Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


06:45 PM
Connect Directly

A Socio-Technical Approach to Cybersecurity's Problems

Researchers explore how modern security problems can be solved with an examination of society, technology, and security.

Cybersecurity challenges cannot be solved with computers alone. They demand a closer look at how social and technical systems overlap, and how this growing overlap influences security.

As it stands, many of these issues are being addressed separately. The general public and defense leaders understand the risk of online propaganda, but they know little about the techniques involved. The field of computational social science studies how digital media affects society, but it rarely tackles security. And the security community understands the protocols and services of tech platforms, but they know less about how these networks collectively influence society and politics.

Pablo Breuer, innovation officer at US Special Operations Command Donovan Group, and David Perlman, researcher at A Social Network, have developed an integrated view of socio-technical systems (STS) to which security principles can be applied. An STS consists of a social network, the population using it, and an output system (political system or economic market, for example) that feels the resulting effects.

Their idea is to create a framework that combines social and technical systems and can inform security operations. As disinformation campaigns and online propaganda continue to spread, STS can help defend and fight different types of cyberattacks with their roots in digital media.

"As I went through my schooling, I realized none of the really interesting problems about computer security can be answered with computers," Breuer says. A mutual friend introduced him to Perlman, and the duo began exploring mass influence and weaponized information. They wanted to educate people and government on why everybody should be involved.

"We realized that anybody who's in the field recognizes that this is a huge problem and that this is a train wreck, but nobody's actually doing anything," he explains. "Everybody's just admiring the problem." The issue isn't limited to any single part of computer science, policy, or law, Breuer continues. "It's not a silver bullet problem – it's a thousand-bullet problem," he says.

Placing security in the context of a social network offers a different perspective, Perlman adds, because at the center are interactions among many people's minds. Researchers see how people interact with technology and one another. "You can't ignore any of those parts of the equation," he says. Before, the way people interacted with systems wasn't considered.

The Information Revolution Continues
The rise of the Internet – specifically, social networks like Facebook, Twitter, and Instagram – have enabled anyone to speak to mass audiences. Breuer and Perlman use the term "radical leveling technologies" to describe how the Internet has shifted the power of balance online. Before social media, few people could speak to a large populous. Now just about anyone can.

"It's just a fundamental shift in the landscape," Breuer says. The transmission of messages has changed, but receptors are still human. "That's where the socio-technical comes in," he adds.

Digital media has accelerated the reach and speed of propaganda online: People can automate the process of creating new messages, then see how effective they are and the kind of responses they generate. "The whole thing has to be considered as a security question," Perlman says.

The idea of large groups of people communicating with one another seems benign, Perlman continues, and it is – if everyone acts in good faith. Problems occur when bad guys figure out how to game the system before the good guys know they do. Now they have, he adds, and the result is a new adversarial aspect to digital communications that is now possible. Cybersecurity issues, propaganda, and the Internet are intertwined in a web of interconnected problems.

"It's the combination with modern technology and the Internet, that whole is greater than the sum of solving each of the parts," says Breuer, and the security industry isn't tackling it as a larger problem. Conferences may focus on policy or computer science, but not both.

"Very rarely do you get legal and policy and tech all in the same room," he notes. "And this is one of those problems where you have to have that or you won't make any inroads to making it better."

Offense and Defense in STS Security
In their upcoming Black Hat USA briefing, "Hacking Ten Million Useful Idiots: Online Propaganda as a Socio-Technical Security Project," Breuer and Perlman will discuss their framework, how security principles apply to STS, how red team and blue team processes could look in the context of STS security, and examples of red team analyses of influence operations.

Breuer explains an example of blue team operations, or how a company could defend themselves from a digital media-based attack. Most companies have some idea of what will happen if they suffer a data breach; however, they aren't prepared for social media attacks.

He cites an incident the Associated Press handled this past December, when the publication was covering yellow jacket protests in France. One of its stories included an up-close image of a fire. A separate blog obtained pictures the AP had posted in a previous story; those photos also included a fire, but they were panned back so it seemed smaller. The blog's narrative said the AP had misrepresented the fire's size with an up-close photograph and not to believe it.

What happened "almost instantly," Breuer says, is the AP replied with a series of tweets saying both were AP photos but were taken at different times during different events. The publication highlighted aspects of each photo to demonstrate they were from separate occasions.

"That kind of forethought allows for very rapid response," he continues. It shows how the AP had considered the possibility someone might take its stories out of context and planned its reaction. Any company on social media should consider the chance they'll have to do the same.

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Active Directory Needs an Update: Here's Why
Raz Rafaeli, CEO and Co-Founder at Secret Double Octopus,  1/16/2020
New Attack Campaigns Suggest Emotet Threat Is Far From Over
Jai Vijayan, Contributing Writer,  1/16/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-01-23
A timing vulnerability in the Scalar::check_overflow function in Parity libsecp256k1-rs before 0.3.1 potentially allows an attacker to leak information via a side-channel attack.
PUBLISHED: 2020-01-22
An issue was discovered on Eaton 5P 850 devices. The Ubicacion SAI field allows XSS attacks by an administrator.
PUBLISHED: 2020-01-22
An invalid memory access flaw is present in libyang before v1.0-r3 in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to parse untrusted input yang files may crash.
PUBLISHED: 2020-01-22
An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.
PUBLISHED: 2020-01-22
A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.