Research Institute in Science of Cyber Security (RISCS) Phase 2
Lead Research Organisation:
University College London
Department Name: Computer Science
Abstract
The Digital Economy is a key part of the strategy for UK economic growth. But as more businesses move into the digital space, they need to be able to protect their assets (such as their Intellectual Property) and processes (such as payment and customer details). Cyber security is one of the 3 core areas in RCUK's Partnership for Conflict, Crime and Security, and the research that will be undertaken under the umbrella of RISCS is focused on developing security solutions that are effective in the context of modern organisations. The provision of accurate and meaningful metrics to measure the impact (positive and negative) of security measures, and developing models and tools for predicting the such impact, is at the core of the our research endeavour. RISCS was intially funded for 3.5 years funded by EPSRC, GHCQ and BIS, consists of 4 projects and a coordination activity. The aim of the coordination activity was to build a community of the researchers involved in the 4 funded projects to engage with each other (to share approaches to data collection, devising and evaluating solutions) and with security practitioners (to understand the challenges they face, and try to apply knowledge and methods developed by the projects). EPSRC has invited an application to continue the funding for the coordination activity for a further 5 years, to enable the community to continue and expand, and serve as a UK hub for evidence-based research aiming to improve cyber security in organisations. The hub will seek to attract funding for new projects on this topic, and offering a home for other projects and individuals conducting research on this topic.
Planned Impact
RISCS Phase 2 will be a way of exposing researchers from other disciplines to cyber security problems and current approaches - they will be able to apply their knowledge and methods towards solving these problems, but during these applications discover challenges, and knowledge and methods from other disciplines, that may help to advance their own area. We will enhance the capability of existing practioners by packaging our knowledge and skills and disseminating it in collaboration with the sponsor (GCHQ - CESG runs a certification schem) and professional bodies (IISP, ISSA, SANS institute). Will continue to work with sponsors and government to improve policy and communications about cyber security, and work with interested companies to improve or demonstrate the effectiveness of their products, and make them more competitive.
Publications
Ani U
(2020)
A review of the use and utility of industrial network-based open source simulators: functionality, security, and policy viewpoints
in The Journal of Defense Modeling and Simulation: Applications, Methodology, Technology
Bada M
(2021)
Online Victimisation
Carr M
(2019)
RISCS Annual Report 2020
Carr M
(2020)
Internet of Things, cybersecurity and governing wicked problems: learning from climate change governance
in International Relations
Carr, M
(2022)
RISCS Annual Report 2021
Cherdantseva Y
(2021)
A Best Practice Guide for SMEs on Cyber Security Investment Decision Making
Crossland G
(2021)
Remote Working and (In)Security
| Description | Through our seven RISCS Research Fellows, we have generated original and important findings on sociotechnical aspects of cybersecurity. Our focus areas have included the following: cybercrime, digital responsibility, international dimensions of cybersecurity, secure development, leadership and culture, metrics and quantification, and futures literacy. We have published a number of papers, reports, presentations and other material, all of which is available on our website. |
| Exploitation Route | Our research is highly applied and we have made extensive efforts to socialise our research findings within the communities that can make use of it. This includes preparing guidance for business leaders, feeding into international diplomatic dialogues, working with law enforcement, and supporting the NCSC research problem book. In future, the work should continue to be fed into relevant knowledge exchange platforms to ensure it is accessible and usable by a wide range of stakeholder groups. |
| Sectors | Digital/Communication/Information Technologies (including Software),Government, Democracy and Justice,Security and Diplomacy,Other |
| URL | https://www.riscs.org.uk/ |
| Description | RISCS is a coordination activity that brings together academic researchers working on human, organisational, economic and societal aspets of cyber security, security practitioners and researchers from the National Technical Authority (GCHQ/NCSC). The main output developed by NCSC as a result of collaboration with RISCS researchers has been the new guidance on phishing https://www.ncsc.gov.uk/phishing. It promotes a multi-layered approach informed by results from many disciplines on how to defend effectively. This is a significant improvement from the previous state where most organisations only combatted phising by 'training users not to click on links' - an approach shown by RISCS research not only to be ineffective in reducing phishing, but damaging productivity. Through ongoing collaboration with UK security practitioners we have identified emerging research challenges, shared our research outcomes, and identified opportunities for creating testbeds to try solutions developed by researchers. In our first year, 45 practitioners from UK industry and government attended community meetings - after 2 further years, the number of practitioners that regularly connect with RISCS and use our findings - as well as contributing research challenges - has risen to 70. |
| First Year Of Impact | 2017 |
| Impact Types | Economic,Policy & public services |
| Description | 2 RISCS reports cited in POST note on remote working |
| Geographic Reach | National |
| Policy Influence Type | Citation in other policy documents |
| URL | https://researchbriefings.files.parliament.uk/documents/POST-PB-0049/POST-PB-0049.pdf |
| Description | Contributed to DCMS Cyber Security Regulation and Incentives Review |
| Geographic Reach | Local/Municipal/Regional |
| Policy Influence Type | Implementation circular/rapid advice/letter to e.g. Ministry of Health |
| Description | Contributed to NCSC Board Toolkit |
| Geographic Reach | Local/Municipal/Regional |
| Policy Influence Type | Implementation circular/rapid advice/letter to e.g. Ministry of Health |
| Description | Contributed to NCSC Cyber Insurance Buyers Guide |
| Geographic Reach | Local/Municipal/Regional |
| Policy Influence Type | Citation in other policy documents |
| URL | https://www.ncsc.gov.uk/guidance/cyber-insurance-guidance |
| Description | Contributed to NCSC Engineering Best Practice Guidance |
| Geographic Reach | National |
| Policy Influence Type | Citation in other policy documents |
| Description | Contributed to NCSC Password Guidance |
| Geographic Reach | Local/Municipal/Regional |
| Policy Influence Type | Citation in other policy documents |
| Description | Contributed to the NCSC You Shape Security Guidance |
| Geographic Reach | Local/Municipal/Regional |
| Policy Influence Type | Citation in other policy documents |
