STELLAR (Semantic Technologies Enhancing the Lifecycle of Learning Resources): Jisc Final Report

[Project Summary] As one of the earliest distance learning providers The Open University (OU) has a rich heritage of archived learning materials. An ever increasing amount of that is in digital form and is being deposited with the University Archive. This growth has been driven by digitisation activity from projects such as AVA (Access to Video Assets) and the Fedora-based Open University Digital Library ‘a place to discover digital and digitised archival content from the OU Library, from videos and images to digitised documents’. Other digital content is being captured from web archiving activities, such as work to preserve Moodle Virtual Learning Environment course websites. An evidence based understanding is required to inform digital preservation policies, curation strategy and investment in digital library development. Following the Pre-enhancement, Enhancement and Post-enhancement methodology set out by Jisc, STELLAR adopted the model of a balanced scorecard to ascertain the value ascribed to the non-current learning materials. Four aspects were considered: Personal and professional perspectives of value; Value to the Higher Educational and academic communities; Value to internal processes and cultures; Financial perspectives of value. The outcomes of the survey indicated that stakeholders place a high value on the materials, and that they perceived them to have value in all areas evaluated. Three OU courses were chosen from the digital library for the transformation stage. These materials were enhanced and transformed into RDF, a process that required more extensive metadata expertise and effort than was expected. Following enhancement the RDF was accessed through a tool called DiscOU, created by a member of the project team from the OU’s Knowledge Media Institute. DiscOU uses both linked data and a semantic meaning engine to analyse the meaning of the text in a search query. This is matched against the meaning of the content derived from an index of the full-text of the digital library content. In the final stage stakeholders were asked through a survey and series of workshops to use the DiscOU proof-of-concept tool to assess their perception of the value of this transformation. This has revealed that overall, academics and other stakeholders in the university do believe that the value of the selected materials was positively impacted by the application of semantic technologies

It's more than just money: The real-world harms from ransomware attacks

As cyber-attacks continue to increase in frequency and sophistication, organisations must be better prepared to face the reality of an incident. Any organisational plan that intends to be successful at managing security risks must clearly understand the harm (i.e., negative impact) and the various parties affected in the aftermath of an attack. To this end, this article conducts a novel exploration into the multitude of real-world harms that can arise from cyber-attacks, with a particular focus on ransomware incidents given their current prominence. This exploration also leads to the proposal of a new, robust methodology for modelling harms from such incidents. We draw on publicly-available case data on high-profile ransomware incidents to examine the types of harm that emerge at various stages after a ransomware attack and how harms (e.g., an offline enterprise server) may trigger other negative, potentially more substantial impacts for stakeholders (e.g., the inability for a customer to access their social welfare benefits or bank account). Prominent findings from our analysis include the identification of a notable set of social/human harms beyond the business itself (and beyond the financial payment of a ransom) and a complex web of harms that emerge after attacks regardless of the industry sector. We also observed that deciphering the full extent and sequence of harms can be a challenging undertaking because of the lack of complete data available. This paper consequently argues for more transparency on ransomware harms, as it would lead to a better understanding of the realities of these incidents to the benefit of organisations and society more generally.Comment: 17th International Symposium on Human Aspects of Information Security & Assurance (HAISA 2023

When Googling it doesn’t work: The challenge of finding security advice for smart home devices

As users increasingly introduce Internet-connected devices into their homes, having access to accurate and relevant cyber security information is a fundamental means of ensuring safe use. Given the paucity of information provided with many devices at the time of purchase, this paper engages in a critical study of the type of advice that home Internet of Things (IoT) or smart device users might be presented with on the Internet to inform their cyber security practices. We base our research on an analysis of 427 web pages from 234 organisations that present information on security threats and relevant cyber security advice. The results show that users searching online for information are subject to an enormous range of advice and news from various sources with differing levels of credibility and relevance. With no clear explanation of how a user may assess the threats as they are pertinent to them, it becomes difficult to understand which pieces of advice would be the most effective in their situation. Recommendations are made to improve the clarity, consistency and availability of guidance from recognised sourcesto improve user access and understanding

"You Just Assume It Is In There, I Guess": UK Families' Application And Knowledge Of Smart Home Cyber Security

