Human Centric research
“By developing better understanding of the complex relationship between data technology and people. We will be able to influence the development and use of technologies for data to lead to better societal outcomes.” … We will develop new understandings of the integrated correlation between the understanding of the cyber landscape and the managing thereof through governance structure, culture and awareness.
The main efforts of the Human centric security focus area will be targeted at two scientific challenges: top down and bottom up. These foci is spilled around the Data61 Science Vision’s headline H4 – Shaping societal transformations.
Scientific challenge 1: Transforming cybersecurity governance. How can we identify cybersecurity governance needs and remedies through a dynamic adaptive approach to cyber threat landscaping so that the resultant governance framework is comprehensive, and easily implemented and integrated in cybersecurity management?
The challenge is to design and develop a cybersecurity governance framework that is flexible enough to evolve with a changing threat landscape, but also fixed to such an extent that identified and previously solved security breaches and incidents do not reoccur under known circumstances. The challenge extends further to enable the building of a model that is re-usable for different clients, taking into cognisance the ever-changing technology landscape and the unique set of attributes that make up each entity within the cyber domain. The aim is to model the complex cyber environment and present this in a structured manner according to client needs in an easily understood and implemented governance framework.
A number of different approaches to cybersecurity governance exist. Yet, the existing frameworks are often generic or too broad in the sense that they encourage tick box cybersecurity exercises without the in-depth insight that are really required to ensure that entities are adequately prepared to mitigate cyber attacks and events. In many instances, existing approaches to cybersecurity governance are theoretical in nature, lacking the practical guidance that is often needed to lessen the effect of a cyber attack or incident.
The ultimate challenge that will be addressed is to make cybersecurity governance accessible to the users in a manner that is comprehensive in terms of the scope and content, yet not overwhelming to the implementer or a burden to the technology user. By succeeding in this goal, the cybersecurity domain will become a platform where Australian (and ultimately international) networks will be supporting each other in threat intelligence sharing and building national cyber resilience. By developing an adaptive approach to cybersecurity governance, entities (including federal, state and territorial, business and startup levels) will be able to take practical steps towards more effectively taking charge of their cybersecurity space governance. When we solve this scientific challenge, clients will be empowered to maximise their cybersecurity knowledge towards practical application that will not only benefit themselves, but also the larger Australian cyber ecosystem.
Scientific challenge 2: Transforming online risk resilience hardening. How can we increase technology users’ online risk resilience and make cybersecurity culture more tangible through targeted online risk resilience hardening?
Cybersecurity is a complex global phenomenon where different populations interact, and the infection of one person creates risk for another. Despite more and more privacy laws and global awareness of privacy content and consent, more and more people are falling victim to privacy related online cyber events. In the fast paced world of online data exchanges and global data sharing at the speed of light, online users need to be able to bounce back to a secured state as soon as possible after an incident. Therefore, building online risk resilience needs to be a main focus of any cyber technology user. Given the dynamics and scope of cyber campaigns, the best way to address the lack of cybersecurity awareness and to instil a cyber culture within cyber users is to transform the current approach to cybersecurity awareness. By shifting the focus to online risk resilience hardening, cyber users become the centre of design, with knowledge material becoming more accessible, easy-to-understand, easy-to-follow and relevant to the target audience. The overall challenge of this capability is to change the perception that people have about cybersecurity awareness. How can we encourage Australians to take cybersecurity seriously? How can we instil a permeating cybersecurity culture within people interfacing with the cyber domain?
Although a number of different cybersecurity approaches exist globally, the rate of dynamism within the cyber space is increasing, and the rate of cyber infections and resultant financial losses are growing. By furthering our understanding of the human user’s thought patterns, decision making approaches and online behaviour, we aim to more accurately predict targeted vulnerabilities within user groups. This will enable us to present vulnerable user groups with a more targeted and tailored online risk resilience hardening experience. By empowering technology users to immerse themselves into a tailored hardening experience, the overall perception towards traditional cybersecurity awareness will be improved. Users will experience a cyber approach that are more aligned with societal needs and requirements.
Our aim is to gain a better understanding of the target audiences by working with them to measure the relevancy of planned and delivered cybersecurity awareness campaigns. This approach will enable the Distributed Systems Security group to use data provided by the stakeholders to prepare a relevant and useful cybersecurity experience. The challenge is to position cyber as an innovation enabler to address cyber solutions as required by individual clients and stakeholders. The ultimate focus of this scientific challenge is to enhance people’s ability to use connected technology more powerfully in an ever-connected world, and scaling this to a global level.