Cyber security is inherently multi-disciplinary, and real-world cyber security problems need real-world solutions. To be effective cyber security research needs to be set in a wider security context. It is impossible to separate out cyber security from physical and personnel security, just as it is impossible to consider national defence and security issues without considering organisational and citizen security.
Our research brings together computer science with social and behavioural science to address cyber security challenges holistically. We are looking at secure software development and the interaction between software developers and security practitioners, we’re examining how people make cyber security risk decisions in different environments and varying physiological conditions and we’re developing ways of understanding how to build converged security teams that brings together cyber, physical and personnel security functions.
We're working to improve the security of the systems used to access assets, and the implementation of encryption algorithms – and also exploring how security can be embedded into product development and have the facilities to implement systems and test how they react to threats using our cyber range.
Our research is published in academic journals as well as practitioner focused publications such as the CREST Security Review and The Conversation. We also host an annual one-day conference for PhD students and Early Career Researchers on Social & Behavioural Science for Cyber Security.
We focus on addressing real-world problems and much of our research is carried out in the field, in partner organisations. This enables us to deliver tangible results. Our methods include focus groups, interviews and surveys as well as experiments. We also use novel methods such as games, videos and participatory workshops.
Funders and collaborations
We are part of the Cyber Security Across the Lifespan (cSALSA) project funded by EPSRC and led by the University of Bath, in partnership with Northumbria University. We are partners in the People Powered Algorithms for Desirable Social Outcomes, funded by EPSRC and led by Cranfield University in partnership with Royal Holloway, University of London. We are also part of the Centre for Research & Evidence on Security Threats (CREST) led by Lancaster University and funded via ESRC, and we have responsibility for CREST's Protective Security & Risk theme.
Two examples of our current projects are:
Understanding the Social & Behavioural Aspects of Software Development
With shorter cycle times for software development driven by cloud infrastructures, agile development methods and continuous integration/continuous delivery, we need a better understanding of the social and behavioural factors that encourage or inhibit the inclusion of security in software development. Embedding security in software development requires the sharing of expertise and establishment of mutual trust between security experts and software developers. This project examines software development as a social practice with a particular focus on open source development and the integration of security. The research explores the organisational structures and practices within companies that develop software. The research uses social practice theory to understand how software developers are working in the open source environment and their motivations, identity and allegiances across the open source community.
Ensuring Cyber-Physical Security in the Digital Built Environment
Buildings are now often planned, designed and the data shared online using building information modelling (BIM). When operational, buildings are increasingly being managed through digital building management systems (BMS). As cyberspace and physical space are increasingly enmeshed, the need to secure both the digital built environment and its assets has given rise to the concept of cyber-physical security. This research undertakes a user-centred design methodology to develop cyber-physical security interventions. It uses mixed-methods to understand how cyber and physical security personnel currently cooperate, their awareness of the appropriate protective measures required from each other, the gaps between the two approaches, and barriers to collaboration.
Discover our areas of expertise
Cyber security is one of our areas of expertise in Computing – explore the other areas below.
Our research is studying computational paradigms, with the aim of designing and developing algorithms which can be implemented with human machine systems.
We're exploring how technology and professionals can support the strategic, managerial and operational activities of a business.