Engaging Academia in Cybersecurity Research

Engaging Academia in Cybersecurity Research 

Across most academic fields, researchers are increasingly focused on outreach to relevant practitioner and policy communities. It can sharpen their sense of the key questions but also enable their research to have greater application and impact. In contrast, within the field of cybersecurity, policy and practitioners from governmental, non-governmental organizations (NGOs), like the World Bank, and business and industry are more dominant in the production of research. Academic researchers play a relatively less active role. That said, research on cybersecurity could be greatly enhanced if a larger and more multidisciplinary collection of academic researchers could be engaged to focus on issues of cybersecurity and build collaborative relationships with the policy and practitioner communities. 

Why is this the case, and what could be done to correct it? 

Courtesy Arthur Berger

The Dynamics Limiting Academia’s Role in Cybersecurity

I am but one of a growing set of multidisciplinary researchers with a focus on cybersecurity. The field is clearly engaging some top researchers and scholars from a variety of fields, evidenced by colleagues and centers at prominent universities, a growing number of journals and publications, and a dizzying number of events and conferences on topics within the field. Stellar academics, such as Professor David Clark at MIT, Professor Sadie Creese at Oxford University, and Bruce Schneier, a Fellow at the Berkman Center at Harvard, are strong examples. I would add Gabriella Coleman, a chaired professor at McGill University, and Professor Patrick Burkart at Texas A&M, to the list, even though they might not identify themselves as cybersecurity researchers. Many others could be added.  

Nevertheless, compared with other fields, cybersecurity research appears to be dominated more by the practitioner and policy communities. Cybersecurity is not a discipline but a multidisciplinary field of study. But it remains less multidisciplinary and more anchored within the computer sciences than some related fields, such as Internet studies as one comparator with which I am familiar. A number of possible explanations for the different multidisciplinary balance of this field come to mind. 

First, it is a relatively new field of academic research. It was preceded by studies of computer security, which were more computer science centric as they were more focused on technical advances in security systems. The development of shared computing systems and the Internet in particular, has greatly expanded the range of users and devices linked to computer systems, reaching over 4 billion users in 2020. In many respects, the Internet drove the transition from computer security to cybersecurity research and is therefore understandably young in relation to other academic fields of study. 

Secondly, the concept of cybersecurity carries some of the baggage of its early stages. While the characterisations evoked by concepts are often crude, the term often conjures up images of men in suits employed by large institutions trying to keep young boys out of their systems. My MSU colleague, Ruth Shillair, reminded me of the 1983 movie War Games. It is based around a young hacker getting into the backdoor of a major military computer system in ways that threatened to launch a world war, but which left the audience cheering for the young haker.

Today, big mainframe computers are less central than are the billions of devices in households and business and industry and governments across the world. Malicious users, rather than a child accidentally entering the backdoor of a military complex, are the norm. Yet cybersecurity carries some of this off-putting imagery from its early days into the present. 

Thirdly, it is an incredibly important field of research for which there is great demand. Many rising academics in the field of cybersecurity are snapped up by business, industry and governmental headhunters for lucrative positions rather than by academia. 

These are only a few of many reasons for the relative lack of a stronger multidisciplinary research community. Whatever initiatives might enhance its multidisciplinary make-up might also bring more academics as well as more academic disciplines into the study of cybersecurity. How could this be changed?

What Needs to Be Done?

First, academics involved with research on cybersecurity need to do more to network among themselves. This is somewhat of a chicken and egg problem as when there are relatively few academics in a field it seems less important to network with each other. However, until the field comes together to better define the field and its priorities for research, it is harder for it to flourish. Similarly, there are so many pulls to work with practitioners and the policy communities in this area that academic collaboration may seem like a distraction. It is not, as it is essential for the field to mature as an academic field of study. 

