Identifying Unintended Harms of Cybersecurity Countermeasures
View / Open Files
Publication Date
2019-11Journal Title
eCrime Researchers Summit, eCrime
Conference Name
2019 APWG Symposium on Electronic Crime Research (eCrime)
ISSN
2159-1237
ISBN
9781728163833
Publisher
IEEE
Volume
2019-November
Type
Conference Object
This Version
AM
Metadata
Show full item recordCitation
Chua, Y. T., Parkin, S., Edwards, M., Oliveira, D., Schiffner, S., Tyson, G., & Hutchings, A. (2019). Identifying Unintended Harms of Cybersecurity Countermeasures. eCrime Researchers Summit, eCrime, 2019-November https://doi.org/10.1109/eCrime47957.2019.9037589
Abstract
Well-meaning cybersecurity risk owners will deploy
countermeasures (technologies or procedures) to manage risks
to their services or systems. In some cases, those countermeasures
will produce unintended consequences, which must then
be addressed. Unintended consequences can potentially induce
harm, adversely affecting user behaviour, user inclusion, or the
infrastructure itself (including other services or countermeasures).
Here we propose a framework for preemptively identifying
unintended harms of risk countermeasures in cybersecurity.
The framework identifies a series of unintended harms which
go beyond technology alone, to consider the cyberphysical and
sociotechnical space: displacement, insecure norms, additional
costs, misuse, misclassification, amplification, and disruption. We
demonstrate our framework through application to the complex,
multi-stakeholder challenges associated with the prevention of
cyberbullying as an applied example. Our framework aims
to illuminate harmful consequences, not to paralyze decisionmaking,
but so that potential unintended harms can be more
thoroughly considered in risk management strategies. The framework
can support identification and preemptive planning to
identify vulnerable populations and preemptively insulate them
from harm. There are opportunities to use the framework in
coordinating risk management strategy across stakeholders in
complex cyberphysical environments.
Sponsorship
Engineering and Physical Sciences Research Council (EP/M020320/1)
Identifiers
External DOI: https://doi.org/10.1109/eCrime47957.2019.9037589
This record's URL: https://www.repository.cam.ac.uk/handle/1810/300267
Rights
All rights reserved
Licence:
http://www.rioxx.net/licenses/all-rights-reserved
Statistics
Total file downloads (since January 2020). For more information on metrics see the
IRUS guide.