A series of posts featuring BU’s impact case studies for REF 2021. (These are edited versions of the final submissions – the full impact case studies will be published online in 2022.)
Productive security and privacy by design: building security and privacy tools into the earliest stages of software development
Research areas: Systems Security Engineering, Computer Science & Psychology
Staff conducting research: Dr Shamal Faily, Dr Jane Henriksen-Bulmer, Dr John McAlaney
Background: Dr Faily’s research explores how personas – as a vehicle for user experience (UX) techniques in general – can be instrumental in incorporating security into software design prior to architectural design and software development. His work demonstrates how the activity of creating personas leads to better security requirements and how the elicitation and management of personas can be incorporated into integrated tool-support. In addition, his findings show how personas based only on assumptions can help find security problems once software has been developed and where the design data is sub-optimal.
Dr Faily and Dr McAlaney collaborated on a number of research projects with the UK’s Defence Science and Technology Laboratory (DSTL), identifying factors that influence how security analysts interpret risk, as well as principles for designing software used by cybersecurity risk-based decision-makers. Dr Henriksen-Bulmer has also explored whether the design techniques and tools for security are equally applicable when considering privacy – particularly in helping organisations and charities make sense of the General Data Protection Act’s impact on products and services.
The impact:
Supporting industry
BU’s research was adopted by Ricardo Rail (RR), a consultancy that provides technical expertise, assurance and specialist engineering services to rail companies around the world, enabling its clients to better understand emergent qualities of their systems such as safety, security and usability and the relationship between them. RR’s first application of the research was on a project conducting cyber security risk analysis of a rolling stock platform developed by a major UK-based manufacturer. By modelling personas developed by BU, RR was able to identify and investigate threats and control measures in greater detail, which would not have been the case otherwise
Supporting UK government
DSTL uses ‘the best science and technology capabilities’ to respond to the Ministry of Defence’s needs regarding current operations and future defence strategy. A key element is its support of military operations in rapidly changing situations in coalition with other nations. It is therefore essential that risk-based decision-making is understood across organisational boundaries. DSTL has used BU’s research to support its work with Defence Spectrum Management ‘to ensure defence use of the electromagnetic spectrum [signals such as radio, infrared or radar] is efficient’ and remove the potential for conflict between different users.
Supporting charities
When the new GDPR legislation was introduced in 2018, UK charities were struggling to establish how to demonstrate compliance. BU worked with renowned UK addiction rehabilitation charity StreetScene to demonstrate how techniques and tools resulting from our research could help. Dr Henriksen-Bulmer helped them evaluate the readiness of their existing policies and procedures with BU’s privacy risk assessment processes and tools, which were then used to train staff. This training, and that of other charities across the region, helped them reduce the amount of time and resources spent on privacy compliance activities, allowing for more time to be devoted to their charitable goals.
Strengthening disaster preparedness and resilience of news media in Nepal
Research areas: Journalism & Communication
Staff conducting research: Dr Chindhu Sreedharan, Professor Einar Thorsen
Background: After the 2015 Nepal earthquakes, it emerged that the country’s news outlets were ill-prepared to report on such events. This was despite the fact that journalists play a vital role during disasters: facilitating accurate public messaging, holding power to account, and aiding in the national recovery process. Dr Sreedharan and Professor Thorsen’s research identified for the first time that a lack of editorial preparedness was preventing the news media from meeting this responsibility.
BU’s Aftershock Nepal study mapped the key challenges Nepali journalists faced after the 2015 earthquakes. The project explored the requirements of sustained disaster journalism, assessed the levels of news media preparedness, and suggested good practices and culturally specific recommendations to strengthen post-disaster journalism. Using a website that published earthquake reportage by student journalists, researchers analysed the non-preparedness of Nepali journalists to identify their disaster-specific training needs.
In 2019, in partnership with UNESCO Kathmandu, BU published a bilingual book in Nepali and English that expanded the scope of Aftershock Nepal to consider resilience in the context of floods, landslides, and other climate-induced disasters. The book’s recommendations focused on three areas: building resilience for journalists, building capacity for news investigations, and building resilience for the future.
This was followed in August 2020 by a bilingual report, published with the Nepal Press Institute, which mapped the impact of the Covid-19 pandemic on the news industry. Findings revealed journalists experienced increased vulnerability, anxiety and grief, while others had taken a pay cut or lost their jobs. The report outlined 10 recommendations targeting psychological resilience of journalists, financial solutions, health protection and building future disaster resilience.
The impact:
Changing policy and practice
BU’s research has had far-reaching impact on the policies and practice of a range of news organisations, as well as UNESCO and the Nepal government:
- In direct response, Kamana Group – one of Nepal’s largest media groups, with a daily audience reach of 850,000 – adopted a disaster-specific editorial policy across all its publications,
- UNESCO used the research to strengthen its planning on disaster journalism capacity-building,
- Following BU recommendations, news organisations were included in Nepal’s Disaster Risk Reduction National Strategic Plan of Action 2018-30 for the first time,
- The Federation of Nepali Journalists, the country’s umbrella organisation of media professionals, made disaster journalism a strategic priority,
- The national organisation of women journalists in Nepal, Working Women Journalists, based its capacity-building activities on the BU research,
- Responding to BU recommendations, the Centre for Investigative Journalism in Nepal investigated the impact of Covid-19 on Nepali society, recognising the vital part disaster-specific investigations play in strengthening resilience.
Capacity building for journalists and students:
- Nepal Press Institute, the national industry training body for journalists, adapted its training delivery and curriculum to meet the present pandemic climate, with 76 journalists to date trained in disaster reporting.
- Disaster Journalism Network was established in 2020 by six community news organisations, in direct response to BU recommendations to bolster disaster resilience by creating collaborative networks. To our knowledge, this is the world’s first ‘multi-room collaborative to strengthen disaster journalism’. Through its activities and journalism, it has helped protect the physical safety of journalists and supported community members in getting their voices heard by politicians.
- After observing the impact on students of participating in Aftershock Nepal, Tribhuvan University (12th largest in the world with 600,000 students) revised its undergraduate journalism curriculum to include disaster journalism lessons.
- Kantipur City College initiated curriculum changes to its courses, based on BU research, incorporating disaster journalism in subjects such as Media Theories, Public Communication and Media Management.