Cyber-attacks, privacy-related problems or failures in functioning: many technologies that are used every day have security issues that are solved when the software is already in use. A new interdisciplinary project, in which Olga Gadyatskaya, Harry Wijshoff, Alex Uta and Kristian Rietveld from the Leiden Institute of Advanced Computer Science (LIACS) participate, will investigate how to solve security problems during the software development. This project is awarded 1.45 million euros from the NWA cyber security programme.
Security-by-design
The Cyber-Security-by-Integrated-Design (C-SIDe) project approaches the cybersecurity problem from another angle than that is usual. 'We take into account that security is not only a technical concept, but it emerges from an interplay of many technical and non-technical factors,' Olga Gadyatskaya explains. 'Many companies developing software products already look for security-by-design approaches accommodating security into their software design process. But the current secure software development approaches focus mainly on technology-related steps and engage only participants involved in these technical steps. In our project, we involve a broader selection of stakeholders, and investigate, for example, how well the users understand what they need to do to keep the system secure, or whether managers have realistic expectations about how quickly a secure system can be developed.'
Integrated approach and new methodology
The aim of the C-SIDe project is to create an integrated approach to Security-by-design, and a methodology for developing secure systems that will involve a multitude of stakeholders, including experts in psychology, privacy, and governance and risk management. Gadyatskaya: 'This methodology will allow organizations to have a better view on security of their products and to create exciting and secure technologies. To facilitate adoption of security-by-design, the project team will also work on identifying opportunities to improve the public policy aiming to support companies working on secure-by-design products.'
The new project will unite many researchers from Leiden University. The project will be led by the Cyber Security Governance group at ISGA, and from LIACS the Systems and Security cluster is involved. Two other members of the consortium are the Hague University of Applied Sciences and the National Cyber Security Centre (NCSC) at the Ministry of Justice and Security. The project will also be supported by two collaboration partners: SURFsara (www.surf.nl) and the National e-Health Living Lab (NeLL, LUMC, nell.eu).