Identifying and Modelling Victim, Business, Regulatory and Malware Behaviours in a Changing Cyberthreat Landscape

HM Cabinet Office and Detica reported in 2011 that the annual cost to the UK economy from cybercrime was £27 billion. Regardless of the accuracy of this estimate, the British Crime Survey and Eurostat ICT survey evidence that cybercrime is now the typical volume property crime in the UK, impacting more of the public than traditional acquisitive crimes such as burglary and car theft. Because of its global nature.similar estimates of the prevalence and losses of cybercrime are found in most other countries.

However, whilst most politicians, police, and business leaders agree that cybercrimes are one of the greatest crime challenges of modern times, few seem to fully understand what causes them and how to best predict their occurrence and limit their impact upon the UK economy and society.

This project aims to address these uncertainties using methods and concepts from a range of disciplines including criminology, psychology, economics, mathematics and computer science. The key objectives of the project are to identify, understand and predict ...

  1. The behaviour of malware and human cyber perpetrators within and outside of Cloud environments
  2. Business risk assessment practices, threat awareness levels, and adaptive behaviours as related to cybercrime
  3. The response of criminal justice agencies to cybercrime and business trust in the regulatory system
  4. Business and criminal justice cyber security practices (e.g. information sharing) in relation to issues of privacy, accountability and civil liberties.

The project will develop a computational tool that will assist in the prediction of business-related cyber attacks. For the first time, both technical (e.g. malware behaviour, network vulnerabilities etc.) and human/organisational (level of cooperation, perception of risk, threat assessment, costs, criminal justice response etc.) measures will be combined in this predictive process. It is envisaged that this tool will assist both policy makers and practitioners in the field of cyber security and crime. It will identify which businesses (by sector, size, level of cooperation etc.) are most vulnerable to attack allowing policy, codes of practice and advice to be tailored and targeted.

The tool also has the potential to provide digital and human/organisational forms of evidence and other information relevant to investigation and prosecution proceedings. In order to disseminate the tool and results from the research, we will incorporate an action research element where we will develop a forum (two workshops in years 2&3) where initial or draft (but verified) findings are released in stages, through briefing papers to businesses of varying sectors and sizes (particularly SMEs). We will also disseminate results via peer-reviewed journal articles and conferences.

Throughout the project via the advisory group, we will link into other key commercial initiatives (e.g. Saturn project at BT Labs) and statutory and third sector organisations such as ENISA, the Honeynet Project, Home Office; Cabinet Office Identity Assurance Programme; Office for National Statistics; National Fraud Authority; Serious Fraud Office; Trading Standards; Serious Organised Crime Agency/National Crime Agency; Association of Chief Police Officers; Met Police Central eCrime Unit; NPIA/Police College; EADS; Get Safe Online, Liberty and Wise Kids.