UCL Department of Science, Technology, Engineering and Public Policy


Evaluating Cyber Security Evidence for Policy Advice

Project Background

Evaluating Cyber Security Evidence for Policy Advice (ECSEPA) is a two year, EPSRC funded project developed in collaboration with a range of partners including the Sociotechnical Security Group at the National Cyber Security Centre and the Cyber Policy team at the Foreign and Commonwealth Office.

The project seeks to provide support for cyber security policy makers in the UK, specifically those civil servants who provide short and long term policy advice, either in response to specific crisis incidents or in the context of longer term planning for national security and capacity building. This cohort is of particular significance to UK cyber security because:

  • They are a relatively small and disparate group, with varying levels of technical expertise;
  • Their responsibility and impact goes well beyond their own organizations to shape the national and international landscape; and,
  • There is a real lack of research to support this particular community, either in identifying specific challenges they face or in developing more effective mechanisms for doing so.

Research objectives

The 2016 UK Cyber Security Strategy, set a clear objective for government to "detect, understand, investigate and disrupt hostile action taken against us". In response, this project sets out three main objectives:

1. Evaluate what exactly constitutes the evidence presented to and accessed by policy makers, how they privilege and order that evidence and what the quality of that evidence is.

2. Identify the particular challenges of decision making in this context and evaluate how effectively policy makers make use of evidence for forming advice.

3. Develop a framework to assess the capacity of evidence-based cyber security policy making that can be used to make recommendations for improvement and that can be re-applied to other public, private and international cohorts.

Project team

Madeline Carr
Dr Madeline Carr
(PI) Associate Professor of International Relations and Cyber Security, UCL STEaPP

Professor Siraj Shaikh
Prof Siraj Shaikh
(Co-I) Professor of Systems Security, Coventry University

Alex Chung 2018
Dr Alex Chung
Research Associate, UCL STEaPP

Atif Hussain
Atif Hussain
Research Assistant, Coventry University