| Description | DCMS Secure by Design Guidance |
| Geographic Reach | National |
| Policy Influence Type | Citation in other policy documents |
| URL | https://www.gov.uk/government/collections/secure-by-design |
| Description | Directly contributed to ENISA Cybersecurity Culture Guidelines |
| Geographic Reach | National |
| Policy Influence Type | Citation in other policy documents |
| Description | RISCS Fellows |
| Amount | £105,000 (GBP) |
| Organisation | National Cyber Security Centre |
| Sector | Public |
| Country | United Kingdom |
| Start | 03/2021 |
| End | 03/2022 |
| Description | RISCS PHASE 3 |
| Amount | £250,000 (GBP) |
| Organisation | Engineering and Physical Sciences Research Council (EPSRC) |
| Sector | Public |
| Country | United Kingdom |
| Start | 03/2020 |
| End | 07/2022 |
| Description | Understanding cyber offenders, criminal careers and business models |
| Amount | £368,643 (GBP) |
| Organisation | Home Office |
| Sector | Public |
| Country | United Kingdom |
| Start | 03/2018 |
| End | 03/2019 |
| Title | Network data on threat intelligence information sharing in Higher Education setting |
| Description | Network data was collected through an open- survey was synchronously offered to 113 participants during an online roundtable hosted by UCISA on the 14th of August 2021. The respondents were all responsible for cybersecurity for their university. The research team was available throughout this phase of the data collection process to address any questions or concerns from the respondents. The response rate was 82%. Data includes two classes of variables. The first involves information on four different types of relations (or dyadic): trust, advice, collaboration and best practices. The second includes information on attributional (or monadic) variables on properties of individual nodes in the network, i.e., institutional organisations and individuals. |
| Type Of Material | Database/Collection of data |
| Year Produced | 2021 |
| Provided To Others? | No |
| Impact | Mapping different relations will enable policy decisions for facilitating better cyber threat information sharing in the sector. |
| Description | Home Office Cyber Crime Projects |
| Organisation | Home Office |
| Country | United Kingdom |
| Sector | Public |
| PI Contribution | https://www.riscs.org.uk/riscs-annual-report-and-project-catalogue/ |
| Collaborator Contribution | Supported the life cycle of the project. |
| Impact | https://www.riscs.org.uk/riscs-annual-report-and-project-catalogue/ |
| Start Year | 2018 |
| Description | RISCS2 |
| Organisation | Government Communications Headquarters (GCHQ) |
| Country | United Kingdom |
| Sector | Public |
| PI Contribution | holding workshop to develop problem statement and research call |
| Collaborator Contribution | providing funding and technical expertise |
| Impact | research funding call for project in developer-centred security |
| Start Year | 2016 |
| Description | Statement of Support on Consumer IoT Guidance |
| Organisation | World Economic Forum |
| Country | Switzerland |
| Sector | Charity/Non Profit |
| PI Contribution | Worked collaboratively with Consumers International, Microsoft, the Global Compact, and Meet the Hackers to develop and socialise a statement of support on the top five guidelines for manufacturers of consumer IoT devices. This was circulated and signed by over 120 organisations worldwide including Microsoft, Google, Qualcomm, DCMS, RISCS, and PETRAS. |
| Collaborator Contribution | The WEF was the coordinating body who managed the process and brought us all together. |
| Impact | Now looking |
| Start Year | 2020 |
| Description | A private roundtable held with the World Economic Forum on the role of cyber insurance in cyber security |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Industry/Business |
| Results and Impact | A private roundtable held with the WEF on the role of cyber insurance in cyber security. Attended by 15 participants from Fortune 500 businesses, US law enforcement, and representatives from several international governments. |
| Year(s) Of Engagement Activity | 2020 |
| Description | Advisory meeting with Canadian Chief Science Advisor at the Canadian High Commission in the UK |
| Form Of Engagement Activity | A formal working group, expert panel or dialogue |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Policymakers/politicians |
| Results and Impact | ECSEPA member Dr Alex Chung participated in a round-table discussion with Canada's Chief Science Advisor, Dr Mona Nemer, on 9 February 2018. Organised by the Canadian High Commission in the UK, the event took place in Canada House in London. Dr Nemer asked the eight young researchers for recommendations to take back to the Prime Minister of Canada, Justin Trudeau on what Canada can learn from the UK's research and education systems. In particular, she sought advice on how the experience of Canadian scholars who are currently conducting science-related research in the UK, and those who seek to come to the UK, could be enhanced. The scholars unanimously agreed upon one potential area of improvement, which is to focus on channels of communication for academic funding opportunities between the two countries through networks of information sharing and exchange coordinated by the High Commission and jointly facilitated by partnering academic institutions. Alex highlighted the need for overseas funding programmes aimed at interdisciplinary studies with a combined science and public policy focus, citing the example of the Science, Technology, and Engineering Policy Advice Module within the Master's in Public Administration degree programme offered by UCL STEaPP. Two weeks after the meeting, Prime Minister Justin Trudeau's administration released its 2018 budget on 27 February. It includes almost CAD$4 billion (US$3.1 billion) in new funding for science over the next five years, a large portion of which is aimed at supporting research that is "international, interdisciplinary, fast-breaking and higher-risk", and much of which will be reserved for early and mid-career researchers. (https://www.nature.com/articles/d41586-018-02529-6) |
| Year(s) Of Engagement Activity | 2018 |
| URL | https://www.law.ox.ac.uk/news/2018-02-11-canadian-chief-science-advisor |
| Description | Attribution in Cyberspace |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Industry/Business |
| Results and Impact | "Attribution in Cyberspace" Norwegian Institute of International Affairs |
| Year(s) Of Engagement Activity | 2020 |
| Description | Can we make people value IT security? |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Professional Practitioners |
| Results and Impact | University of Cambridge Computer Lab's annual Wheeler lecture |
| Year(s) Of Engagement Activity | 2017 |
| URL | https://www.cl.cam.ac.uk/seminars/wheeler/angela-sasse/index.html |
| Description | Can we make the Internet of things secure enough for humans? |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Policymakers/politicians |
| Results and Impact | The event was for IoT and Cybersecurity specialists and explored the best practice for protecting IoT devices and services across a range of industries and the potential for innovation opportunities in IoT cyber security. |
| Year(s) Of Engagement Activity | 2017 |