The Internet of Things (IoT) is increasingly present in many family homes, yet it is unclear precisely how well families understand the cyber security threats and risks of using such devices, and how possible it is for them to educate themselves on these topics. Using a survey of 553 parents and interviews with 25 families in the UK, we find that families do not consider home IoT devices to be significantly different in terms of threats than more traditional home computers, and believe the major risks to be largely mitigated through consumer protection regulation. As a result, parents focus on teaching being careful with devices to prolong device life use, exposing their families to additional security risks and modeling incorrect security behaviors to their children. This is a risk for the present and also one for the future, as children are not taught about the IoT, and appropriate cyber security management of such devices, at school. We go on to suggest that steps must be taken by manufacturers and governments or appropriate trusted institutions to improve the cyber security knowledge and behaviors of both adults and children in relation to the use of home IoT devices

Revised fission yeast gene and allele nomenclature guidelines for machine readability

Standardized nomenclature for genes, gene products, and isoforms is crucial to prevent ambiguity and enable clear communication of scientific data, facilitating efficient biocuration and data sharing. Standardized genotype nomenclature, which describes alleles present in a specific strain that differ from those in the wild-type reference strain, is equally essential to maximize research impact and ensure that results linking genotypes to phenotypes are Findable, Accessible, Interoperable, and Reusable (FAIR). In this publication, we extend the fission yeast clade gene nomenclature guidelines to support the curation efforts at PomBase (www.pombase.org), the Schizosaccharomyces pombe Model Organism Database. This update introduces nomenclature guidelines for noncoding RNA genes, following those set forth by the Human Genome Organisation Gene Nomenclature Committee. Additionally, we provide a significant update to the allele and genotype nomenclature guidelines originally published in 1987, to standardize the diverse range of genetic modifications enabled by the fission yeast genetic toolbox. These updated guidelines reflect a community consensus between numerous fission yeast researchers. Adoption of these rules will improve consistency in gene and genotype nomenclature, and facilitate machine-readability and automated entity recognition of fission yeast genes and alleles in publications or datasets. In conclusion, our updated guidelines provide a valuable resource for the fission yeast research community, promoting consistency, clarity, and FAIRness in genetic data sharing and interpretation

Australian rural adolescents’ experiences of accessing psychological help for a mental health problem

Objective: This study aims to explore Australian rural adolescents’ experiences of accessing help for a mental health problem in the context of their rural communities. Design and setting: A qualitative research design was used whereby university students who had sought help for a mental health problem during their adolescence were interviewed about their experiences. Interviews were conducted face-to-face at the university. Main outcome measures: A semi-structured interview schedule was designed around the study’s main research questions. Audio-taped interviews were transcribed and thematically coded using a constant comparative method. Participants: Participants were first-year undergraduate psychology students between the ages of 17 and 21 years who sought help for a mental health issue during their adolescence and who at that time resided in a rural area. Results: Participants highlighted various barriers to seeking help for mental health problems in the context of a rural community, including: social visibility, lack of anonymity, a culture of self-reliance, and social stigma of mental illness. Participants’ access to help was primarily school-based, and participants expressed a preference for supportive counselling over structured interventions. Characteristics of school-based helpers that made them approachable included: ‘caring’, ‘nonjudgemental’, ‘genuine’, ‘young’, and able to maintain confidentiality. Conclusions: The findings support previous research that reveals barriers to help seeking for mental health problems that are unique to the culture of rural communities. The study raises questions about the merit of delivery of primary mental health care to young people via GPs alone and suggests that school-based counsellors be considered as the first step in a young person’s access to mental health care.C

Mental health problems in rural contexts : A broader perspective

The objectives of this article are to expand and comment upon a recent review in Australian Psychologist of the literature in relation to mental health problems in rural contexts by Jackson et al. (2007). In the present article we review recently published qualitative research on the help-seeking attitudes and experiences of rural Australian adolescents. While we agree on the utility of the Macintyre, Ellaway, and Cummins (2002) conceptual framework based on notions of health and place, we note that this framework specifically emphasises the importance of the collective dimension. We present a broader perspective on health and place than Jackson et al. (2007) by incorporating social geographic research. We argue that rural mental health research has been hampered by a simplistic view of social stigma of mental illness and that a more thorough conceptualisation of the phenomenon is needed. Finally, we make some further recommendations based on a broader perspective of mental health in rural contexts: one that incorporates an in-depth understanding of the help-seeking attitudes and experiences of rural adolescents as well as an appreciation of the collective social functioning of rural communities.C

