Dr. Els de Busser, assistant professor and researcher at the Institute of Security and Global Affairs, as principal investigator of a consortia, has been awarded 1.45 million euros for a project called C-SIDE. The NWO Executive Board awarded proposals from consortia that will investigate cyber security. Five questions about Project C-SIDE:
De Busser: ‘The project is called Cyber Security by Integrated Design (Project C-SIDE) because the goal is to develop a methodology for the software design process that integrates technical as well as non-technical aspects of cyber security. Rather than only focusing on the technical side of software design, a much higher level of security can be achieved when a multitude of stakeholders is involved, including experts in psychology, privacy, governance and risk management. When issues are fixed during the development process rather than later, we avoid problems surfacing when the system becomes accessible to the users, potentially causing real damage. In order to facilitate the adoption of this approach, we are also including a study of the public cyber security policy options aiming to support companies working on secure-by-design products. There are a lot of moving parts in cyber security, which is why an approach on all fronts is necessary.
De Busser: ‘This research is necessary because failures in functioning, hacks or privacy-related problems in software systems occur often but a genuine approach on preventing them by intervening at the earliest moment of the design phase does not exist yet. This project is unique because of that particular goal and because of the interdisciplinary approach to achieving that goal. We are joining experts from the relevant domains by setting up a cooperation between the Institute for Security and Global Affairs (at the Faculty of Governance and Global Affairs), the Leiden Institute for Advanced Computer Science, the Hague University for Applied Sciences and the National Cyber Security Centre at the Ministry of Justice and Security. Further, we are cooperating with SURFSara, and the National eHealth Living Lab at the Leiden University Medical Centre. They will be instrumental in helping us test the methodology.’
Dr. Els de Busser 'Since interdisciplinary education of cyber security is something that Leiden University and the Hague University of Applied Sciences actively support, the insights flowing from the project will be used to improve and expand the existing curricula.’
De Busser: ‘The NWO financing will first of all be used to hire four PhD candidates and one postdoc researcher, who will conduct their own research but will also maintain a strong interdisciplinary cooperation. Of the four PhD candidates, two will be focusing on the technological part of the project and two will be working on the topic of private organization and public governance. The four of them will jointly be developing the C-SIDE methodology and this is a unique feature of the project.
The postdoc researcher will conduct a study of the key concepts to be used throughout the project, how they relate to each other, develop a common terminology and support the four PhD candidates in their cooperation. We are convinced that interdisciplinary cooperation reaching across institutes, faculties, public and private sector works for building real cyber security, because in interdisciplinary cooperation the whole is greater than the sum of its parts.’
De Busser: ‘Besides a number of scientific publications and white papers that will be dedicated to parts of the project, we will distribute the findings via a website, including infographics and videos, in order to disseminate the results to the general public. We will also hold stakeholder meetings to inform the public and private sector, academia and NGOs of our results. Finally, since interdisciplinary education of cyber security is something that Leiden University and the Hague University of Applied Sciences actively support, the insights flowing from the project will be used to improve and expand the existing curricula.’
De Busser: ‘I personally saw this as recognition of a new thinking about cyber security and software development. The experts validating the proposal agreed with our view that different scientific disciplines need to join forces in order to successfully handle the complicated problem that cyber security is. The whole team is excited to get started and see how we can integrate all of our expertise into creating a methodology that could be used by software developers in building exciting and secure technologies.’