| URL | https://censis.org.uk/2017/03/21/iot-meets-cyber-security/ |
| Description | Cyber Metrics Research Event |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Industry/Business |
| Results and Impact | Series of talks and group discussions to define a way to take forward the national conversation on the topic of cyber metrics and communicating with the board. This was a collaborative event with SASIG and NCSC |
| Year(s) Of Engagement Activity | 2018 |
| Description | Cyber Metrics:Getting the conversation straight between technical and non-technical actors |
| Form Of Engagement Activity | Engagement focused website, blog or social media channel |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Industry/Business |
| Results and Impact | On May 23, 2018, RISCS held a workshop in London that looked at the utility of cyber security metrics. The purpose of the workshop was to develop a deeper understanding of the ways in which cyber security metrics are used in decision-making more generally, and also to raise questions about how data is best presented to the board and the policy community more specifically. We wanted to explore the potential for metrics to help but we also want to take a critical approach to the underlying values that can shape metrics - and consequently, decisions. |
| Year(s) Of Engagement Activity | 2018 |
| URL | https://www.riscs.org.uk/2019/03/12/cyber-metrics-getechnical-actors/ |
| Description | Cyber Policy Workshop |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Policymakers/politicians |
| Results and Impact | RISCS held an online policy workshop on 13th January 2022 with 30 participants from Government and academia as part of the our International Dimensions theme led by Fellow Dr Tim Stevens. The aims of this workshop were to achieve a collective understanding of the latest thinking on EU cyber policy and its implications for the UK and to identify possible future research questions which have value for the policy community. |
| Year(s) Of Engagement Activity | 2022 |
| Description | Cybercrime Workshop |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Policymakers/politicians |
| Results and Impact | RISCS held an online policy workshop on 2nd December 2021 with 33 participants from Government, academia, and the wider community as part of the RISCS Cybercrime theme led by Dr Maria Bada. The aim of this workshop was to establish the latest thinking amongst the cybercrime community on understanding the scale of the ransomware problem, preventing and mitigating ransomware attacks, and to understand gaps in knowledge where further research is needed. |
| Year(s) Of Engagement Activity | 2021 |
| Description | Cybersecurity Culture Guidelines: Behavioural Aspects of Cybersecurity |
| Form Of Engagement Activity | Engagement focused website, blog or social media channel |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Industry/Business |
| Results and Impact | The report is concerned with human aspects of cybersecurity including not only psychology and sociology, but also ethnography, anthropology, human biology, behavioural economics and any other subject that takes humans as its main focal point. |
| Year(s) Of Engagement Activity | 2018 |
| URL | https://www.enisa.europa.eu/publications/cybersecurity-culture-guidelines-behavioural-aspects-of-cyb... |
| Description | Digital Equity and Security on the Internet |
| Form Of Engagement Activity | A formal working group, expert panel or dialogue |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Industry/Business |
| Results and Impact | Not all computer and Internet users are equally knowledgeable about how to protect themselves online. The least digitally literate may be the most at risk. Awareness of online threats may be low or easily forgotten and current user training may not account for the unique needs of the unconnected. Issues discussed included: • What happens in real list when we bring vulnerable populations online? • What should people be taught? • Can our technology be better designed to protect those that need it most? The panel was moderated by Richard Clegg Managing Director of the Lloyd's Registry Foundation. Participants included Eben Upton, founder of Raspberry Pi, which is changing the paradigm for young people to learn computing and digital making and Professor Madeline Carr, UCL Computer Science. |
| Year(s) Of Engagement Activity | 2021 |
| Description | Digital Responsibility Workshop |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Third sector organisations |
| Results and Impact | Digital Responsibility Workshop hosted by Knowinnovation and Lizzie Coles- Kemp |
| Year(s) Of Engagement Activity | 2020 |
| Description | Digital technical standards: Strengthening the Multi-stakeholder System" G7 Digital and Technology Ministers sidebar event |
| Form Of Engagement Activity | A formal working group, expert panel or dialogue |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Policymakers/politicians |
| Results and Impact | Participation in Digital technical standards: Strengthening the Multi-stakeholder System"G7 Digital and Technology Ministers sidebar eventwith DCMS and Chatham House |
| Year(s) Of Engagement Activity | 2020 |
| Description | Dysfunctional Relationships in Security - and how to overcome them |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Industry/Business |
| Results and Impact | Dysfunctional Relationships in Security - and how to overcome them. Opening Keynote speech, ESORICS STAST Workshop, Unversity of Surrey |
| Year(s) Of Engagement Activity | 2020 |
| Description | ECSEPA Cyber Security Mapping Validation Workshop |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Policymakers/politicians |
| Results and Impact | The ECSEPA team held a Mapping Validation Workshop on 8 February 2018 at The Wesley Hotel in Euston, London. The event brought together policymakers working in cybersecurity across the UK Government to discuss how best to represent our 'Map of the UK Cyber Security Governance Landscape.' Participants included those working at the forefront of the UK's cybersecurity policy issues from Cabinet Office, Foreign & Commonwealth Office (FCO), Ministry of Housing, Communities & Local Government (MHCLG), Her Majesty's Revenue & Customs (HMRC), Department of Digital, Culture, Media & Sports (DCMS), and many more. At the workshop we presented our key findings, discussed map functionality and posed map usability questions to the audience who provided insight into the challenges the Government face in cybersecurity governance. The majority of the time was spent on roundtable discussions critiquing and refining the maps' accuracy, utility and design. Using an A0 map in print, policymakers were able to draw directly onto the maps whilst discussing with each other how their respective Departments interact with one another on cybersecurity policy. A number of policymakers also proposed collaboration opportunities to the team to help them adapt and develop smaller, segmented maps for use within five individual Departments and also the possibility of extending the project. Subsequently, we were invited to their offices in Whitehall after the workshop to further discuss funding and logistics planning for the prospective collaborations. Representatives from academia were also present at the workshop, which included EPSRC Senior Portfolio Manager Dr Miriam Dowle, as well as two researchers from UCL's Department of Geography: Dr Artemis Skarlatidou who works in Human Computer Interaction and User Experience, and PhD candidate Alex Papadopoulos who specialises in Human Computer Interaction and Spatial Data. Through their input and conversation with policymakers, we developed a comprehensive list of findings to be incorporated into the map as it progresses onto the next stage of graphic design. |
