Making Cybersecurity more Responsible
16th Jul 2021
Cybersecurity has become more and more critical for the functioning of our society. Cybersecurity measures, however, may come at the expense of other interests and values. This is problematic since those who decide on security measures in politics, industry and law enforcement don’t have the same interests and priorities as those who are finally affected by them, namely citizens and companies. Researchers and engineers implementing cyber security measures may have their ideas and priorities. Thus, finding the right balance between the interests of different stakeholders remains difficult even if actors are aware of possible value conflicts. It is also obvious that the social groups affected by cybersecurity measures and the range of impacts can vary greatly and depend heavily on the specific use cases and implementation details, so that no concrete instructions for action can be given apart from very general guidelines.
One way to address this conflict is through the concept of “responsible research and innovation” promoted by the European Commission, which aims to effectively involve stakeholders, users and citizens in the design and implementation process at an early stage. The SPARTA project has proposed a process to enable stakeholders (especially the researchers themselves) to think systematically about the possible impacts of the technology they are developing in different dimensions. In this way, development decisions shall be made more reflexive and, in general, be placed on a broader, more diverse and thus more legitimate basis.
The process takes up the idea of “technology readiness”, which is widely used in (EU) research funding, and expands it with a view to “societal readiness”. We have proposed a reflection tool to measure and improve the societal readiness level (SRL), that envisages four so-called gates over the duration of the research and development process. At the gates certain issues should be discussed by scientists and research managers, ideally with the involvement of the intended users and other stakeholders. Although each technology development has to find its own answers, SPARTA has drafted extensive lists of potential issues and compiled a catalogue of possible countermeasures to address identified undesirable consequences or conflicts.
During the remainder of the project, SPARTA will test this methodology in collaboration with the technical programmes. The aim is to have a validated assessment framework that can be used by the emerging new cybersecurity structures in Europe.
Contact person: Michael Friedewald, Ralf Lindner
Elements reflection process for measuring and improving societal readiness of Cybersecurity Research