This project develops a holistic approach to sociotechnical system security that combines innovations in both criminology and engineering/computer science. We design unified sociotechnical security models that capture how sociotechnical intrusions against social as well as technical aspects of the system (i.e., modeled as hidden sequences of system security states) result in observed hard data such as security sensor alerts and soft data produced by human/social sensors such as reports about slow machines. To model the social aspect of the sociotechnical security models, (1) we collect extensive social survey data from one specific subpopulation (employees) nested within one sociotechnical system (the university campus); (2) we identify various social and social-psychological factors reducing susceptibility to victimization by computer-focused crime drawing on several criminological and sociological theories; (3) we supplement social survey data with organizational-level data to explore influences of characteristics of organizational units on individual-level employee victimization by computer-focused crimes as well as rates of such cybercrime threats in organizational units. We analyze the collected data by applying unique integrated sociotechnical analytical approaches that encapsulate the adversarial actions and subsequent rewards/costs using stochastic Markov decisions processes and probabilistic data production models. Our research provides guidelines for other researchers looking to incorporate social science methods and models into engineering systems, with the criminological/sociological aspect of the study of use to many other researchers. This work will transform how researchers approach the problem of sociotechnical security, in that our holistic view cognizant of both social and technical factors will become widespread.
Saman Zonouz is an Associate Professor at Georgia Tech in the Schools of Cybersecurity and Privacy (SCP) and Electrical and Computer Engineering (ECE). Saman directs the Cyber-Physical Security Laboratory (CPSec). His research focuses on security and privacy research problems in cyber-physical systems including attack detection and response capabilities using techniques from systems security, control theory and artificial intelligence. His research has been awarded by Presidential Early Career Awards for Scientists and Engineers (PECASE), the NSF CAREER Award in Cyber-Physical Systems (CPS), Significant Research in Cyber Security by the National Security Agency (NSA), and Faculty Fellowship Award by the Air Force Office of Scientific Research (AFOSR). His research group has disclosed several security vulnerabilities with published CVEs in widely-used industrial controllers such as Siemens, Allen Bradley, and Wago. Saman is currently a Co-PI on President Biden's American Rescue Plan $65M Georgia AI Manufacturing (GA-AIM) project. Saman was invited to co-chair the NSF CPS PI Meeting as well as the NSF CPS Next Big Challenges Workshop. Saman has served as the chair and/or program committee member for several conferences (e.g., IEEE Security and Privacy, CCS, NDSS, DSN, and ICCPS). Saman obtained his Ph.D. in Computer Science from the University of Illinois at Urbana-Champaign.