| Year(s) Of Engagement Activity | 2018 |
| URL | http://ecsepa.coventry.ac.uk/ecsepa-mapping-validation-workshop-2/ |
| Description | ECSEPA website hosted by Coventry |
| Form Of Engagement Activity | Engagement focused website, blog or social media channel |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Policymakers/politicians |
| Results and Impact | The ECSEPA project website was created in October 2017 by Coventry University, the home institution of the project Co-I, Professor Siraj Shaikh, Mr Atif Hussain, and Dr Emma Moreton. The purpose is to maintain an online presence for the project through an overview of the study and its associated research activities. The main Coventry University website and its affiliated research project webpages are regularly visited by a wide-ranging set of audience from around the world as shown by the answer to the question above. It is a particularly useful tool for advertising our study for the purpose of recruiting potential participants, since an official institutional website adds to the bona fides of ECSEPA due to the need to forge new contacts with senior-level policymakers who often use the website to double-check the credentials of the researchers and the legitimacy of the project. |
| Year(s) Of Engagement Activity | 2017,2018 |
| URL | http://ecsepa.coventry.ac.uk/ |
| Description | ECSEPA website hosted by UCL STEaPP |
| Form Of Engagement Activity | Engagement focused website, blog or social media channel |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Media (as a channel to the public) |
| Results and Impact | The ECSEPA project website was created in November 2017 by University College London, Department of Science, Technology, Engineering and Public Policy (UCL STEaPP), the home institution of the project PI, Dr Madeline Carr and team members Dr Alex Chung and Ms Sneha Dawda. The purpose is to maintain an online presence for the project through an overview of the study and its associated research activities. The main UCL STEaPP departmental website and its affiliated research project webpages are regularly visited by a wide-ranging set of audience from around the world as shown by the answer to the question above. It is a particularly useful tool for advertising our study for the purpose of recruiting potential participants, since an official institutional website adds to the bona fides of ECSEPA due to the need to forge new contacts with senior-level policymakers who often use the website to double-check the credentials of the researchers and the legitimacy of the project. |
| Year(s) Of Engagement Activity | 2017,2018 |
| URL | https://www.ucl.ac.uk/steapp/research/projects/ecsepa |
| Description | ECSEPA_Presentation to Cabinet Office_ |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Policymakers/politicians |
| Results and Impact | Presented research findings of the mapping exercise to the Public Sector Cyber Security Working Group lead by Cabinet Office. |
| Year(s) Of Engagement Activity | 2018 |
| Description | Early Career Researcher Event |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Postgraduate students |
| Results and Impact | RISCS hosted an early career researcher event for postgraduate students and postdocs, featuring talks and advice from academics, talks from NCSC representatives, and other activities related to careers in research in sociotechnical cyber security. |
| Year(s) Of Engagement Activity | 2021 |
| Description | First Cyber 9/12 Student Challenge in the UK |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Policymakers/politicians |
| Results and Impact | ECSEPA members were part of a coaching team led by Dr Irina Brass (UCL STEaPP) that trained and accompanied four UCL students (three STEaPP MPAs and one PhD) to compete in Cyber 9/12 Challenge UK on 26-27 February 2018 in London, UK. In preparation for the competition, the team held three workshops and put together a training programme that helped the students to quickly gain familiarity with cybersecurity policy and international relations. One of the workshops also involved a senior practitioner/policymaker from the UK National Police Chiefs Council who advised the students on how serious incident response operations are managed at the highest levels of the UK Government in real-life crisis scenarios. During the competition, the UCL team were able to mobilise their diverse knowledge and skills in order to produce a rigorous assessment of a complex cyber threat to the UK's critical infrastructure, and to evaluate and recommend a preferred course of action to Central Government. On the first day of the two-day event, BBC Radio 4 Today show interviewed Paul Chichester, Director Operations at the UK National Cyber Security Centre about the competition. Participants on the judging panels and the competing teams not only included UK policymakers and practitioners (e.g. DCMS and Defence Academy) but also those from various European countries such as Sweden and bodies such as Europol. |
| Year(s) Of Engagement Activity | 2018,2019 |
| URL | https://www.ucl.ac.uk/steapp/steapp-news-publication/2018/students-at-cyber-9-12-student-challenge |
| Description | From "security awareness" to secure behaviour - what is stopping us? |
| Form Of Engagement Activity | A formal working group, expert panel or dialogue |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Industry/Business |
| Results and Impact | From "security awareness" to secure behaviour - what is stopping us? Keynote SWITCH Security awareness day, Bern, Switzerland |
| Year(s) Of Engagement Activity | 2020 |
| Description | From the Ground Up: Polarization, Fragmentation and Hybridity in the Research and Practice of Cyber Norms |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Industry/Business |
| Results and Impact | "From the Ground Up: Polarization, Fragmentation and Hybridity in the Research and Practice of Cyber Norms" (Keynote Speaker) The Hague Conference on Cyber Norms The Hague |
| Year(s) Of Engagement Activity | 2020 |
| Description | Future Directions in Cyber Crime Research |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Professional Practitioners |