Cyber Insurance and the Ransomware Challenge

The cyber insurance industry has been heavily criticised for providing coverage for ransom payments. A frequent accusation, which has become close to perceived wisdom in policymaking and cyber security discussions on ransomware, is that cyber insurance has incentivised victims to pay a ransom following a cyber incident, rather than seek alternative remediation options. Over a 12-month research project, researchers from RUSI, the University of Kent, De Montfort University and Oxford Brookes University conducted a series of expert interviews and workshops to explore the relationship between cyber insurance and ransomware in depth. This paper argues that there is, in fact, no compelling evidence that victims with cyber insurance are much more likely to pay ransoms than those without. Ransomware remains one of the most persistent cyber threats facing the UK. Despite a range of government, law enforcement and even military cyber unit initiatives, ransomware remains lucrative for criminals. During this research, we identified three main drivers that ensure its continued success: A profitable business model that continues to find innovative ways to extort victims. Challenges around securing organisations of all sizes. The low costs and risks for cybercriminals involved in the ransomware ecosystem, both in terms of the barriers to entry and the prospect of punishment. Despite this perfect storm of factors, the cyber insurance industry has been singled out for criticism with the claim that it is funding organised cybercrime by covering ransom payments. In reality, cyber insurance’s influence on victim decision-making is considerably more nuanced than the public debate has captured so far. While there is evidence that cyber insurance policies exfiltrated during attacks are used as leverage in negotiations and to set higher ransom demands, the conclusion that ransomware operators are deliberately targeting organisations with insurance has been overstated. However, the insurance industry could do much more to instil discipline in both insureds and the ransomware response ecosystem in relation to ransom payments to reduce cybercriminals’ profits. Insurers’ role as convenors of incident response services gives them considerable power to reward firms that drive best practices and only guide victims towards payment as a last resort. But the lack of clearly defined negotiation protocols and the challenges around learning from incidents make it difficult to develop a sense of collective responsibility and shared best practices around ransomware response. This has not been helped by the UK government’s black-and-white position on ransom payments, which has created a vacuum of assurance and advice on best practices for ransom negotiations and payments. This paper does not advocate for an outright ban on ransom payments or for stopping insurers from providing coverage for them. Instead, it makes the case for interventions that would improve market-wide ransom discipline so that fewer victims pay ransoms, or pay lower demands. Ultimately, this involves creating more pathways for victims that do not result in ransom payments. Beyond ransom payments, cyber insurance has a growing role in raising cyber security standards, which could make it more difficult to successfully compromise victims and increase costs for ransomware operators. Successive years of losses from ransomware have led to more stringent security requirements and risk selection by underwriters. Although the overall effect of this on the frequency and severity of ransomware attacks remains to be seen, by linking improvements in security practices to coverage, cyber insurance is currently one of the few market-based levers for incentivising organisations to implement security controls and resilience measures. However, continued challenges around collecting and assessing reliable cyber risk and forensic claims data continue to place limits on the market’s effectiveness as a mechanism for reducing ransomware risk. This, along with cyber insurance’s low market penetration, makes clear that cyber insurance should not be treated as a substitute for the legislation and regulation required to improve minimum cyber security standards and resilience. Insurers are also commercial entities that primarily exist to help organisations transfer risk, rather than to improve national security and societal cyber resilience. The cyber insurance industry could be a valuable partner for the UK government through increased ransomware attack and payment reporting, sharing aggregated claims data, and distributing National Cyber Security Centre (NCSC) guidance and intelligence to organisations. However, the government has not made a compelling enough case to insurers and insureds about the benefits of doing so. Instead, it has relied on appealing to their general sense of altruism. While insurers will benefit if governments are able to generate more accurate and actionable data on ransomware, albeit indirectly, this needs to be sold to the industry in a more convincing way. Some principles and recommendations for both the insurance industry and the UK government are listed below. These are not designed to solve all the challenges of the cyber insurance market, nor do they present wide-ranging solutions to the ransomware challenge. Instead, they focus on where