Assessment of evidence is a particular problem for policy making in this context for three reasons:
When exploring the problems (and possible remedies) of the human dimension of cyber security, many focus on end users. While this is important, equally important is the human dimension of decision making and advice offered by civil servants who collectively influence policy level responses to cyber threats. This project focuses on policy makers in the UK, specifically those civil servants who provide short and long term policy advice, either in response to specific crisis incidents or in the context of longer term planning for capacity building. This cohort is of particular importance given:
|The unique set of technological, behavioural and policy challenges they currently face. They are a relatively small and disparate group, possessing varying levels of technical and behavioural experience.
|Their responsibility and impact goes well beyond their own organisations to shape the national and international landscape.
|Finally the lack of research to support this particular community, either in identifying specific challenges they face or in developing more effective mechanisms for doing so.
This leads to several questions: what evidence do UK policy makers rely upon in this context? What is the quality of that evidence? How effective are the judgements about threats, risks, mitigation and consequences based on that evidence? Understanding how UK policy makers select evidence, why they privilege one source over another, and how adept they are at recognising possible weaknesses or flaws in evidence is central to addressing these questions.