The UK Government-funded Cyber Security Knowledge Transfer Network has awarded a team of security and human behaviour experts a contract to study human vulnerabilities in security systems.
The winning consortium includes leading academic researchers with expertise in psychology, criminology, computing, management and marketing, and security practitioners from some of the UK’s leading companies.
The study reflects concern that more needs to be done to help organisations and individual users of cyber space protect themselves and the UK’s critical infrastructure from the increase in cyber attacks and organised e-crime. Criminals and hackers frequently dupe users into releasing sensitive and valuable information or introducing viruses onto their computers and associated networks, often employing sophisticated social engineering techniques to exploit these human weaknesses.
The winning team will outline best practice and make recommendations as to how the IT industry can encourage computer users to behave in a far more secure manner when surfing the internet and doing business in cyber space. These recommendations will take the form of a white paper that will be produced in the spring and made publicly available to ensure the study benefits the widest possible audience.
The team will be chaired by M. Angela Sasse, Professor of Human-Centred Technology at UCL, and the group’s final report will be reviewed by Bruce Schneier, founder and CTO of BT Counterpane.
Professor Sasse will be supported by a number of industry security experts, including representatives of BT, HP, Microsoft, Qinetiq and Vodafone and 11 leading academics from UK universities. These include Professor Martin Gill, one of the world’s leading criminologists, Professor Fred Piper, one of the pioneering researchers in computer security, human behaviour researchers from the Defence Academy and software engineering researchers from Oxford University.
Announcing the award of the contract Dr Sadie Creese, Director of the Cyber Security KTN, said: ‘The breadth and depth of the winning consortium is exceptional. The role of the KTN is to bring together the cream of UK industrial, academic and government expertise and the team assembled under Professor Sasse certainly meets that requirement. Vulnerabilities introduced by human behaviour are often at the heart of security problems and I expect this team to make a valuable and practical contribution to the community’s understanding of this important issue.’
Welcoming her team’s successful bid, Professor Sasse said: ‘The IT security community has given only patchy consideration to the human factor in security and I welcome the opportunity to help improve our collective understanding of this critical area and translate it into practical advice for companies and individual users.’