| Results and Impact | ECSEPA member Dr Alex Chung attended a workshop on 30 November 2017 that led directly to a multi-year research call that closed on March 8 2018. The workshop, held at the UK National Cyber Security Centre (NCSC) organised by the Research Institute in Science of Cyber Security (RISCS) and the Home Office, brought together policy makers, law enforcement and academics to discuss future research priorities and evidence gaps in relation to cyber crime. The topics for the round-table discussions included: 1) the scale, costs and consequences of cyber crime; 2) profiles and pathways into offending; 3) victimisation and how to improve cyber security behaviours amongst public and businesses; 4) effectiveness of interventions to prevent, deter and disrupt offending. The contributions made during this workshop and the findings led to the subsequent 'Call for Multi-Year Research Proposals: "Understanding cyber offenders, criminal careers and business models" in January 2018, which was funded by the UK National Cyber Security Programme (NCSP) and coordinated by the Home Office and RISCS (https://www.riscs.org.uk/wp-content/uploads/2018/01/Home-Office_multi-year-grant-call_Jan2018.pdf). |
| Year(s) Of Engagement Activity | 2017 |
| URL | https://www.eventbrite.co.uk/e/future-directions-in-cyber-crime-research-registration-38726695589?ut... |
| Description | Future Directions in Cyber Crime Research |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Professional Practitioners |
| Results and Impact | A workshop with policy makers, law enforcement and academic colleagues from a range of disciplines, to help identify the key evidence gaps and future research opportunities in relation to cyber crime. This was set in the context of exciting plans for the expansion of the Research Institute in the Science of Cyber Security (RISCS), and future funding opportunities. |
| Year(s) Of Engagement Activity | 2017 |
| Description | Future Directions in EU Cyber Security: Implications for UK Policy and Strategy |
| Form Of Engagement Activity | A formal working group, expert panel or dialogue |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Policymakers/politicians |
| Results and Impact | The UK's departure from the EU has sharpened the need for timely and insightful research into EU cyber security policy and strategy. The online event will bring together policymakers, researchers and industry representatives to explore future directions in EU cyber security and implications for UK cyber security policy, strategy, decision-making and research. During the session, we will split into three mixed-sector working groups to investigate three priority questions, detailed later in this document. These have been identified in collaboration with our project partners, NCSC. Each group will have an academic Chair who has been invited to make some opening remarks about the topic, providing valuable context to the question in hand. This will enable each group to achieve a collective understanding of the latest thinking, and steer the discussions towards the desired outcome. The aim of the session was to identify possible future research questions which have value for the policy community around these three priority questions. RISCS will collate and publish these after the session, with the hope that our community will choose to take some or all of these forward for investigation. |
| Year(s) Of Engagement Activity | 2021 |
| URL | https://www.riscs.org.uk/ |
| Description | GIG-ARTS 2018 |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Policymakers/politicians |
| Results and Impact | The ECSEPA team will present a paper at the Second European Multidisciplinary Conference on Global Internet Governance Actors, Regulations, Transactions and Strategies (GIG-ARTS 2018) from 26-27 April 2018 in Cardiff, Wales. The paper, based on the preliminary findings from ECSEPA, is titled: 'Overcoming Inequalities in Internet Governance: framing digital policy capacity building strategies'. The international conference will be attended by delegates from around the world, including academics, policymakers, and practitioners, with whom the team will exchange knowledge on the subject matters of cybersecurity policy and internet governance. |
| Year(s) Of Engagement Activity | 2018 |
| URL | https://www-npa.lip6.fr/gig-arts/conference/ |
| Description | GREPSEC III meeting |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Postgraduate students |
| Results and Impact | Invited speaker at an NSF supported workshop for women and underrepresented groups interested in computer security research. |
| Year(s) Of Engagement Activity | 2017 |
| URL | http://www.ieee-security.org/grepsec/schedule.html |
| Description | Global China Dialogue |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Policymakers/politicians |
| Results and Impact | Provided a talk on the different approaches of the US, EU and China on global technology governance. |
| Year(s) Of Engagement Activity | 2021 |
| Description | ICCIP 2018 Conference Presentation |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | ECSEPA team member Mr Atif Hussain attended the "Twelfth Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection" held in Arlington, US, on 12-14 March 2018 to present our paper of which he is the lead author. The paper is titled: 'An Evidence Quality Assessment Model for Cybersecurity Policymaking.' The purpose was to obtain feedback on the evidence model that we are building to improve it and incorporate it into the ECSEPA policy crisis game design. The conference was also an opportunity contribute our novel methodology and preliminary findings to the field of critical national infrastructure protection by engaging with policymakers, practitioners, and academics who are technical specialists and experts on the subject matter. |
| Year(s) Of Engagement Activity | 2018 |
| URL | http://www.ifip1110.org/Conferences/ConferenceProgram2018.pdf |
| Description | Interview on ECSEPA for UCL STEaPP online blog |
| Form Of Engagement Activity | Engagement focused website, blog or social media channel |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Postgraduate students |
| Results and Impact | The online blog entry published on 7 March 2018 is intended to help drive up the interest and enrolment numbers for UCL STEaPP's MPA degree course 2018-19 intake. It features an interview with ECSEPA member Dr Alex Chung on his experience working on the research project. In particular, it highlights how ECSEPA is unique in that it embodies STEaPP's impact-driven 'mode of research' - interdisciplinary research that tackles real-world challenges through co-design, co-production, and action research by engaging with policy actors. |
| Year(s) Of Engagement Activity | 2018 |
| URL | https://www.ucl.ac.uk/steapp/research/projects/digital-policy-lab/featured-researcher/featured-resea... |
| Description | Invited talk at IoT Security Foundation |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Industry/Business |
| Results and Impact | Invited talk to 250 participants on International Politics and IoT Standards |
| Year(s) Of Engagement Activity | 2020 |
| Description | Invited talk on Closing the Gap: Careers in Cyberspace EU Cyber Direct |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Policymakers/politicians |
| Results and Impact | invited talk on "Closing the Gap: Careers in Cyberspace |
| Year(s) Of Engagement Activity | 2020 |
| Description | Invited talk on States and Cyberspace: Deterrence, Attribution and Retaliation |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Policymakers/politicians |
| Results and Impact | Invited talk on "States and Cyberspace: Deterrence, Attribution and Retaliation" at the Cyber 2020 Conference. |
| Year(s) Of Engagement Activity | 2020 |
