Sociotechnical Cybersecurity Workshop 2
Information and Communications Technology (ICT) has taken a central role in modern society. Unfortunately, malicious hackers and cybercrime have become a stubborn and expensive part of the ICT landscape. This has made providing cybersecurity a defining challenge for our era. Many strategic plans and National Academies of Sciences (NAS) studies have been written, and billions of dollars have been spent on the development and deployment of innovative cybersecurity solutions, but our network infrastructure, devices and organizations are increasingly insecure against threats.
In February 2016, the federal government released a new cybersecurity federal R&D strategic plan – this one mandated by Congress – that explicitly engaged the socio-technical nature of the systems that we are securing. The plan also emphasized the need for understanding the efficacy of different approaches, albeit empirically, economically, or mathematically. However, in order to make meaningful progress, using a socio-technical approach requires innovation driven by informational and experiential diversity.
A socio-technical approach to cybersecurity recognizes that the science and technology deployed to protect and defend our information and critical infrastructure must consider human, social, organizational, economic and technical factors, as well as the complex interaction among them, in the creation, maintenance, and operation of our systems and infrastructure.
Our goal is to advocate an evidence-based sociotechnical cybersecurity approach, integrating the best research evidence with diverse cybersecurity expertise and broadening the consideration of ICT user characteristics, through the exploration of potential grand challenge areas. Our intention is that the grand challenges will promote effective and appropriate consideration of the socio-technical factors and sound and effective principles of cybersecurity assessment, evaluation, and intervention. The five potential grand challenges we plan to explore during the workshop are:
- How can organizations be structured to handle cybersecurity better?
- How could one go about creating a Cybercrime Statistic Bureau?
- How do we design and evaluate cyberinfrastructure that takes the behavior of all users, including adversaries, into account?
- How do we preserving individual agency in cyberspace?
- How do we design incentives to ensure security?
The resulting report will help illuminate the implications for cybersecurity researchers of taking a socio-technical approach identifying human, social, organizational, economic and technical factors that must be considered, techniques for understanding the interactions among them, and positive steps that can be taken to better protect and defend our information and critical infrastructure.
Deanna Caputo, MITRE Corporation
Stephanie Forrest, University of New Mexico
Qing Hu, City University of New York
Brian LaMacchia, Microsoft Research
Oded Nov, New York University
Sasha Romanosky, RAND Corporation
Stefan Savage, University of California, San Diego
Timothy Summers, University of Maryland, College Park
Susan Winter, University of Maryland, College Park
Heng Xu, Pennsylvania State University
With Support From
Lorenzo Alvisi, University of Texas at Austin
Ann Drobnis, CCC
Keith Marzullo, University of Maryland, College Park
The Computing Community Consortium (CCC) will cover travel expenses for all participants who desire it. Participants are asked to make their own travel arrangements to get to the workshop, including purchasing airline tickets. Following the symposium, CCC will circulate a reimbursement form that participants will need to complete and submit, along with copies of receipts for amounts exceeding $75.
In general, standard Federal travel policies apply: CCC will reimburse for non-refundable economy airfare on U.S. Flag carriers; and no alcohol will be covered.
For more information, please see the Guidelines for Participant Reimbursements from CCC.
Additional questions about the reimbursement policy should be directed to Ann Drobnis, CCC Director (adrobnis [at] cra.org).