Secondly, the field needs to identify and promote academic research on cybersecurity that address big questions with major implications for policy and practice. On this point, some of the research at Oxford’s Global Cyber Security Capacity Centre (GCSCC) has made a difference for nations across the world. For example, the research demonstrates that nations that have enhanced their cybersecurity capacity building efforts have made a serious improvement in the experiences of their nations’ Internet users.[1] But this work is one of many examples of work that is meeting needs in this new area of technological and organizational advances. 

Thirdly, national governments need to place a greater priority on building this field of academia along with building their own cybersecurity capacities. Arguably, in the long run, a stronger academic field in cybersecurity will help nations advance cybersecurity capacity, such as by creating a larger pool of expertise and thought leadership in this area. 

This would be possible through a number of initiatives, from simply taking a leadership role in identifying the importance of the field to encouraging the public research councils and other funding bodies to consider the development of grant support for multidisciplinary research on cybersecurity.

For example, the UK’s Economic and Social Research Council (ESRC) generated early funding for what became the Programme on Information and Communication Technologies (PICT). The establishment of PICT helped to draw leading researchers, such as the late Roger Silverstone, into the study of the social aspects of information and communication technologies. Such pump-priming helped put the UK in an early strategic international position in research on the societal aspects of the Internet and related digital media. 

What factors are constraining the more rapid and widespread development of this field? What could be done to accelerate and deepen its development?

There are a host of other issues around whether policy makers and practitioners would value collaboration with academics, given that their time scales and methodologies can be so dramatically different.[2] That is for another blog, but in the interim, I’d value your thoughts on whether you agree on the need and approaches to further develop the multidisciplinary study of cybersecurity within academia.

Notes


[1] See: Creese, S., Shillair, R., Bada, M., Reisdorf, B.C., Roberts, T., and Dutton, W. H. (2019), ‘The Cybersecurity Capacity of Nations’, pp. 165-179 in Graham, M., and Dutton, W. H. (eds), Society and the Internet: How Networks of Information and Communication are Changing our Lives, 2nd Edition. Oxford: Oxford University Press.

[2] My thanks to Caroline Weisser Harris for suggesting a focus on this question of why practitioners and policy makers might or might not value collaboration with academia. 

How the #Infodemic is being Tackled

The fight against conspiracy theories and other fake news about the coronavirus crisis is receiving more help from the social media and other tech platforms, as a number of thought leaders have argued.[1] However, in my opinion, a more important factor has been more successful outreach by governmental, industry, and academic researchers. Too often, the research community has been too complacent about getting the results of their research to opinion leaders and the broader public. Years ago, I argued that too many scientists held a ‘trickle down’ theory of information dissemination.[2] Once they publish their research, their job is done, and others will read and disseminate their findings. 

Even today, too many researchers and scientists are complacent about outreach. They are too focused on publication and communication with their peers and see outreach as someone else’s job. The coronavirus crisis has demonstrated that governments and mainstream, leading researchers, can get their messages out if they work hard to do so. In the UK, the Prime Minister’s TV address, and multiple press conferences have been very useful – the last reaching 27 million viewers in the UK, becoming one of the ‘most watched TV programmes ever’, according to The Guardian.[3] In addition, the government distributed a text message to people across the UK about it rules during the crisis. And leading scientists have been explaining their findings, research, and models to the public, with the support of broadcasters and social media. 

If scientists and other researchers are complacent, they can surrender the conversation to creative and motivated conspiracy theorists and fake news outlets. In the case of Covid-19, it seems to be that a major push by the scientific community of researchers and governmental experts and politicians has shown that reputable sources can be heard over and amongst the crowd of rumors and less authoritative information. Rather than try to censor or suppress social media, we need to step-up efforts by mainstream scientific communities to reach out to the public and political opinion leaders. No more complacency. It should not take a global pandemic crisis to see that this can and should be done.


[1] Marietje Schaake (2020), ‘Now we know Big Tech can tackle the ‘infdemic’ of fake news’, Financial Times, 25 March: p. 23. 

[2] Dutton, W. (1994), ‘Trickle-Down Social Science: A Personal Perspective,’ Social Sciences, 22, 2.

