS workshop on 23-24 May to gather views from experts on how cybersecurity can be measured and how to forecast future challenges in this area.
Year(s) Of Engagement Activity 2018
 
Description RUSI event: Robert Hannigan former GCHQ director 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact Stoked interest from industry professionals working between public and private sectors such as an Accenture government liaison officer in the ECSEPA map.
Year(s) Of Engagement Activity 2019
URL https://rusi.org/event/report-launch-creation-uk-national-cyber-security-centre?utm_source=RUSI+News...
 
Description STEaPP Chat video blog with UCL STEaPP MPA students on 20 February 2019 
Form Of Engagement Activity A broadcast e.g. TV/radio/film/podcast (other than news/press)
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Postgraduate students
Results and Impact The CryptoKitties speak about their experience participating in Cyber 9/12 student challenge with the training support provided by Madeline and Alex. Soon to be published on UCL STEaPP website.
Year(s) Of Engagement Activity 2019
 
Description Stakeholder Meetings 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact The ECSEPA team has held regular stakeholder project meetings - four formal group meetings and several informal one-to-one validation meetings -
since the project began (excluding the one-off mapping validation workshop under another ResearchFish entry). The purpose of these regular, bimonthly meetings, which is still on-going and will continue until the end of the project, is designed for the team to get constructive feedback from the stakeholder group comprising policymakers and practitioners through validating the preliminary findings and improving the methodological approach of the project. The comments received by the team during these events and gatherings have been extremely useful in shaping the trajectory of the project; the stakeholders have found the preliminary findings valuable to the work of their organisations.
Year(s) Of Engagement Activity 2017,2018
 
Description Think Cyber Think Resilience Autumn Showcases 2018 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact The ECSEPA team presented their work at the NCSP showcases 2018 in various UK cities as part of a series of interactive events organised by the Ministry of Housing, Communities and Local Government and iNetwork aimed to:
1. Raise awareness about the NCSP, explain the role of key national strategic partners and increase understanding of the importance of Cyber Resilience in localities
2. Provide locality leaders, policy makers and practitioners guidance on developing a cyber-aware culture within their organisations and across their partnerships
3. Offer guidance on where to go for further advice or training, supported by the NCSP Think Cyber Think Resilience Initiative
Year(s) Of Engagement Activity 2018
URL http://ecsepa.coventry.ac.uk/national-cyber-security-programme-autumn-showcases-2018/
 
Description Think Cyber Think Resilience Pathfinder Training 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact Atif and Alex participated in the Pathfinder exercise and training programmes arranged by Ministry of Housing, Communities and Local Government, iNetwork and Cabinet Office. in January and February. They distributed ECSEPA leaflets and recruited participants for the ECSEPA Game.
Year(s) Of Engagement Activity 2019
URL http://ecsepa.coventry.ac.uk/pathfinder-regional-multi-agency-cyber-exercise/
 
Description UCL STEaPP Digital Policy Laboratory Featured Researcher: Sneha Dawda 
Form Of Engagement Activity Engagement focused website, blog or social media channel
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Postgraduate students
Results and Impact The online blog entry published in February 2018 was intended to help drive up the interest and enrolment numbers for UCL STEaPP's MPA degree course for the 2018-19 intake. It features a piece by ECSEPA member Ms Sneha Dawda on her experience working on the Mapping Exercise portion of the research project. In particular, it highlights Sneha's unique combination of interdisciplinary background and innovative utilisation of mind-mapping tools to create a visual representation of the map. The piece also notes the importance of the internal mapping validation process by engaging with the relevant policymakers and project stakeholders, employing STEaPP's impact-driven mode of research.
Year(s) Of Engagement Activity 2018
URL https://www.ucl.ac.uk/steapp/research/projects/digital-policy-lab/featured-researcher/profile-sneha-...
 
Description UK Cyber Security Conference 2018 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact Madeline gave a talk on RISCS's achievements over the past year at the joint RI conference on 17 October hosted by the NCSC. The ECSEPA team distributed flyers for the ECSEPA main project, the mapping exercise, and the policy crisis game. The team also displayed an ECSEPA pull-up banner and engaged with various stakeholders to update the work in progress.
Year(s) Of Engagement Activity 2018
 
Description UKAuthority Public Sector Cyber Forum 2018 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact Madeline addressed the UKAuthority Public Sector Cyber Forum 2018 in September on Understanding the Ecosystem: Cyber Security Policy Challenges.
Year(s) Of Engagement Activity 2018
URL https://twitter.com/UKAcyber/status/1042765258836860928
 
Description UN talk on Sharing Economy 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Policymakers/politicians
Results and Impact On July 11, Alex delivered an invited talk by the United Nations Conference on Trade and Development (UNCTAD) at the Palais des Nations in Geneva, Switzerland, titled: 'Legal and regulatory challenges of the sharing economy' where he compared case studies of Uber in the UK and Didi in China with his colleague. Supported by the ECSEPA project, his knowledge and research on the subject was derived from the classes he taught at STEaPP. The presentations were well-received by the audience and garnered the attention of representatives from various countries. During the Q&A session, the Director of Consumer Law from the UK's Competition and Market's Authority shared similar observations on how Uber's control over service quality, service delivery, and pricing schemes is conducive to unfair competition and has repercussions for the employment conditions of the labour force. An EU representative pointed out that a new EUROPA report is available for consultation, which examines the idea of standardising definitions for platforms across the sharing economy and harmonising its interpretations between jurisdictions. The Chairman of the largest India-based voluntary consumer organization in Asia, Mumbai Grahak Panchayat, who presented his research on the sharing economy at the 2017 UNCTAD RPP session, called for future collaborations on a large-scale, international study led by UNCTAD to compare the sharing economies of multiple developing and developed countries to further identify research gaps and establish best practices.
Year(s) Of Engagement Activity 2018
URL https://www.riscs.org.uk/2018/08/06/at-the-un-dr-alex-chung-delivered-invited-talk-on-the-sharing-ec...
 
Description Using ECSEPA Map to teach STEaPP MPA submodules: Knowledge & Governance; Digital Technology & Public Policy 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Postgraduate students
Results and Impact Using the map constructed in the ECSEPA project, Alex taught the MPA classes during autumn 2018 on 'Knowledge & Governance' submodule and Sneha gave a lecture to 'Digital Technologies and Public Policy' class led by Madeline during the same period to speak about cybersecurity policy.
Year(s) Of Engagement Activity 2018
 
Description YouTube clip on UCL STEaPP website 
Form Of Engagement Activity Engagement focused website, blog or social media channel
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Postgraduate students
Results and Impact The UCL STEaPP departmental YouTube video published in 2017 was intended to help drive up the interest and enrolment numbers for UCL STEaPP's MPA degree course 2018-19 intake. It features an interview with ECSEPA PI Dr Madeline Carr on the challenges the Internet of Things (e.g. autonomous vehicles) pose for policymakers and the society in the future.
Year(s) Of Engagement Activity 2017,2018
URL http://www.ucl.ac.uk/steapp/study/masters/2018-19/digital-technologies-and-policy