| Description | Key note speech on Cyber security's biggest vulnerability? "People are the weakest link" |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | Cyber security's biggest vulnerability? "People are the weakest link" Karen Sparck Jones Lecture 2020 |
| Year(s) Of Engagement Activity | 2020 |
| URL | https://www.bcs.org/events/2020/december/webinar-karen-spaerck-jones-lecture-2020/ |
| Description | Live media appearance TRT World News Channel, Turkey |
| Form Of Engagement Activity | A press release, press conference or response to a media enquiry/interview |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Public/other audiences |
| Results and Impact | Live interview broadcast on Turkish television: Global aspects of cybersecurity |
| Year(s) Of Engagement Activity | 2019 |
| Description | National Cyber Security Centre: UK Cyber Security Research Institutes 2017 Conference |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Policymakers/politicians |
| Results and Impact | At the annual National Cyber Security Centre conference on 17 October 2017, which focused on "Delivering cybersecurity research with real-world impact" (NCSC quote), the ECSEPA team presented a poster with an overview of the project to elicit interest from policymakers to engage with the project. Our aim was to identify and recruit relevant policymakers from UK Government Departments to participate in the data collection process - interviews, online survey, and policy crisis game - and to showcase our project to the core UK academic and policy community working in cybersecurity. We were able to acquire the contacts of senior policy advisors across the UK Government and maintain our existing relationships with project stakeholders through this event to further the aims of the project. |
| Year(s) Of Engagement Activity | 2017 |
| URL | http://ecsepa.coventry.ac.uk/cyber-security-annual-showcase-event/ |
| Description | Opportunities for Sociotechnical Cybersecurity Collaboration with Singapore Cyber Global Expert Mission, Knowledge Transfer Network |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Industry/Business |
| Results and Impact | Invited talk on 'Opportunities for Sociotechnical Cybersecurity Collaboration with Singapore' at the Cyber Global Expert Mission, Knowledge Transfer Network |
| Year(s) Of Engagement Activity | 2020 |
| Description | Oxera/ABI event - 'A Known, Unknown: Evolving Cyber Threats and the Future of the UK Cyber Insurance Market |
| Form Of Engagement Activity | A formal working group, expert panel or dialogue |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Industry/Business |
| Results and Impact | Dr Jason Nurse represented the project as a panellist at an insurance industry event. |
| Year(s) Of Engagement Activity | 2020 |
| URL | https://www.oxera.com/events/a-known-unknown-evolving-cyber-threats-and-the-future-of-the-uk-cyber-i... |
| Description | Panellist: Cyberwarfare and Artificial Intelligence |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Other audiences |
| Results and Impact | Panel: Cyberwarfare and Artificial Intelligence at Conference "A Shifting World Order: What to Expect in 2019" held in Beirut, Lebanon. Organised by The Carnegie Middle East Center |
| Year(s) Of Engagement Activity | 2018 |
| Description | Participated in expert round-table discussion |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Policymakers/politicians |
| Results and Impact | Invited participant on expert roundtable on Preventative Diplomacy and the Peaceful Resolution of Disputes in the Context of International Cyber Security. Discussion fed into a paper |
| Year(s) Of Engagement Activity | 2019 |
| Description | Phishing attacks: defending your organisation |
| Form Of Engagement Activity | Engagement focused website, blog or social media channel |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Industry/Business |
| Results and Impact | This guidance is an important addition to the NCSC's portfolio of anti-phishing measures. It is aimed at organisations of all sizes, in all sectors. Produced in collaboration with CPNI, government, academia and industry, it describes how to protect an organisation against email phishing threats, drawing on knowledge and research across real working environments. |
| Year(s) Of Engagement Activity | 2018 |
| URL | https://www.ncsc.gov.uk/guidance/phishing |
| Description | RISCS Annual Report 2018 |
| Form Of Engagement Activity | Engagement focused website, blog or social media channel |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Other audiences |
| Results and Impact | The annual report contains project updates and summaries of the work carried out during the previous academic year. It is made available on the RISCS website and circulated via hard copy at events such as joint research institute summit, cyber security workshops and conferences. |
| Year(s) Of Engagement Activity | 2018 |
| URL | https://www.riscs.org.uk/category/publications/ |
| Description | RISCS Anticipation and Futures Literacy Workshop |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Policymakers/politicians |
| Results and Impact | RISCS held an online policy workshop on 14th July 2021 with 20 participants from Government, academia, and the wider community as part of the RISCS Anticipation theme led by Fellow Professor Genevieve Liveley. The aim of this session was to generate ideas for the Fellowship agenda on where futures literacy (FL) could benefit cyber security policy, and where it might be relevant to both academic and policy communities. |
| Year(s) Of Engagement Activity | 2021 |
| Description | RISCS Community Meeting (August 2016) |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Policymakers/politicians |
| Results and Impact | Organisation of RISCS Community Meeting, London, August 2016 |
| Year(s) Of Engagement Activity | 2016 |
| Description | RISCS Community Meeting (February 2017) |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Policymakers/politicians |
| Results and Impact | Organisation of RISCS Community Meeting, London, 10th February 2017. Preceded by a RISCS Practitioner Panel on 9th February 2017. |
| Year(s) Of Engagement Activity | 2017 |
| URL | https://www.riscs.org.uk/2017/03/09/theory-plus-practice/ |
| Description | RISCS Community Meeting (February 2018) |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Other audiences |
| Results and Impact | Series of talks on the Science of Cyber Security |
| Year(s) Of Engagement Activity | 2018 |
| URL | https://www.riscs.org.uk/2018/03/26/joining-social-science-and-computer-science-obstacles-and-opport... |
| Description | RISCS Community Meeting (May 2018) |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Professional Practitioners |
| Results and Impact | Two day workshop focused on the theme of cyber metrics. Day one explored the use of metrics in the healthcare sector. This is a valuable use case because the interpretation of complex inputs in healthcare is crucial to informing risk decisions around data-sharing and public safety. Day 2 looked at how we can make decisions without the benefit of the kind of certainty or clarity that metrics might provide. Led to further work on cyber metrics such as collaborative workshops on the use of metrics to communicate with the board. |
| Year(s) Of Engagement Activity | 2018 |
