Commissioning Call: Scoping Reviews
ESRC Digital Security by Design Social Science Hub+ ("discribe")
Discribe (Digital Security by Design Social Science Hub+, www.discribehub.org) is an ESRC-funded Hub+ that forms part of the wider Industrial Strategy Challenge Fund (ISCF) “Digital Security by Design” (DSbD) programme led by BAM member Prof Adam Joinson at the School of Management, University of Bath. The Discribe Hub+ supports the wider DSbD challenge by applying social and economic science to core questions around the adoption of new secure technologies, the readiness of different sectors (and roles) to adopt new secure hardware, the regulatory and policy environment and how that might influence the adoption of DSbD Tech, and what social and cultural factors might influence the success of the wider DSbD ecosystem. Discribe was established in September 2020 with funding from the ESRC, and is a consortium of four academic institutions: the Universities of Bath, Bristol and Cardiff, and Royal Holloway, University of London.
Discribe has launched a commissioning call for scoping activities around its four key topic areas, with the goal to understand the current state of knowledge and areas with no evidence base:
1) Economics of security hardware adoption: quantifying costs and benefits
Under this call topic area, we are seeking a review of existing methods for identifying and quantifying the costs and benefits of adoption of new security hardware and practices. The identification should be done under a broad scope, for instance the benefits should encompass reducing the expected loss in terms of direct and indirect costs of cybersecurity failure, and importantly, in addition to private costs, externalities should also be considered and analysed.
2) Understanding secure and insecure practices across consumer chains of hardware security advances
Under this topic area, we require a systematic mapping of the consumer chains that will potentially utilise hardware security advances. The focus of the scoping research should be on understanding how secure (or insecure) practices currently manifest across the complex intersections inherent in these consumer chains. These consumer chains encompass infrastructure developers who aggregate a range of hardware and software services to deliver critical systems, e.g., smart city environments, smart grids, intelligent transportation, etc. as well as those who deliver consumer goods ranging from personal computers and devices to Internet of Things (IoT).
3) Regulation, Policy and Cybersecurity
We are seeking to commission research on the regulatory landscape within the UK digital security sector. The focus should be on the design and use of hardware security as part of digital products and services. The regulatory landscape encompasses legislation, standards and regulation.
4) Social and Cultural Differences in the Adoption of Security Technologies
We intend to conduct a survey to understand the difference between social, cultural and commercial barriers to adoption of secure tech (i.e. CHERI and associated hardware/software) between sectors. In preparation we need to identify the potential adopters of secure technology – from manufacturers and open source communities, to end users (private, public and third sectors). Specifically, given we cannot survey all sectors, we aim to identify which to focus on through a scoping exercise to determine those that will likely achieve the highest impact from secure technology adoption.
Full call: https://www.discribehub.org/commissioning-call-october-2020
Deadline: Submissions by 4pm on the 3rd Dec 2020 at: https://easychair.org/conferences/?conf=discribe2020
Funding panel meeting: 11th January 2021.
Decisions communicated: 15th January 2021
All funded projects must be completed, with all deliverables, by 31 July 2021.