EAGER: Cybercrime Susceptibility in the Sociotechnical System: Exploration of Integrated Micro- and Macro-Level Sociotechnical Models of Cybersecurity

This project develops a holistic approach to sociotechnical system security that combines innovations in both criminology and engineering/computer science. We design unified sociotechnical security models that capture how sociotechnical intrusions against social as well as technical aspects of the system (i.e., modeled as hidden sequences of system security states) result in observed hard data such as security sensor alerts and soft data produced by human/social sensors such as reports about slow machines.

To model the social aspect of the sociotechnical security models, (1) we collect extensive social survey data from one specific subpopulation (employees) nested within one sociotechnical system (the university campus); (2) we identify various social and social-psychological factors reducing susceptibility to victimization by computer-focused crime drawing on several criminological and sociological theories; (3) we supplement social survey data with organizational-level data to explore influences of characteristics of organizational units on individual-level employee victimization by computer-focused crimes as well as rates of such cybercrime threats in organizational units. We analyze the collected data by applying unique integrated sociotechnical analytical approaches that encapsulate the adversarial actions and subsequent rewards/costs using stochastic Markov decisions processes and probabilistic data production models.

Our research provides guidelines for other researchers looking to incorporate social science methods and models into engineering systems, with the criminological/sociological aspect of the study of use to many other researchers. This work will transform how researchers approach the problem of sociotechnical security, in that our holistic view cognizant of both social and technical factors will become widespread.