| URL | https://www.riscs.org.uk/2018/06/18/riscs-community-meeting-23-24-may-2018/ |
| Description | RISCS Community Meeting (November 2016) |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Policymakers/politicians |
| Results and Impact | Organisation of RISCS Community Meeting - "Focus on Security Behaviour", London, 23rd November 2016 |
| Year(s) Of Engagement Activity | 2016 |
| Description | RISCS Community Meeting (October 2018) |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Professional Practitioners |
| Results and Impact | This Meeting focused on two themes: 'Incentives in Cyber Security' and 'Realising impact from research'. Explored spectrum of levers that are available to influence better cyber security behaviours. Discussion about how impact from the academic research across all four Research Institutes can be most effectively delivered back to the stakeholder community. Discussion of what research activity RISCS should promote in 2019. |
| Year(s) Of Engagement Activity | 2018 |
| URL | https://www.riscs.org.uk/2018/10/13/riscs-community-meeting-thursday-18th-october-2018/ |
| Description | RISCS Community Meeting October 2017 |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | Organisation of RISCS Community Meeting - RISCS Phase 2, London, 18 October 2017 |
| Year(s) Of Engagement Activity | 2017 |
| Description | RISCS Cyber Crime Showcase |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Policymakers/politicians |
| Results and Impact | An invitation only event with experts from across the RISCS community, DCMS, Home Office and NCSC. The discussion focused on matters as paramount as: o the challenges in the field of online victimisation o the policy impact of current research on online victims o the evidence gaps and future research needed in the field |
| Year(s) Of Engagement Activity | 2021 |
| Description | RISCS Developer-centred Security Workshop |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Professional Practitioners |
| Results and Impact | Organisation of Developer-centred Security Workshop, London, 24th November 2016 |
| Year(s) Of Engagement Activity | 2016 |
| URL | https://www.riscs.org.uk/2017/02/17/developer-centred-security-call/ |
| Description | RISCS Fellows showcase |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Industry/Business |
| Results and Impact | Presentations from 5 RISCS Fellows, followed by panel discussion with key stakeholders. |
| Year(s) Of Engagement Activity | 2021 |
| URL | https://www.eventbrite.co.uk/e/riscs-showcase-tickets-137315037975 |
| Description | RISCS Ransomware Workshop |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Industry/Business |
| Results and Impact | RISCS held an online workshop on 26th May 2022 as part of the Cybercrime theme led by Dr Maria Bada, with 10 participants mainly from the private sector. The workshop sought to understand what the private sector considers to be 'best practice' when defending against ransomware attacks. |
| Year(s) Of Engagement Activity | 2022 |
| Description | RISCS workshop on emerging risk in the IoT |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Professional Practitioners |
| Results and Impact | Through the RISCS community, we hosted a workshop on emerging risk in the IoT. A report will be disseminated to all participants and other interested stakeholders. |
| Year(s) Of Engagement Activity | 2018 |
| Description | RUSI and University of Kent workshop |
| Form Of Engagement Activity | A formal working group, expert panel or dialogue |
| Part Of Official Scheme? | No |
| Geographic Reach | Regional |
| Primary Audience | Industry/Business |
| Results and Impact | A private workshop with approx. 40 representatives from DCMS, NCSC, the insurance industry and cyber security providers. |
| Year(s) Of Engagement Activity | 2020 |
| Description | Robust Cyber Defences Against Adversarial Strategies |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | Dr Panaousis presented MERIT during this invited talk that took place in December, 22nd. This was the monthly "virtual" seminar of the Cyber Security Group at the University of Delft. It was an opportunity to discuss the practicality of the MERIT outputs and receive feedback on current developments. |
| Year(s) Of Engagement Activity | 2020 |
| Description | Roundtable with Higher Education sector on Cyber Security and Collaboration |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Other audiences |
| Results and Impact | A 'by invitation' executive roundtable, hosted by UCL, to discuss the opportunities and challenges that UK universities and higher education institutions face in responding effectively to growing cyber-attacks. The roundtable will bring together leading security professionals from across UK universities and higher education institutions to share insight and ideas for security cultures and collaboration across the sector. The discussions will form part of the wider Cyber Readiness for Boards Project being led by UCL and commissioned by the NCSC. |
| Year(s) Of Engagement Activity | 2021 |
| Description | SASIG workshop - Cybersecurity: reaching the boardroom with meaningful metrics |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Industry/Business |
| Results and Impact | Invited talk which addressed the following questions: How can improved corporate governance better support board and executive level decision-making around cyber risk. How do we apply cyber metrics to decision making more generally, and how can data be best presented to the board and the policy community? What underlying values should shape metrics and consequent decisions? What metrics are the cybersecurity community willing and able to provide compared with those metrics the board wants and needs. |
| Year(s) Of Engagement Activity | 2018 |
| Description | Secure Development Workshop |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Industry/Business |
| Results and Impact | Agenda The agenda for the workshop is as follows: 13:00 - Workshop opening presentation on RISCS theme and breakout group topics [Shamal Faily, Bournemouth University] 13:15 - HMG perspective on the RISCS Secure Development Practices theme [Helen L, NCSC] 13:30 - Panel - Secure Development Practices: what works and what doesn't [Awais Rashid (University of Bristol), Fraser Scott (Capital One), Helen Sharp (Open University), Charles Weir (Lancaster University)] 14:30 - Break 14:50 - Breakout groups 15:50 - Plenary discussion on breakout group results [Breakout group scribes] 16:15 - Workshop close [Shamal Faily, Bournemouth University] |
| Year(s) Of Engagement Activity | 2020 |
| Description | Stakeholder Meetings |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Policymakers/politicians |
| Results and Impact | The ECSEPA team has held regular stakeholder project meetings - four formal group meetings and several informal one-to-one validation meetings - since the project began (excluding the one-off mapping validation workshop under another ResearchFish entry). The purpose of these regular, bimonthly meetings, which is still on-going and will continue until the end of the project, is designed for the team to get constructive feedback from the stakeholder group comprising policymakers and practitioners through validating the preliminary findings and improving the methodological approach of the project. The comments received by the team during these events and gatherings have been extremely useful in shaping the trajectory of the project; the stakeholders have found the preliminary findings valuable to the work of their organisations. |
