Skip to navigation Skip to content

Oxford University – Cyber Security Oxford


Driving major developments in the theory and practice of cyber security


Towards a Closer Dialogue Between Policy and Practice: Responsible Design in HCI

Given the potent and pervasive nature of modern technologies, this paper lays out the complexities involved in achieving responsible design. In order to do this we will first compare an emerging policy-oriented programme of research known as RRI (Responsible Research and Innovation) with initiatives in HCI. A focus on the similarities and differences may highlight to what extent responsibility is already and successfully embedded within the concerns and practices of design and use, and what may yet need to be incorporated for responsible design. The paper then discusses the challenges of ‘naturalising’ the very ambitious programme of RRI within specific design activities and concerns, through the lens of four analytic concepts: reflexivity; responsiveness; inclusion; and anticipation. Finally, we make a case for a pragmatic, ‘unromantic’, but engaged reinterpretation of RRI for HCI. Read the rest

Towards the Ethical Governance of Smart Society

This chapter is concerned with how social order is established within collectives and the ethical problems that arise when we attempt to create and direct collectives towards particular ends. It draws on our work to establish governance principles for Smart Society—an EU project aiming to engineer Collective Adaptive Systems comprised of people and machines with diverse capabilities and goals that are able to tackle societal grand challenges. We examine how social values are implicated in and transformed by Collective Adaptive Systems, and suggest approaches to multilevel governance design that are responsive to emergent capabilities and sensitive to conflicting perspectives. Finally we illustrate our approach with a worked example of a sensor-based system in a care setting. Read the rest

Cybersecurity Capacity Portal

This portal is a global resource for cyber security capacity building and how best to achieve it. It is also an online space for sharing experiences, best practice, and new developments. It contains information for policy-makers and those with responsibility in this area and has been created by the Global Cyber Security Capacity Centre with the Said Business School, University of Oxford. Visit the portal

The Danger Within: Harvard Business Review September 2014

External attacks—pervasive intellectual-property hacking from China, the Stuxnet virus, the escapades of Eastern European gangsters—get plenty of attention. But attacks involving connected companies or direct employees pose a more pernicious threat. Insiders can do much more serious harm than external hackers can, because they have much easier access to systems and a much greater window of opportunity. The damage they cause may include suspension of operations, loss of intellectual property, reputational harm, plummeting investor and customer confidence, and leaks of sensitive information to third parties, including the media. According to various estimates, at least 80 million insider attacks occur in the United States each year. But the number may be much higher, because they often go unreported. Clearly, their impact now totals in the tens of billions of dollars a year.

Many organizations admit that they still don’t have adequate safeguards to detect or prevent attacks involving insiders. One reason is that they are still in denial about the magnitude of the threat. Over the past two years we have been leading an international research project… Read the rest