the cyber insurance industry can have the most impact on key ransomware drivers. This reflects the fact that disrupting the ransomware economy involves applying pressure from different angles in a whole-of-society approach. The recommendations also start from the position that the UK government’s light-touch approach is unsustainable and requires more intervention in private markets that are involved in ransomware prevention and response. While they are specifically aimed at UK policymakers, regulators and insurers, they may be applicable to other national contexts. Recommendations Recommendation 1: To increase oversight of ransomware response, insurers should use policy language to require that insureds and incident response firms provide written evidence of negotiation strategies and outcomes. Recommendation 2: To develop and drive ransomware response best practices across the market, insurers should select specialist ransomware response firms for panels that meet a set of pre-defined minimum requirements. These should include: A proven track record of both regularly achieving outcomes that do not result in ransom payments, and of operational relationships with law enforcement and cyber security agencies. Conducting sanctions risk assessments. Compliance with anti-money laundering laws and FATF (Financial Action Task Force) standards. Ensuring payment firms that make payments on behalf of UK victims are registered with relevant financial authorities in the UK. Recommendation 3: The UK government should commission a study to improve its understanding of specialist ransomware response firms. This should aim to identify common best practices and key market players, and create a framework for benchmarking the quality of their services and products. These findings can be distributed to trusted partners in the insurance industry. To drive best practices in ransomware response and create more oversight of the incident response ecosystem, the NCSC, National Crime Agency (NCA) and international partners should also explore the feasibility and potential implications of creating a dedicated assurance scheme for firms that provide specialist ransomware services such as decryption, recovery, negotiations and payments. Recommendation 4: To increase reporting of ransom payments, the UK government and international partners should explore creating a dedicated licensing regime for firms that facilitate cryptocurrency payments on behalf of ransomware victims. In the short-term, the UK government should follow the example set by the US government and also ensure that ransomware response firms that facilitate payments are registered as money service businesses in the UK and therefore subject to national financial crime reporting requirements. Recommendation 5: To reach a market-wide consensus on what constitutes a reasonable last resort before a ransom payment is made, insurers should agree on a set of minimum conditions and obligations in ransomware coverage to ensure alternatives are explored first. These should include sanctions due diligence, a requirement to notify law enforcement and written evidence that all options have been exhausted. Recommendation 6: To increase ransomware reporting and ensure victims are able to access any relevant law enforcement and NCSC support, insurers should specify that any ransomware coverage must contain a requirement for policyholders to notify Action Fraud (the UK’s national centre for reporting fraud and cybercrime) and the NCSC before a ransom is paid. If there is no progress on this recommendation without intervention, then regulators should intervene to compel insurers to include this obligation in coverage. However, this recommendation also depends on the implementation of long-promised but delayed reforms to Action Fraud. These should include creating a dedicated category for reporting ransomware. Law enforcement and the NCSC must also provide assurances to insurers that they have the capabilities to support victims during incidents and that reporting leads to actual outcomes against ransomware actors, such as cryptocurrency seizures, arrests or offensive cyber operations. Recommendation 7: The NCSC and a UK insurer should trial integrating the NCSC’s Early Warning service into their ongoing assessments of policyholders. This would enable the insurer to distribute intelligence from Early Warning at scale and notify policyholders of potential ransomware attacks. The NCSC should also explore whether Early Warning will need to be expanded and adapted to meet the requirements of insurers and policyholders. Recommendation 8: To deepen operational collaboration with the insurance industry, the NCSC should seek to recruit secondees from the cyber insurance industry into the Industry 100 cyber security secondment scheme. This should include identifying specific tasks and roles for underwriters, claims managers and incident response professionals working for UK insurers. Recommendation 9: To increase reporting of ransom payments, the Home Office and NCA should ensure that existing financial crime reporting mechanisms – specifically, suspicious activity reports (SARs) – are fit for reporting ransom payments or money laundering linked to ransomware. Concurrently, the UK government should also identify ways to encourage cyber insurers to report ransom payments as SARs or through more informal channels

