IACAP

Interdisciplinary Aspects of Cybersecurity And Privacy

Cybersecurity and Privacy measures must be situated in a real use-case that sees human users approach a measure and experience it or, more simply, just use it. Here comes a new breed of views of Cybersecurity and Privacy measures that are pivoted on the users, at least featuring the social, economic, biologic and ethical views. These bear a huge potential to unveil and address niceties that could not be spot otherwise, such as the learnability of a measure, the coexistence with a flawed, deployed version, of the measure, the computation over and protection of biological data and, last but not least, the assistance of ethics and law to counter real-world breaches. There is clear international research momentum around these views, and a few members of the CINI Cybersecurity Laboratory are active researchers in related areas. Here comes the need to organise and cordinate their effort through the definition and formation of a Working Group on the Interdisciplinary Aspects of Cybersecurity and Privacy (IACAP). This Working Group comes with a clear motivation, a well defined statement and 5 Core Members geographically distributed in Italy and bringing heterogeneous backgrounds and skills.

What is our motivation?

Motivation

People often dislike Cybersecurity and Privacy measures. Although they layman believes such settings are somewhat good to have, people cannot generally be bothered to go through security measures such as registrations, strong passwords’ choices, panels for privacy settings all the like. Sometimes, technology users must go through such measures otherwise they will not get the service they wanted, for example they normally have to accept a privacy policy before the service is released to them. They may then be nastily rewarded with senses of disappointment and frustration both if they opted to proceed and if their pride or boredom prevented them to. Humans are far from being automata executing the perfect program. As humans come to be users of a technology that is meant to be secure, they also become exceptionally complicated for that technology to comply with:

Users may be victims of socical engineering scams

It is consolidated at least since Mitnick published his famous book on deception that humans are rather easy to be duped into making insecure actions, such as choosing poor passwords or annotating secrets in insecure places. It turns out that humans may effectively, though unintentionally, facilitate the attacker’s aims.

Users may make errors

There exists vast work from the Humanities addressing how and why humans make errors. Norman catalogued errors as failure to do what the user intends to (mistakes) or momentary lapses when the user takes an unintended action (slips). For example, slips might be due to an innate quest to operate in a best-effort style

Users may choose to thwart Cybersecurity and Privacy measures

When humans feel Cybersecurity and Privacy measures as a burden more than a benefit, they may deliberately oppose it, which is different from making errors because a profitable goal is defined this time. For example, some companies require card-and-pin authentication to enter their premises, but cards are often left in a public folder hung outside the entrance.


If modern services are to be enjoyed on the move, while the user is hopping on the tube, or pervasively, while the user is also watching television at the same time, then Cybersecurity and Privacy measures are particularly hard to get right also due to the human element outlined above.

What is our statement?

Statement

The motivation just provided justifies the assumption that Cybersecurity and Privacy measures ought to be studied and established over a hetergeneous system. This combines the technical system on which the security measures are implemented and running, such as a computer, with the non- technical one that is the user of the technical system and its Cybersecurity and Privacy measures. This take is often referred to as the interdisciplinary understanding of Cybersecurity and Privacy measures; as we shall see below, it entails a number of important and rather recent views of Cybersecurity and Privacy. At the moment, I identify four significant views, which are:

The social, or socio-technical view

It considers Cybersecurity and Privacy a holistic problem of the (technicalities of the) underlying technical system as well as of the (personas that may be expressed by the) humans that use that system.

The economic view

It looks at the financial implications of Cybersecurity and Privacy, addressing problems such as the uptake of cryptocurrencies as well as the widespread sustainability of Cybersecurity and Privacy measuresin general

The biological view

It tackles Cybersecurity and Privacy measures through computations over the digital representations of biological samples, such as genomic sequences, which, if undisclosed, would represent the utmost, irreversible breach of individuals’ privacy.

The ethical and legal view.

It focuses on data and digital ethics and the translation of ethical principles into regulations, hence on the Cybersecurity and Privacy measures to practically comply with those regulations in institutions of all sizes and complexities.


I am positive that other views will be defined as the whole area gets more and more consolidated through this Working Group. IACAP will coordinate works from the members of CINI Cybersecurity National Laboratory that show interest, ideally attracting over the years contributions at least from Computer Scientists, Sociologists, Psychologists and Lawyers, and inspiring their joint, interdisciplinary discourse.

Events

Research events inspiring IACAP

ACM Conference on Human Factors in Computing Systems(CHI), since 1982
Social view
Website
HCI International (HCII), since 1984
Social view
Website
Symposium on Usable Privacy and Security (SOUPS), since 2005
Social view
Website
Workshop on Security and Human Behaviour (SHB), since 2008
Social view
Website
Workshop on Socio-Technical Aspects in Security and Trust (STAST), since 2011
Social view
Website
Workshop on the Economics of Information Security (WEIS), since 2001
Economic view
Website
Financial Cryptography and Data Security (FC), since 1997
Economic view
Website
Algorithmic Challenges in Protecting Privacy for Biomedical Data, since 2018
Biological view
Website
The European Conference on Computational Biology, since 2001
Biological view
Website
International Workshop on TEchnical and LEgal aspects of data pRIvacy and SEcurity (TELERISE), since 2015
Ethical and legal view
Website
ETHICOMP, since 1995
Ethical and legal view
Website
Government of IACAP

Members

  • Working group coordinator
    • Giampaolo Bella

      University of Catani, Italy

  • Core member
    • Cristian Daniele

      Radboud University, Netherlands

  • Members
    • Sharif Abuadbba

      CSIRO's Data61, Australia

    • Francesco Capparelli

      ICT Cyber Consulting S.r.l., Italy

    • Helge Janicke

      Cyber Security Cooperative Research Center and Edith Cowan University, Australia

    • Gabriele Lenzini

      University of Luxembourg, Luxembourg

    • Kristen Moore

      CSIRO's Data61, Australia

    • Jacques Ophoff

      Abertay University, United Kingdom

    • Karen Renaud

      University of Strathclyde, Scotland

    • Diego Sempreboni

      King’s College, United Kingdom

    • Luca Viganò

      King's College London, United Kingdom

Copyright © www.iacap.com. All Rights Reserved.

Designed by HTML Codex