MULTIFACETED APPROACH TO CYBER SECURITY RESEARCH

Top opportunities in cyber security , i.e. things that would be good to do even if difficult, were identified and included:

1. Ownership and Responsibility for Security

These concepts are different in cyber security space and physical space, they vary with differences in cultures and social norms, how much people believe they can protect themselves is important, a key challenge is how can people be encouraged to take responsibility for their own security and do current cyber technologies allow us to exercise responsibility.

2. Identity and Privacy

The former concept is key as a great deal of behaviour in cyber space depends on who we think we are interacting with, trust in online identity is very important. Mechanisms for providing identity need to be publicly acceptable and need to consider privacy. For example, is identification necessary for identity and is it possible to have pseudo private identities i.e. a trusted identity online which is different from that in the physical domain?

3. Measurement of Trust

Trust in cyber space is very important but how can trust be measured? Is it possible to develop acceptable trust metrics and cyber security features that increase trust? Trust and assurance sources are key, e.g. assurance from the source of friends is much more likely to influence people to take-up security features.

4. Valuation of Digital Interactions

Can different levels of security be developed for different interactions involving differently-valued assets, e.g. different personal information assets, it would be necessary to identify the importance of and the value of assets and classify the security required for an asset based on its value, development of an asset currency e.g. personal information currency.

5. Policy Development

There is a need to create policies or rules for various aspects of cyber security, a policy that underpins trust in cyber space could deliver a security safety net which allows autonomy within it to be creative and innovative, different privacy policies could be developed for different levels of asset value.

6. Useable and Useful Security Solutions

Evaluation of public persuasion factors is important, are there public information strategies that will allow people to learn about cyber security?
Future technologies required to tackle the opportunities in cyber security included various machine learning techniques for cyber space to build trust, model attacks, isolate attacks and attack recovery.

Practical steps that research organisations can take to address the cyber security opportunities were discussed and included:

  1. Studies of social norms particularly internationally and studies with users to assess how to deliver cyber security information.
  2. Development of requirement/problem definitions that allow them to be solved.
  3. Identification of policies based on results, identification of research that can be used to inform cyber security policies, development of a framework for allowing policy makers to understand the implications of their policies.
  4. Bringing together of public sector that have cyber security needs and research and commercial players that have developed security solutions, emulate the health sector in looking at areas where behaviour is restricting cyber security improvement.