Technospheres

Resilience, cool communicators and space robots. This episode wraps a brilliant season of PTNPod, with Ari and Claudine's favourite 5 moments. In this episode we talk about Anirudh's need for long-term research into how social media affects communication, Klaudia's innovative research methods and the benefits of listening, Dr Harmonie telling us about power and responsibility, Sean's fantastic description of cyber security as an investigation of human and device behaviours, and Dr Mary's take on securing robots in space. For the "Swiss cheese" model Ari talks about, check out the original source (James Reason, 1990, "The Contribution of Latent Human Failures to the Breakdown of Complex Systems") and this video: https://www.roundtabletechnology.com/blog/what-do-cybersecurity-and-swiss-cheese-have-in-common. Many, many thanks to everybody listening, to those of you who got stuck in (being interviewed, letting us ask questions, helping us set everything up...), and to the Cyber Security CDT, Computer Science Department and University of Oxford for hosting us.

SPECIAL CONFERENCE EPISODE getting the inside scoop on UK Cyber Strategy. We were invited to the annual Academic Centres of Excellence in Cyber Security Research (ACE-CSR) conference. This week is a deep dive into how collaboration between research, industry and government supports wider national objectives. We look at how exactly cutting edge research is done, and drawn into the wider UK ecosystem in support of the National Cyber Strategy (to be confident, capable and resilient). We were fortunate to be able to meet with a lot of people over the course of the conference. As a result, this week's incredible guest list is rather longer than usual: Chris Ensor is a Deputy Director of the National Cyber Security Centre (NCSC), Dr Bernard Parsons MBE is the Chief Executive Officer and Co-Founder of Becrypt, Dr Harmonie Toros is a Reader in International Conflict Analysis and Deputy Director of the Institute of Cyber Security for Society (iCSS) at the University of Kent, Furrah Hussain is Programme Manager for the Research Institute in Trustworthy Inter-connected Cyber-Physical Systems (RITICS) at Imperial College London, Dr Fabio Pierazzi is a Lecturer in Computer Science at Kings College London, John W5 works for the NCSC as part of the Sociotechnical Security Group, Awais Rashid is Professor of Cyber Security at the University of Bristol, Andrew Martin is Professor of Systems Security at the University of Oxford, Professor Steve Schneider is the Director of the Surrey Centre for Cyber Security at the University of Surrey, Andrew Hood is a Lecturer in Cyber Security at Cardiff University, Matthew Boakes is a PhD candidate at the University of Kent, Marios Samanis, Maria Sameen and Priyanka Badva are PhD candidates at the University of Bristol.

We discuss communication challenges and pipeline problems in cyber security. This week we are joined by our CDT Director, an Industry Representative from our Advisory Board, and an CDT14 Graduate! We discuss how the challenges of interdisciplinary work translate from research to the cyber security sector, and chat about the current skills gap. Andrew Martin, Professor of Systems Security at the University of Oxford, is the Founder and Director of the CDT. His research interests focus on distributed systems and applications of Trusted Computing technologies (particularly in cloud, mobile, and embedded applications - embodied now in the concept of the Internet of Things). Dr Louise Axon, Research Associate in Cyber Security within the Cyber Analytics group at Oxford, took part in the CDT as part of the 2014 cohort. Her research interests include risk and cyber-insurance; security of distributed-ledger technologies; and cybersecurity capacity building. Louise is currently the Council Fellow for the World Economic Forum’s Global Future Council on Cybersecurity. Kevin McMahon, member of the CDT's Academic Board, is the Chief Executive Officer of Cyjax (https://www.cyjax.com), a London-based threat intelligence company that has been protecting businesses, securing data and maintaining reputations since 2012.

Surprising social media harms and the Online Safety Bill. This week we're talking about Claudine's research into long term harms of social media content and managing the 'mundane'. (Content warning: Post traumatic stress disorder (PTSD), reference to eating disorders). Claudine's research investigates the role of individual differences in predicting and moderating experiences of subjective harm associated with social media use. To explore that relationship, she is preparing a large-scale collection of in-situ data on emotional responses to social media use and context using a mobile experience sampling method (ESM). She also plans to conduct a series of participatory design workshops that will explore innovative ways to visualise the data collected from the ESM in a manner that provides users with meaningful insight into their social media use. Claudine has previously worked in immigration law, post-conviction justice, and bankruptcy court. She has also volunteered as an assistant to the Papers Chairs for the Conference on Human Factors in Computing and served as a member of the editorial board for the Journal of Responsible Technology. Outside of her research, Claudine serves as the Technology Policy advisor for We and AI, a non-profit organisation that works to increase awareness and understanding of bias in artificial intelligence amongst the general UK population. Links for this week: Journal of Social Media in Society (https://thejsms.org/index.php/JSMS/about); New Media in Society (https://journals.sagepub.com/home/nms); Conference on Human Factors in Computing Systems (https://chi2022.acm.org); Wired (https://www.wired.com).

