Dr Genevieve Liveley and Professor Awais Rashid are part of the team of the newly launched ESRC Digital Security by Design Social Science Hub+, DiScriBe, a four year project to bring social science, humanities and computer science together to address the challenges of digital security. DiScriBe Hub+ is one of two programmes of research and development announced by UK Research and Innovation, as part of the Industrial Strategy Challenge Fund (ISCF) “Digital Security by Design” (DSbD) programme to prevent the prevalence of damaging cyber security attacks by applying social and economic science to core questions around the adoption of new secure technologies, the readiness of different sectors (and roles) to adopt new secure hardware, the regulatory and policy environment and how that might influence the adoption of DSbD Tech, and what social and cultural factors might influence the success of the wider DSbD ecosystem.
Led by Professor Adam Joinson at the University of Bath, in collaboration with the Universities of Bristol, Cardiff, and Royal Holloway University of London, this project aims to reshape the ways in which social sciences and STEM disciplines work together to address the challenges of digital security.
There is a current commissioning call for scoping reviews around our four key topic areas, with the goal to understand the current state of knowledge and areas with no evidence base:
- Economics of security hardware adoption: quantifying costs and benefits
Under this call topic area, we are seeking a review of existing methods for identifying and quantifying the costs and benefits of adoption of new security hardware and practices. The identification should be done under a broad scope, for instance the benefits should encompass reducing the expected loss in terms of direct and indirect costs of cybersecurity failure, and importantly, in addition to private costs, externalities should also be considered and analysed.
- Understanding secure and insecure practices across consumer chains of hardware security advances
Under this topic area, we require a systematic mapping of the consumer chains that will potentially utilise hardware security advances. The focus of the scoping research should be on understanding how secure (or insecure) practices currently manifest across the complex intersections inherent in these consumer chains. These consumer chains encompass infrastructure developers who aggregate a range of hardware and software services to deliver critical systems, e.g., smart city environments, smart grids, intelligent transportation, etc. as well as those who deliver consumer goods ranging from personal computers and devices to Internet of Things (IoT).
- Regulation, Policy and Cybersecurity
We are seeking to commission research on the regulatory landscape within the UK digital security sector. The focus should be on the design and use of hardware security as part of digital products and services. The regulatory landscape encompasses legislation, standards and regulation.
- Social and Cultural Differences in the Adoption of Security Technologies
We intend to conduct a survey to understand the difference between social, cultural and commercial barriers to adoption of secure tech (i.e. CHERI and associated hardware/software) between sectors. In preparation we need to identify the potential adopters of secure technology – from manufacturers and open source communities, to end users (private, public and third sectors). Specifically, given we cannot survey all sectors, we aim to identify which to focus on through a scoping exercise to determine those that will likely achieve the highest impact from secure technology adoption. Full call: https://www.discribehub.org/commissioning-call-october-2020
Deadline: Submissions by 4pm on the 3rd Dec 2020