Ransomware: Victim Insights on Harms to Individuals, Organisations and Society

Ransomware incidents remain a scourge on UK society. Based on interviews with victims and incident responders, this paper outlines the harm ransomware causes to organisations, individuals, the UK economy, national security and wider society. The research reveals a wide range of harms caused by ransomware, including physical, financial, reputational, psychological and social harms. We set out a framework of: First-order harms: Harms to any organisation and their staff directly targeted by a ransomware operation. Second-order harms: Harms to any organisation or individuals that are indirectly affected by a ransomware incident. Third-order harms: The cumulative effect of ransomware incidents on wider society, the economy and national security. Building on an existing taxonomy of cyber harms, 1. this framework will enable policymakers, practitioners and researchers to categorise more case studies on ransomware incidents and to better explain new and existing types of harm to the UK and other countries. Ransomware is a risk for organisations of all sizes. The findings from this paper highlight that ransomware can create significant financial costs and losses for organisations, which in some cases can threaten their very existence. Ransomware can also create reputational harm for businesses that rely on continuous operations or hold very sensitive data – although customers and the general public can be more forgiving than some victims believe. The harms from ransomware go beyond financial and reputational costs for organisations. Interviews with victims and incident responders revealed that ransomware creates physical and psychological harms for individuals and groups, including members of staff, healthcare patients and schoolchildren. Ransomware can ruin lives. Incidents highlighted in this paper have caused individuals to lose their jobs, evoked feelings of shame and self-blame, extended to private and family life, and contributed to serious health issues. The harm and cumulative effects caused by ransomware attacks have implications for wider society and national security, including supply chain disruption, a loss of trust in law enforcement, reduced faith in public services, and the normalisation of cybercrime. Ransomware also creates a strategic advantage for the hostile states harbouring the cyber-criminals who conduct such operations. Downstream harm to individuals from ransomware is more severe when attacks encrypt IT infrastructure, rather than steal and leak data. There is no evidence from this research that the ransomware ecosystem is exploiting stolen or leaked personal data in a systemic way for fraud or other financially motivated cybercrimes. At present, exploiting stolen data for other activities is less profitable than extortion-based crime that takes away victims’ access to their systems and data. This finding may inform victim decision-making on when they should and should not consider paying a ransom demand

Why health visiting? Examining the potential public health benefits from health visiting practice within a universal service: A narrative review of the literature

INTRODUCTION: There is increasing international interest in universal, health promoting services for pregnancy and the first three years of life and the concept of proportionate universalism. Drawing on a narrative review of literature, this paper explores mechanisms by which such services might contribute to health improvement and reducing health inequalities. OBJECTIVES: Through a narrative review of empirical literature, to identify: DESIGN: The paper draws upon a scoping study and narrative review. REVIEW METHODS: We used three complementary approaches to search the widely dispersed literature: Our key inclusion criterion was information about health visiting practice. We included empirical papers from United Kingdom (UK) from 2004 to February 2012 and older seminal papers identified in search (3), identifying a total of 348 papers for inclusion. A thematic content analysis compared the older (up to 2003) with more recent research (2004 onwards). RESULTS: The analysis revealed health visiting practice as potentially characterized by a particular 'orientation to practice.' This embodied the values, skills and attitudes needed to deliver universal health visiting services through salutogenesis (health creation), person-centredness (human valuing) and viewing the person in situation (human ecology). Research about health visiting actions focuses on home visiting, needs assessment and parent-health visitor relationships. The detailed description of health visitors' skills, attitudes, values, and their application in practice, provides an explanation of how universal provision can potentially help to promote health and shift the social gradient of health inequalities. CONCLUSIONS: Identification of needs across an undifferentiated, universal caseload, combined with an outreach style that enhances uptake of needed services and appropriate health or parenting information, creates opportunities for parents who may otherwise have remained unaware of, or unwilling to engage with such provision. There is a lack of evaluative research about health visiting practice, service organization or universal health visiting as potential mechanisms for promoting health and reducing health inequalities. This paper offers a potential foundation for such research in future