UCL Discovery
UCL home » Library Services » Electronic resources » UCL Discovery

Identifying Unintended Harms of Cybersecurity Countermeasures

Chua, YT; Parkin, S; Edwards, M; Oliveira, D; Schiffner, S; Tyson, G; Hutchings, A; (2020) Identifying Unintended Harms of Cybersecurity Countermeasures. In: Proceedings of the 2019 APWG Symposium on Electronic Crime Research (eCrime). IEEE: Pittsburgh, PA, USA. Green open access

[thumbnail of Parkin_eCrime_2019__submitted_.pdf]
Preview
Text
Parkin_eCrime_2019__submitted_.pdf - Accepted Version

Download (195kB) | Preview

Abstract

Well-meaning cybersecurity risk owners will deploy countermeasures (technologies or procedures) to manage risks to their services or systems. In some cases, those countermeasures will produce unintended consequences, which must then be addressed. Unintended consequences can potentially induce harm, adversely affecting user behaviour, user inclusion, or the infrastructure itself (including other services or countermeasures). Here we propose a framework for preemptively identifying unintended harms of risk countermeasures in cybersecurity. The framework identifies a series of unintended harms which go beyond technology alone, to consider the cyberphysical and sociotechnical space: displacement, insecure norms, additional costs, misuse, misclassification, amplification, and disruption. We demonstrate our framework through application to the complex, multi-stakeholder challenges associated with the prevention of cyberbullying as an applied example. Our framework aims to illuminate harmful consequences, not to paralyze decision-making, but so that potential unintended harms can be more thoroughly considered in risk management strategies. The framework can support identification and preemptive planning to identify vulnerable populations and preemptively insulate them from harm. There are opportunities to use the framework in coordinating risk management strategy across stakeholders in complex cyberphysical environments.

Type: Proceedings paper
Title: Identifying Unintended Harms of Cybersecurity Countermeasures
Event: APWG Symposium on Electronic Crime Research (eCrime 2019)
Location: Pittsburgh, PA
Dates: 13 November 2019 - 15 November 2019
ISBN-13: 978-1-7281-6383-3
Open access status: An open access version is available from UCL Discovery
Publisher version: https://doi.org/10.1109/eCrime47957.2019.9037589
Language: English
Additional information: This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions.
Keywords: risk analysis, cybercrime, unintended consequences, unintended harms, countermeasures
UCL classification: UCL
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science
URI: https://discovery.ucl.ac.uk/id/eprint/10088657
Downloads since deposit
720Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item