Proving the Negative (PTNPod): Swanning About in Cyber Security Oxford University

Resilience, cool communicators and space robots. This episode wraps a brilliant season of PTNPod, with Ari and Claudine's favourite 5 moments. In this episode we talk about Anirudh's need for long-term research into how social media affects communication, Klaudia's innovative research methods and the benefits of listening, Dr Harmonie telling us about power and responsibility, Sean's fantastic description of cyber security as an investigation of human and device behaviours, and Dr Mary's take on securing robots in space.

For the "Swiss cheese" model Ari talks about, check out the original source (James Reason, 1990, "The Contribution of Latent Human Failures to the Breakdown of Complex Systems") and this video: https://www.roundtabletechnology.com/blog/what-do-cybersecurity-and-swiss-cheese-have-in-common.

Many, many thanks to everybody listening, to those of you who got stuck in (being interviewed, letting us ask questions, helping us set everything up...), and to the Cyber Security CDT, Computer Science Department and University of Oxford for hosting us.

SPECIAL CONFERENCE EPISODE getting the inside scoop on UK Cyber Strategy. We were invited to the annual Academic Centres of Excellence in Cyber Security Research (ACE-CSR) conference. This week is a deep dive into how collaboration between research, industry and government supports wider national objectives. We look at how exactly cutting edge research is done, and drawn into the wider UK ecosystem in support of the National Cyber Strategy (to be confident, capable and resilient).

We were fortunate to be able to meet with a lot of people over the course of the conference. As a result, this week's incredible guest list is rather longer than usual:
Chris Ensor is a Deputy Director of the National Cyber Security Centre (NCSC), Dr Bernard Parsons MBE is the Chief Executive Officer and Co-Founder of Becrypt, Dr Harmonie Toros is a Reader in International Conflict Analysis and Deputy Director of the Institute of Cyber Security for Society (iCSS) at the University of Kent, Furrah Hussain is Programme Manager for the Research Institute in Trustworthy Inter-connected Cyber-Physical Systems (RITICS) at Imperial College London, Dr Fabio Pierazzi is a Lecturer in Computer Science at Kings College London, John W5 works for the NCSC as part of the Sociotechnical Security Group, Awais Rashid is Professor of Cyber Security at the University of Bristol, Andrew Martin is Professor of Systems Security at the University of Oxford, Professor Steve Schneider is the Director of the Surrey Centre for Cyber Security at the University of Surrey, Andrew Hood is a Lecturer in Cyber Security at Cardiff University, Matthew Boakes is a PhD candidate at the University of Kent, Marios Samanis, Maria Sameen and Priyanka Badva are PhD candidates at the University of Bristol.

We discuss communication challenges and pipeline problems in cyber security. This week we are joined by our CDT Director, an Industry Representative from our Advisory Board, and an CDT14 Graduate! We discuss how the challenges of interdisciplinary work translate from research to the cyber security sector, and chat about the current skills gap.

Andrew Martin, Professor of Systems Security at the University of Oxford, is the Founder and Director of the CDT. His research interests focus on distributed systems and applications of Trusted Computing technologies (particularly in cloud, mobile, and embedded applications - embodied now in the concept of the Internet of Things).

Dr Louise Axon, Research Associate in Cyber Security within the Cyber Analytics group at Oxford, took part in the CDT as part of the 2014 cohort. Her research interests include risk and cyber-insurance; security of distributed-ledger technologies; and cybersecurity capacity building. Louise is currently the Council Fellow for the World Economic Forum’s Global Future Council on Cybersecurity.

Kevin McMahon, member of the CDT's Academic Board, is the Chief Executive Officer of Cyjax (https://www.cyjax.com), a London-based threat intelligence company that has been protecting businesses, securing data and maintaining reputations since 2012.

Surprising social media harms and the Online Safety Bill. This week we're talking about Claudine's research into long term harms of social media content and managing the 'mundane'. (Content warning: Post traumatic stress disorder (PTSD), reference to eating disorders).

Claudine's research investigates the role of individual differences in predicting and moderating experiences of subjective harm associated with social media use. To explore that relationship, she is preparing a large-scale collection of in-situ data on emotional responses to social media use and context using a mobile experience sampling method (ESM). She also plans to conduct a series of participatory design workshops that will explore innovative ways to visualise the data collected from the ESM in a manner that provides users with meaningful insight into their social media use.

Claudine has previously worked in immigration law, post-conviction justice, and bankruptcy court. She has also volunteered as an assistant to the Papers Chairs for the Conference on Human Factors in Computing and served as a member of the editorial board for the Journal of Responsible Technology.

Outside of her research, Claudine serves as the Technology Policy advisor for We and AI, a non-profit organisation that works to increase awareness and understanding of bias in artificial intelligence amongst the general UK population.

Links for this week: Journal of Social Media in Society (https://thejsms.org/index.php/JSMS/about); New Media in Society (https://journals.sagepub.com/home/nms); Conference on Human Factors in Computing Systems (https://chi2022.acm.org); Wired (https://www.wired.com).

Data protection and making consent more of a conversation. Listen up, and prosper! This week we're talking about Ari's research into why experts need to build (or architect) systems with better consent options, so users have more of a choice about the data they share.

Ari's academic work relates to data protection. She argues that the burden of communication (i.e. of informing) falls on experts to communicate clearly and concisely instead of on users to understand dense technical language. Ari has collaborated with Computer Scientists, Lawyers and Medical researchers. She also educates in and out of the classroom; running classes and workshops, and cyber-policy competitions, crisis simulations and hackathons. Outside of this, Ari has led cyber security work within UK innovation testbeds, focusing on secure and trustworthy information exchange for next-generation telecommunications. Her ethos is that cyber security is strategic, it is a business enabler, and the best cyber security cultures are positive and pro-active.

You can find Ari on Twitter: @schulite
If you want to read more about Royal Free and Google: https://medconfidential.org/whats-the-story/health-data-ai-and-google-deepmind

Recent outputs: What societal values will 6G address? (6G-IA working group: https://6g-ia.eu/single_post/?slug=6g-ia-white-paper-what-societal-values-will-6g-address-societal-key-values-and-key-value-indicators-analysed-through-6g-use-cases); Tabitha L. James, Jennifer L. Ziegelmayer, Arianna Schuler Scott and Grace Fox (2021). A Multiple-Motive Heuristic-Systematic Model for Examining How Users Process Android Data and Service Access Notifications, doi: 10.1145/3447934.3447941; Arianna Schuler Scott, Michael Goldsmith & Harriet Teare (2019). Wider Research Applications of Dynamic Consent, doi: 10.1007/978-3-030-16744-8_8

We’re learning about speech interfaces and hacking home assistants with nonsense and wordplay. This week we're talking with Mary about speech interface attacks (how hackers can turn your voice assistant against you with utter nonsense), pentesting and space robots! Creative Commons Attribution-Non-Commercial-Share Alike 2.0 UK: England & Wales; http://creativecommons.org/licenses/by-nc-sa/2.0/uk/