[3] Jim Waterson (2020), ‘Boris Johnson’s Covid-19 address is one of the most-watched TV programmes ever’, The Guardian, 24 March: https://www.theguardian.com/tv-and-radio/2020/mar/24/boris-johnsons-covid-19-address-is-one-of-most-watched-tv-programmes-ever

The 21st Century Science Challenge: Communication with the Public

On my last trip to China, I was meeting with a former social science colleague at Tsinghua University, Professor JIN Jianbin, who received a new research grant to study public perspectives on science, such as around research on genetically modified crops. Our conversation about genetically modified organisms (GMOs) quickly touched on a variety of other issues, such as the public’s acceptance of research on climate change, on which sizeable proportions of the public in China, the US and other nations often dismiss, if not distrust, scientific opinion.

IMG_2381
Bill Dutton and JIN Jianbin at Tsinghua University, Beijing, China, 17 Sept 2017

Of course, some level of public distrust of scientific authorities is not new. I recall some famous work by political scientists in the US who studied the politics of conspiracy theories around the fluoridation of water that was prominent across American communities since the 1950s, but which – surprisingly – carries on to this day. So while it is not new, distrust of the political motivations behind scientific opinion is arguably growing.

Some indicators have suggested that diffuse public support for scientific institutions is not declining.[1] However, there is some limited and more recent evidence that universities and academics are being perceived as more partisan.[2] And anecdotally, science is increasingly questioned as biased by researchers who are claimed to be in the pockets of the sponsors of their research, illustrated by controversies over pharmaceutical research.

Such assaults on the integrity of science have led universities and research institutions to place a higher priority on the prevention and detection of conflicts of interest rising in the conduct of research. Finally, symptoms of this growing distrust seem evident in the divisions over a rising number of issues, with GMOs, climate change, vaccinations, and evolution, being among the more prominent. Perhaps the controversies surrounding science simply reflect the many issues that have broad public implications, such as for the digital economy or public health, while issues such as the moon landing were more removed from immediate public impact on the redistribution of resources.

The bad news is that these controversies are likely to slow progress, such as on efforts to reduce man made climate change. In some cases these controversies are dangerous, such as in leading parents not to vaccinate their school children.

However, there might be some positive outcomes here, if not good news. One positive outcome of this developing problem might be that scientists will place a greater priority on better explaining their work to a wider public. Already, the study of science communication is a burgeoning field around the world, illustrated by new research being launched by my colleague JIN Jianbin, Professor of Journalism and Communication at Tsinghua University in Beijing. And an increasing number of research councils and foundations stress the importance of public outreach.

Of course, scientists explain their research findings and their implications as a matter of practice. Not to be forgotten or dismissed is perhaps the most effective albeit long-term form of science communication, which is teaching in colleges and universities. Yet there are questions about whether top scientists, whatever their field, are as closely involved in teaching as they could be. For example, my former university, the University of Southern California, placed a priority on putting top senior scholars into the entry level undergraduate courses, which I thought was brilliant, but which is exceptional.

But arguably, most communication about scientific issues remains focused on peer-to-peer rather than public facing communication. Peer-to-peer communication is conducted   through journal publications and academic conferences and presentations. And when public facing, it is often limited to top-down or what I have called ‘trickle-down’ science, with scientists expecting their publications to be read and interpreted by others, and not themselves – the primary researchers.[3]

However, and here I could be wrong, it seems that the worse possible development might be what I see as a trend toward scientific persuasion, often based on appeals to authority and scientific consensus or by lobbying, such as through petitions, rather than by effective communication of research. Any scientist is quick to dismiss or place less credibility in appeals to authority. Why should the public be different? Where is the evidence? And once scientists move into the role of a lobbyist, petitioner, or activist, they diminish their credibility as scientists or researchers. Surely this kind of context collapse, when a scientist becomes political, or a doctor runs for a political office, invites the public to view scientists and academics as partisan political actors rather than scientific actors, and see them in ways that parallel other political actors and lobbyists.

