Amidst the near daily threats of cyber attacks on businesses and government agencies, cyber security researchers within the UK are starting to think outside the box when it comes to defending against these cyber attacks. In the latest initiative, a team of UK researchers at the University of Bath and Goldsmiths, University of London, are investigating whether fitness tracker technology – the type that appears in a popular device like the FitBit – might be used to make people more aware of potential cyber threats and encourage them to take proactive action.
Using fitness tracker technology to defend against cyber threats
In one scenario being investigated by the researchers, employees at a business or government agency would receive regular alerts in the form of lights, vibrations and sounds that would signal it’s time to change passwords, upgrade or install anti-virus software, or encrypt certain files or data. This would require employees plugging in a small portable device directly to their computer. This device plugged into a computer would then work in the background, collecting ambient data about the user and his or her computer, much like fitness tracker technology collects real-time data about a user for health monitoring purposes. Only, in this case, it is not physical health that is at stake – it is cyber health.
As one of the lead researchers on the project, Dr. Emily Collins, a research associate at the University of Bath’s management school, points out, “Humans are the weak link in cyber security.” By getting them to think about cyber health the same way they think about physical health, it might be possible to nudge them to take certain actions. The average user, for example, probably never changes his or her password unless forced to by system administrators. By sending out some gentle vibrations or flashing lights, fitness tracker technology might encourage employees to make this a more regular activity. A gentle, well-timed nudge might encourage employees to take action to protect their computers. For now, say the researchers, it’s not clear which of the various types of alerts – lights, vibrations or sounds – will be most effective in getting users to keep an eye (and ear) on the cyber security of their computers.
In addition, the researchers are exploring even more possible uses for fitness tracker technology that will leverage the types of sensors and cameras often found in these devices. In one scenario, a sensor would be placed on the seat of every employee. When he or she gets up from the seat, it would then offer a reminder to lock the computer screen from prying eyes. The big idea here is to help CIOs and CTOs minimize the chances for routine user mistakes and laziness when it comes to cyber security.
The dark side of fitness tracker technology
But could this new type of cyber security – no matter how well-intentioned it might be – ever be used as a form of intrusive surveillance on employees? For example, the whole idea of having sensors in a chair that know when you’re away from your computer might strike some as being creepy. And it’s possible to imagine how, in a very authoritarian nation, the “gentle vibration” that’s designed to get you to take a recommended action might turn into something a little more, well, “shocking.” Imagine getting a burst of strong vibrations if your employer detects that you’re daydreaming or slacking on the job.
And these scenarios – although never mentioned by the UK researchers – are not entirely out of the realm of possibility. For example, in one scenario mentioned by the research team, system administrators would receive notifications if employees are browsing the “wrong” websites – like social media sites, e-commerce shopping sites, or dating sites – during work hours. Even worse, those notifications might go out to the system administrator quietly and unobtrusively, so as not to alert the user. Then, all of a sudden, you might get a surprise invitation from your boss to discuss your recent cyber activity.
The benefits of using fitness tracker technology
There is a lot that industrial companies and government agencies can learn from the consumer technology sector, and especially fitness tracker technology. For example, one key to effective cyber security is constantly staying one step ahead of the hackers. And that’s something that’s possible with the type of rapid prototyping being used by the researchers at the University of Bath School of Management. In the lab test, the researchers are using Adafruit Circuit Playgrounds. As the researchers point out about rapid prototyping, “You don’t need much experience with electronics to take a concept from idea to reality.”
In addition, the researchers specifically mentioned the health psychology of fitness tracker technology, compared to the traditional psychology of cyber security. With personal health, people are very responsive to factors like “gamification,” in which the hard process of becoming healthier is turned into a fun, interactive game. That same thinking, say the researchers, can be used to improve cyber defenses by focusing on the human element. Using health psychology to pinpoint potential weaknesses in how people think about cyber security could be very useful in creating the right type of forward-thinking cyber culture in an organization.
Moreover, using fitness tracker technology can help to leverage the whole BYOD (Bring Your Own Device) trend in organizations around the world. More and more, IT administrators are realizing that people want to bring their own smartphones, tablets and, yes, fitness trackers, to work with them. And they expect them to work on the corporate IT network as well. In the current environment, this is difficult for organizations, because each new device acts as a potential attack point for hackers and outside threats. But if employees start to think in terms of carrying around their “cyber fitness trackers,” it might really lead to a stronger defensive network.
The UK project recognizes that people can be nudged forward. A gentle nudge can encourage these people to take action. Now comes the hard part – investigating the most effective ways to implement fitness tracker technology and find out what motivates people. If the new initiative works out as planned, it could help to enhance national cyber security.