| Year(s) Of Engagement Activity | 2017,2018 |
| Description | UCL STEaPP Digital Policy Laboratory Featured Researcher: Sneha Dawda |
| Form Of Engagement Activity | Engagement focused website, blog or social media channel |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Postgraduate students |
| Results and Impact | The online blog entry published in February 2018 was intended to help drive up the interest and enrolment numbers for UCL STEaPP's MPA degree course for the 2018-19 intake. It features a piece by ECSEPA member Ms Sneha Dawda on her experience working on the Mapping Exercise portion of the research project. In particular, it highlights Sneha's unique combination of interdisciplinary background and innovative utilisation of mind-mapping tools to create a visual representation of the map. The piece also notes the importance of the internal mapping validation process by engaging with the relevant policymakers and project stakeholders, employing STEaPP's impact-driven mode of research. |
| Year(s) Of Engagement Activity | 2018 |
| URL | https://www.ucl.ac.uk/steapp/research/projects/digital-policy-lab/featured-researcher/profile-sneha-... |
| Description | UK - South Korea Track 2 Dialogue on Cyber Security |
| Form Of Engagement Activity | A formal working group, expert panel or dialogue |
| Part Of Official Scheme? | No |
| Geographic Reach | Regional |
| Primary Audience | Policymakers/politicians |
| Results and Impact | We jointly convened a track 2 dialogue on cybersecurity between South Korea and the UK. This was part of the RISCS International Dimension Fellowship and will continue through 2022-23, funding permitting. |
| Year(s) Of Engagement Activity | 2021 |
| Description | UK Cyber Security Research Conference |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Policymakers/politicians |
| Results and Impact | UK Cyber Security Research Conference, "Delivering cybersecurity research with real- world impact", 18th October 2016, London. Cross-RI conference co-organised by Research Institute Science of Cyber Security (RISCS), Research Institute Automated Programme Analysis & Verification (RIAPAV), and Research Institute Trustworthy Industrial Control Systems (RITICS), in association with the National Cyber Security Centre (NCSC). |
| Year(s) Of Engagement Activity | 2016 |
| URL | https://www.riscs.org.uk/2017/01/31/riscs-annual-report-2016-published/ |
| Description | UK Cyber Security Research Conference - 2017 |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | Collaborative annual highlight event of the four National Cyber Security Programme (NCSP)-sponsored cyber security Research Institutes (RISCS, VETSS, RITICS, The Research Institute in Hardware Security). The purpose of the conference is to present this leading edge initiative and its outcomes to decision-makers and leaders from academia, government and industry |
| Year(s) Of Engagement Activity | 2017 |
| Description | UK Delegation to the ITU Plenipot |
| Form Of Engagement Activity | A formal working group, expert panel or dialogue |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Policymakers/politicians |
| Results and Impact | I participated as a member of the UK delegation to this meeting providing support on IoT and cyber security. |
| Year(s) Of Engagement Activity | 2018 |
| Description | UN Internet Governance Forum Roundtable on the Whois Database and CERTs |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | Together with APNIC, we designed and hosted a panel discussion at the 2018 UN Internet Governance Forum on the changes in access for CERTs to the Whois Database under the GDPR. We engaged with ICANN, FIRST, human rights NGOs and international lawyers. As a consequence of the discussion, ICANN agreed to look at differentiated access to Whois for CERTs. |
| Year(s) Of Engagement Activity | 2018 |
| URL | https://www.intgovforum.org/multilingual/content/igf-2018-day-3-salle-ix-ws50-who-is-collected-discl... |
| Description | UNESCO High Level Futures Literacy Summit |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Policymakers/politicians |
| Results and Impact | A live webinar and presentation at the UNESCO Future Literacy Summit on RISCS Cyber Security Futures. A panel discussion followed the presentation. |
| Year(s) Of Engagement Activity | 2021 |
| Description | Uncertainty & Complexity in the Internet of Things: Analysis of the IoT Smart Family Workshop |
| Form Of Engagement Activity | Engagement focused website, blog or social media channel |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | RISCS is focused on giving organisations more evidence, to allow them to make better decisions, leading to the development of cybersecurity as a science. It collects evidence about what degree of risk mitigation can be achieved through a particular method - not just the costs of its introduction, but ongoing costs such as the impact on productivity - so that the total cost of ownership can be balanced against the risk mitigation that has been achieved. RISCS's main goal is to move security from common, established practice to an evidence-based practice. On May 24, 2018, RISCS held a workshop in London that looked at highly complex decision-making. It followed on from the previous day's look at the utility of cyber security metrics. On Day 2, we asked, "What happens when levels of complexity and uncertainty go beyond the capabilities of cyber metrics?" |
| Year(s) Of Engagement Activity | 2018 |
| URL | https://www.riscs.org.uk/wp-content/uploads/2018/08/20180722-Smart-Family-IoT-workshop-24May18-analy... |
| Description | United Nations Internet Governance Forum |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | Assessing Internet governance approaches and mechanisms and fostering inclusiveness: What are the main strengths and weaknesses of existing Internet governance approaches and mechanisms? What can be done, and by whom, to foster more inclusive Internet governance at the national, regional and international levels? Technical Internet governance: How can the technical governance of the Internet (e.g. the development of standards and protocols, and the management of critical resources) take into account the needs and views of all stakeholders? Additional Policy Questions Information: What are the governance challenges facing policymakers and incident responders to manage risks and build resilience when facing supply chain attacks in the IoT? |
| Year(s) Of Engagement Activity | 2021 |
| URL | https://www.intgovforum.org/multilingual/content/igf-2021-ws-228-supply-chain-governance-and-securit... |
| Description | Workshop on Cyber Risk at the ACE-CSR Conference |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Professional Practitioners |
| Results and Impact | Jointly designed and delivered a workshop on emerging risks in the IoT with colleagues from Warwick University. Generated data for a report which will be circulated to all participants and which will feed into wider views about emerging risk. |
| Year(s) Of Engagement Activity | 2018 |