How can scientists explain their work to a larger public? First, they need to recognize the need and value of effectively communicating their work to a broader public. This aim is rising across academia, such as in research councils insisting on research including components on outreach, and academic quality being judged increasingly by its impact. Unfortunately, this can sometimes drift into a tick box exercise in budgeting for conferences and seminars involving business and industry and the government, while serious efforts to communicate to the general public with an interest in the topic needs to be tackled directly. Academics need to guard against this tick box mentality.

Another concern is that this need for public outreach might simply lead to a greater focus on media coverage, getting the press to pick up stories on a scientist’s research. There is nothing wrong with this, universities love such coverage, and it can be helpful, but news coverage is generally overly simplistic, too often misleading, and potentially adding to the problems confronting good scientific communication. Researchers need to hold journalists and the media more accountable, and address inaccuracies or overly simplified messages in the press, cable news shows, and mass media.

Another, and a possibly more effective and more recently practical approach, is to communicate directly to the public. Join the conversation. Write reports on your research findings that are understandable to those in the educated public that might be seriously interested in your work now or in the future. You can reach opinion leaders in your areas of research, and thereby foster effective two-step flows of communication to the general public. Don’t worry about a mass audience, but aim to reach a targeted audience of those with a serious interest in your topic. When they search online for information about your topic, make sure that accessible presentations of your research will be found.

Unfortunately, too many academics are taught not to join the conversation, and to avoid blogging or writing for a general audience. Instead, they are taught to focus more than ever on only reaching the top peer reviewed journals in their field and being read and cited by their peers. As noted above, this too often leads to a weak form of trickle down science, which is not in the long-term interest of the scientific enterprise.

We should question this conventional wisdom in academia. Personally, I don’t believe there is a necessary risk to scientific publishing by also trying to communicate to a more general audience. That is what teachers do, and when researchers try to teach and communicate with their students, they can find problems with their arguments, and ways to improve how they convey their ideas.

So – scientists – offer up your best ideas to the public, not as your peers, but as smart and educated individuals who do not know about your work – even why it is relevant. Some of my most meaningful experiences with communication about my research have been exactly when I – focused on Internet studies – sat next to a physicist or mathematician over a meal who asked me about my research and vice versa. What am I working on? Why is it important? If we can do this over lunch or dinner, we can do it for a larger public online.

Perhaps this is more difficult than it sounds, but we need to accept the challenge. Arguably, the scientific challenge of the 21st century is effective communication to the larger public.

References

[1] See: https://www.nap.edu/read/21798/chapter/4#12

[2] See: https://www.cnsnews.com/news/article/annabel-scott/pew-poll-majority-republicans-think-colleges-have-negative-impact-us

[3] Dutton, W. (1994), ‘Trickle-Down Social Science: A Personal Perspective,’ Social Sciences, 22, 2.

 

Efforts to Challenge the ISIS Narrative: Relevant Research

Good to see the article in today’s NYTs, entitled “U.S. Intensifies Effort to Blunt ISIS’ Message’: http://www.nytimes.com/2015/02/17/world/middleeast/us-intensifies-effort-to-blunt-isis-message.html?_r=0 Focusing on changes afoot at the US State Department’s Center for Strategic Counterterriorism Communications, there was an emphasis on building on the scale of efforts underway to respond to radical messages online, which is fully warranted. This need for greater scale along with other related issues for addressing efforts to join the conversation online and challenge the narratives and misinformation about US policy and practice in the online environment was the focus of a research paper of mine with Lina Khatib and Mike Thelwall that was published in 2012 (citation and link are below). I believe it is still relevant and maybe informative for those seeking to bolster the role of this digital outreach team, which has many strengths, such as using Arabic on Arabic Web sites, and identifying members of the outreach team by name – it is completely clear that they speak for the State Department.

Khatib, L., Dutton, W.H., Thelwall, M. (2012), ‘Public Diplomacy 2.0: A Case Study of the US Digital Outreach Team’, Middle East Journal, 66(3), Summer, pp. 453-472. A penultimate version of the paper is available online at: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1734850