权益分类	功能权益	普通用户	{{item.name}}会员
{{category.name}}	{{benefitItem.name}}

Reconfiguring Citizen Participation in Cybersecurity

重新配置公民参与网络安全

基本信息

批准号：
BB/T018593/1
负责人：
Julia Slupska
金额：
$ 2.56万
依托单位：
University of Oxford
依托单位国家：
英国
项目类别：
Research Grant
财政年份：
2020
资助国家：
英国
起止时间：
2020 至无数据
项目状态：
已结题

来源：
https://gtr.ukri.org/projects?ref=BB%2FT018593%2F1
关键词：
Reconfiguring Citizen Participation Cybersecurity

项目摘要

What threats count in cybersecurity? As a field, cybersecurity can seem obscure and daunting to outsiders, a domain for hackers, cyber-warriors and technical experts, who are more often than not male. Yet, everyone is exposed to potentially vulnerable technology. This research project pioneers a model of citizen participation in cybersecurity both to empower citizens in relation to their own cybersecurity practices and advance the field of cybersecurity by incorporating their perspectives and personal experiences.Feminist theorists have challenged binaries of personal/political violence in conventional security studies, arguing these ignore or diminish the threat of gender-based violence and threats to women's security. Unfortunately, the field of cybersecurity has not incorporated these insights on the relationship between the personal and the political and therefore risks omitting many forms of technological abuse from the "threat models" that shape where researchers investigate challenges to security. Threat modelling procedures in cybersecurity often rely on experts to identify vulnerabilities and potential attackers. Despite being presented as abstract and impartial, this process often reflects assumptions about the causes of insecurity among elite technology users. For example, our pilot research conducted between the Oxford Internet Institute (OII) and UCL Department of Science, Technology, Engineering and Public Policy (STEaPP) found that intimate threats are ignored in the security analyses and the design of smart home devises, which focus instead on threats like hackers or burglars (Slupska 2019). Emerging Internet of Things and smart home devices can leave people vulnerable to new classes threats from their domestic partners (Leitão 2019; Tanczer et al. 2018).By inviting citizens to participate in defining both what makes them feel threatened online, and how they could feel empowered to counter those threats, this project will humanise cybersecurity methods and create new opportunities for citizens to engage with shaping the research questions that they think should matter within cybersecurity. This project will do this by running eight co-design workshops on citizen cybersecurity. Each workshop will reconfigure assumptions about technical expertise by providing free digital security training to empower citizens to reflect on their own practices and to surface new types of threats to contribute to cybersecurity knowledge. Facilitators will also lead opt-in group discussions and focus groups on the relationships between personal experience and cybersecurity knowledge. Our objectives are to improve existing practices through reflective discussion, promote citizens' active involvement in their own cybersecurity, and solicit input for shaping and refining the directions of the academic field. The workshops will be free and open to all and will be hosted in conjunction with community organisations in the Oxford, London and Paris metro areas. Each participant will leave the workshop with practical advice on how to improve their cybersecurity practices. Participants will also have the opportunity to voluntarily contribute their observations, experiences, and stories with researchers in an open and safe environment to contribute to research. We will also elicit volunteers for coding and analysing data, and work to develop how we might use workshop participants to train others.This project will bring together partners in the Oxford Internet Institute; the Centre for Doctoral Training in Cybersecurity at the University of Oxford; the Gender and IoT project at the UCL Science, Technology and Public Policy Department; Power Play, a feminist activist theatre company, and Darktrace, a cyber-defence company. We will also work with community groups in Oxford, London and Paris in hosting and publicising each workshop and recruiting potential participants.

网络安全中有哪些威胁？作为一个领域，网络安全在外人看来似乎晦涩难懂，令人望而生畏，这是黑客、网络战士和技术专家的领域，他们往往是男性。然而，每个人都暴露在潜在的脆弱技术之下。该研究项目开创了一种公民参与网络安全的模式，既能使公民在自己的网络安全实践中获得权力，又能通过整合他们的观点和个人经验来推进网络安全领域的发展。女权主义理论家对传统安全研究中个人/政治暴力的二元对立提出了挑战，认为这些二元对立忽视或削弱了基于性别的暴力的威胁以及对妇女安全的威胁。不幸的是，网络安全领域并没有将这些关于个人和政治之间关系的见解纳入其中，因此有可能从研究人员调查安全挑战的“威胁模型”中忽略许多形式的技术滥用。网络安全中的威胁建模程序通常依赖于专家来识别漏洞和潜在的攻击者。尽管这个过程被描述为抽象和公正的，但它往往反映了对精英技术用户不安全感原因的假设。例如，我们在牛津互联网研究所（OII）和伦敦大学学院科学、技术、工程和公共政策部（STEaPP）之间进行的试点研究发现，在安全分析和智能家居设备的设计中忽略了亲密威胁，而将重点放在黑客或窃贼等威胁上（Slupska 2019）。新兴的物联网和智能家居设备可能使人们容易受到来自家庭伴侣的新类威胁（leit<e:1>, 2019； Tanczer等，2018）。通过邀请公民参与定义什么使他们在网上感到受到威胁，以及他们如何感到有权应对这些威胁，该项目将使网络安全方法人性化，并为公民创造新的机会，参与塑造他们认为在网络安全中应该重要的研究问题。这个项目将通过举办8个关于公民网络安全的共同设计研讨会来实现这一点。每个研讨会将通过提供免费的数字安全培训，重新配置对技术专业知识的假设，使公民能够反思自己的实践，并提出新的威胁类型，以促进网络安全知识。主持人还将引导可选择的小组讨论和焦点小组讨论个人经验与网络安全知识之间的关系。我们的目标是通过反思性讨论来改进现有的实践，促进公民积极参与自己的网络安全，并为塑造和完善学术领域的方向征求意见。讲习班将免费向所有人开放，并将与牛津、伦敦和巴黎地铁地区的社区组织联合举办。每位与会者将在研讨会结束时就如何改善网络安全实践提出实用建议。参与者也将有机会在一个开放和安全的环境中自愿向研究人员贡献他们的观察、经验和故事，为研究做出贡献。我们还将吸引志愿者编码和分析数据，并努力开发如何利用讲习班参与者来培训其他人。该项目将汇集牛津互联网研究所的合作伙伴；牛津大学网络安全博士培训中心；伦敦大学学院科技与公共政策系性别与物联网项目；女权主义激进戏剧公司Power Play和网络防御公司Darktrace。我们还将与牛津、伦敦和巴黎的社区团体合作，主办和宣传每个研讨会，并招募潜在的参与者。