Berlin meets Belfast: A Recap of the 5th Global Cybersecurity Technology Research Summit 2015

One week ago, the 5th Global Cybersecurity Technology Research Summit organised by the Centre for Secure Information Technologies (CSIT) at Queen’s University Belfast (QUB) took place. This year’s conference was underpinned by the theme “A Future Legacy” and was tied to Belfast’s heritage as a hub for industry and engineering. Among the more than hundred participants from academia, industry and governments, future technological developments and challenges were discussed. Specifically the societal element of cybersecurity was one of the core focuses of this year’s keynotes and break-out sessions, depicting a new as well as a necessary trend within the field.

Day 0: Let the hacking begin

One day prior to the official start of the main Summit, attendees had the chance to engage in a capture the flag hackathon. Some Twitter-Posts display that the competitors took the task very seriously and – for once and officially – hacking was allowed and actually more than welcomed. Day 0 ended with a brief speaker’s session which involved Pizza and free drinks and hopefully comforted all the ones who lost or simply missed to eat throughout the day.

Nobody has gone up for sandwiches yet! The hackers are too busy hacking – food is an unwanted distraction! #Belfast2015

— Cyberlytic (@CyberlyticUK) 18. März 2015

Security means Resilience

The main Summit started on Thursday the 19^th of March and opened with the announcement that CSIT at QUB had secured further funding for cyber security research on Smart Cities and the Internet of Things.

Prof John McCanny kicking off proceedings at #Belfast2015 with £38 million announcement of funding for next 5 years pic.twitter.com/sl6BeTlWaf — CSIT (@CSIT_QUB) 19. März 2015

With this pleasant news in mind the event was kicked off by Professor John McCanny (CSIT), whereby in the course of the next days all speakers accentuated the importance to be able to assess, prevent and defeat cyber threats and to generate a robust and resilient internet based on adequate software and hardware solutions. Certainly methods such as detecting anomalies, conducting malware or behavioural analyses or simply monitoring access controls – which have been discussed and displayed at the Summit – are ways of dealing with the issue. However, the presenters were aware that not addressing the root causes of threats and risks will not provide sufficient solutions for the future. It is therefore that the aspects of human security and collaboration were prominent ideas across the Summit.

The Human Element in Cybersecurity

The factor human in cybersecurity ranges from the handling of insider threats, ensuring privacy and data protection, to the notion of victimology, up to the general needs and requirements of customers. The Summit took in this regard a specific interest in emphasising the individual, which was reflected in all presentations but was specifically discussed in the context of two break-out sessions which dealt with the topic of political activism and psychological dynamics online. Besides, as it is difficult to guarantee technical security despite the fallibility caused by human errors, the human element is and should be part of any cybersecurity equation.

“The weakest link in any secure system…in other words…the human” – @maryCyPsy #cybersecurity #Belfast2015

— Jonny Voon (@JonnyVoon) 19. März 2015

The inclusion of non-technical research areas at the Summit is therefore a positive development and should foster a debate on the progression of a multi- and transdisciplinary research field that touches upon both technical as well as societal factors. The just recently set up Leverhulme Interdisciplinary Network on Cybersecurity and Society (LINCS) at QUB will hopefully influence this trend further.

How to Influence People To Care?

Align with the idea to focus more on the human element in cybersecurity considerations, speakers such as Jon Browning (OCSIA) stressed the need to get more people demand appropriate security solutions. This sentiment on making people aware of the importance of cybersecurity and to evaluate and be cautions about potential security risk online was followed by the request to involve more people in cybersecurity education and was specifically thematised by Dr Douglas Maughan (US DHS). A quick survey among the Summit participants in the course of his presentation revealed an age gap among the audience; less than ten people were under thirty years of age. This outcome reflects the overall cybersecurity sector which is facing a significant recruitment problem across all nation states and was noted by Maughan.

Collaboration and Information Sharing

This idea of not being able to simply protect the internet and/or the human online was accompanied by the constant and reoccurring theme to engage in collaboration and information sharing. Zach Tudor (SRI International) and Suren Gupta (Allstate) articulated this issue as a prevalent topic in cyber protection and essential to proceed with future developments. This was echoed by Mark Schloesser (Rapid7) who in the course of his presentation referred to the Internet-Wide Scan Data Repository and Recog as positive examples of research data sharing and publicly archiving collected information. According to Schloesser the cybersecurity field has to embrace the community and reduce Intellectual Property while using Open Source Software where possible. This statement certainly set his presentation apart from the rest and highlights one of the first commitments and hopefully also future developments to the demand for collaboration expressed across the attendees.

My Personal Résumé

Overall, the 5th Global Cybersecurity Technology Research Summit 2015 encompassed far more than the here outlined issues. The topics stretched from the successful setup and support of start-ups up to the governmental steps taken to implement cybersecurity in small and medium-sized enterprises. However, what I take away from these couple of days is certainly that companies seem to require and actually want users to demand security. It is therefore that we should not tolerate flawed and insufficiently debugged software and make our voice heard. Moreover, security should no longer be an opt-in option – neither for users nor the industry – but ensured and guaranteed by default.

This goes along with the need to shift the focus from a purely technical to an interdisciplinary research field that is able to address all factors which come into play when developing cybersecurity solutions. Social scientists and ethicists are needed to not let technology run ahead of itself, leaving major societal developments or problems aside. As we live in a digitalised society, but are most certainly not yet digital beings, the human has to be at the heart of all debates on and developments in cybersecurity. Treating the internet as a separate entity independent of society can simply not lead to favourable outcomes. Thus, all sectors of the cybersecurity field – academia, industry and policy makers – need to be committed to knowledge exchange which underlines the importance of events such as the Cybersecurity Summit in Belfast.

Further Links of Relevance:

• PhD opportunities with the Leverhulme Interdisciplinary Network on Cybersecurity and Society (LINCS) at Queen’s University Belfast (Deadline: 1st April 2015)
• Representatives of the cybersecurity sector are invited to participate in my current study on the perceptions of digital disobedience in the context of the tech-industry. The Participant Information Sheet provides details on the scope and focus of the study and the data protection measures taken in this research.

This post is part of a weekly series of articles by doctoral canditates of the Alexander von Humboldt Institute for Internet and Society. It does not necessarily represent the view of the Institute itself. For more information about the topics of these articles and asssociated research projects, please contact info@hiig.de.