Visioning Activity

Sociotechnical Cybersecurity

Information and Communications Technology (ICT) has taken a central role in modern society. Unfortunately, malicious hackers and cybercrime have become a stubborn and expensive part of the ICT landscape. This has made providing cybersecurity a defining challenge for our era. Many strategic plans and National Academies of Sciences (NAS) studies have been written, and billions of dollars have been spent on the development and deployment of innovative cybersecurity solutions, but our network infrastructure, devices and organizations are increasingly insecure against threats.

Quite recently (in January 2016), the federal government released a new cybersecurity federal R&D strategic plan – this one mandated by Congress – that is novel in that it engages the socio-technical nature of the systems that we are securing. The plan also emphasizes the need for understanding the efficacy of different approaches, albeit empirically, economically, or mathematically. However, in order to make meaningful progress, using a socio-technical approach requires innovation driven by informational and experiential diversity.

A socio-technical approach to cybersecurity recognizes that the science and technology deployed to protect and defend our information and critical infrastructure must consider human, social, organizational, economic and technical factors, as well as the complex interaction among them, in the creation, maintenance, and operation of our systems and infrastructure.

The CCC will convene two workshops in order to advocate an evidence-based sociotechnical cybersecurity approach, integrating the best research evidence with diverse cybersecurity expertise and broadening the consideration of ICT user characteristics.

Goals of these two workshops include:

• Using the grand challenges to promote effective and appropriate consideration of the socio-technical factors and sound and effective principles of cybersecurity assessment, evaluation, and intervention.
• Identifying the human, social, organizational, economic and technical factors and techniques for understanding the interactions among them through a socio-technical approach.
• Discovering positive steps that can be taken to better protect and defend our information and critical infrastructure.

Call for White Papers

As a part of this effort, the workshop organizing committee has released a call for white papers in order to both assist us in organizing the workshop and in selecting attendees. Authors of informative and well-crafted white papers may be invited to the Sociotechnical Cybersecurity workshop.

Read the full call for proposals here.

Workshops

December 12-13, 2016 – Workshop 1
August 8-9, 2017 – Workshop 2

Members of the Organizing Committee

• Lorenzo Alvisi, Professor of Computer Science at the University of Texas, Austin
• Deanna Caputo, Principal Behavioral Psychologist, MITRE
• Stephanie Forrest, Distinguished Professor of Computer Science, University of New Mexico
• Qing Hu, Professor of Information Systems and Associate Dean for Academic Initiatives and Innovation in the Zicklin School of Business at Baruch College – the City University of New York
• Brian LaMacchia, Director Security & Cryptography, Microsoft Research
• Keith Marzullo, Dean of the College of Information Studies, University of Maryland
• Oded Nov, Professor in Technology Management in the Tandon School of Engineering, New York University
• Sasha Romanosky, Policy Researcher, RAND Corporation
• Stefan Savage, Professor in the Department of Computer Science and Engineering, UC San Diego
• Timothy Summers, Professor and Director of Innovation, Entrepreneurship, and Engagement in the College of Information Studies, University of Maryland
• Susan Winter, Associate Dean for Research, College of Information Studies, University of Maryland
• Heng Xu, Professor in the College of Information Sciences and Technology, Pennsylvania State University