Data protection and making consent more of a conversation. Listen up, and prosper! This week we're talking about Ari's research into why experts need to build (or architect) systems with better consent options, so users have more of a choice about the data they share. Ari's academic work relates to data protection. She argues that the burden of communication (i.e. of informing) falls on experts to communicate clearly and concisely instead of on users to understand dense technical language. Ari has collaborated with Computer Scientists, Lawyers and Medical researchers. She also educates in and out of the classroom; running classes and workshops, and cyber-policy competitions, crisis simulations and hackathons. Outside of this, Ari has led cyber security work within UK innovation testbeds, focusing on secure and trustworthy information exchange for next-generation telecommunications. Her ethos is that cyber security is strategic, it is a business enabler, and the best cyber security cultures are positive and pro-active. You can find Ari on Twitter: @schulite If you want to read more about Royal Free and Google: https://medconfidential.org/whats-the-story/health-data-ai-and-google-deepmind Recent outputs: What societal values will 6G address? (6G-IA working group: https://6g-ia.eu/single_post/?slug=6g-ia-white-paper-what-societal-values-will-6g-address-societal-key-values-and-key-value-indicators-analysed-through-6g-use-cases); Tabitha L. James, Jennifer L. Ziegelmayer, Arianna Schuler Scott and Grace Fox (2021). A Multiple-Motive Heuristic-Systematic Model for Examining How Users Process Android Data and Service Access Notifications, doi: 10.1145/3447934.3447941; Arianna Schuler Scott, Michael Goldsmith & Harriet Teare (2019). Wider Research Applications of Dynamic Consent, doi: 10.1007/978-3-030-16744-8_8

We’re learning about speech interfaces and hacking home assistants with nonsense and wordplay. This week we're talking with Mary about speech interface attacks (how hackers can turn your voice assistant against you with utter nonsense), pentesting and space robots!

Instead of passwords, what if computers used our high fives to log us in? Okay, so what if instead of passwords, gadgets high fived us instead? This week we're talking with Klaudia about behavioural biometrics, usable security and how hackers might try to mimic gestures and body language! Klaudia is a doctoral student at the Centre for Doctoral Training in Cyber Security at the University of Oxford and the recipient of the Women Techmakers scholarship 2019. Her research focuses on leveraging the heterogeneity of IoT devices to improve the security of smart environments. She graduated from the NordSecMob programme in 2017, obtaining a master's degree in Security and Mobile Computing. Recent papers: Krawiecka, K. et al (2022). Biometric Identification System based on Object Interactions in Internet of Things Environments; Krawiecka, K. et al (2021). Plug-and-Play: Framework for Remote Experimentation in Cyber Security. In European Symposium on Usable Security 2021 (pp. 48-58). doi: 10.1145/3481357.3481518 Check out the Perspektywy Women in Tech Summit 2022: https://womenintechsummit.pl

Join us as we explore how to describe trust, reputation and messiness using maths! This week we're talking with Sean about how she translates the chaos of human relationships and interaction into precise, machine-readable descriptions. We learn why networks are useful for mapping out who (or what) is sharing information and building reputation. Sean’s main interest lies in describing social phenomena with mathematical and computational concepts. Her current focus is on trust (interactions with potentially risky parties) and reputation (sharing opinions on how risky a party is). Primarily, she studies how delays in information sharing can be exploited by malicious parties and how to prevent this. Personal pages: https://se-si.github.io; https://www.cs.ox.ac.uk/people/sean.sirur Recent papers: Properties of Reputation Lag Attack Strategies (2022, https://dl.acm.org/doi/abs/10.5555/3535850.3535985); Cooperation and distrust in extra-legal networks: a research note on the experimental study of marketplace disruption (2022, https://doi.org/10.1080/17440572.2022.2031152); Simulating the Impact of Personality on Fake News (2021, https://api.semanticscholar.org/CorpusID:244731942); The Reputation Lag Attack (2019, https://link.springer.com/chapter/10.1007/978-3-030-33716-2_4).

Sometimes threats come from inside the system (content warning: intimate partner violence). This week we're talking with Julia about how to model risk when the threat is known and trusted (e.g., coercion, manipulation and surveillance). Julia Slupska is a doctoral student at the Centre for Doctoral Training in Cybersecurity and the Oxford Internet Institute. Her research focuses on technologically-mediated abuse like image-based sexual abuse ('revenge porn') and stalking, as well as emotion, care and metaphors in cybersecurity. Julia's recent papers: Aiding Intimate Violence Survivors in Lockdown: Lessons about Digital Security in the Covid-19 Pandemic (https://dl.acm.org/doi/abs/10.1145/3491101.3503548); Cybersecurity must learn from and support advocates tackling online gender-based violence (https://unidir.org/commentary/cybersecurity-online-GBV). In this episode we refer to: Ashkan Soltani's article on what 'abusability' is (https://www.wired.com/story/abusability-testing-ashkan-soltani); an example of intimidation during court proceedings held over Zoom court hearing (https://www.youtube.com/watch?v=xgz3Tx69zXk); Trust and Usability Toolkit (https://northumbria.design/projects/trust-and-abusability-toolkit); RightsCon (FREE tickets until June 3rd 2022, rightscon.org/attend); USENIX conference (Privacy Engineering Practice and Respect, or PEPR).

Designing and building apps to protect children and young folk from data harms. This episode we're talking with Anirudh about how app design may affect children, and how data collected from apps could be putting kids at risk. Anirudh is a cyber security researcher at the University of Oxford and he is part of the Human Centred Computing group in the Computer Science department. In his research he focuses on children's privacy and data tracking in the mobile ecosystem. We mention the age-appropriate design code, here is some guidance on it from the UK Information Commissioner’s Office (ICO): https://ico.org.uk/for-organisations/guide-to-data-protection/ico-codes-of-practice/age-appropriate-design-code