ReCyP:HER - Blogs

On June 20, our two-week training started at Saarland University in Saarbrücken. Within two weeks, speakers from different partner universities and institutions presented different topics around psychology and cybersecurity in order to develop a first draft of a Human Factor course at the end of the two weeks, which will be piloted at our partner universities in Pakistan.

After a welcome by the Vice President of the University, Prof. Dr. Cornelius König and the project leader Dr. Nida Bajwa, Niklas George (Saarland University, Department of Industrial and Organizational Psychology) started to give the participants an introduction into different topics of psychology on the first day. By introducing phenomena of general psychology, social psychology, biological psychology, but also differential psychology, the participants should get a first preview of what was waiting for them during the week.

The second day of our first project week started with a short insight into psychological methodology by Richard Bergs (Saarland University, Department of Industrial and Organizational Psychology). In the second half of the day, Dr. Zeynep Uludağ (Ardahan University) gave a talk on risk perception and communication in cybersecurity, focusing the presentation on cognitive biases according to Amos Tversky and Daniel Kahneman.

On Wednesday, Prof. Dr. Sahar Nadeem (Institute of Business Administration Karachi) an expert in memory processes, spoke about cyber hygiene and the utility of passwords, linking the creation of secure passwords to memory processes such as chunking. For the rest of the day, Dr. Zeynep Uludağ gave a talk titled „System misuse and user misbehavior“, in which she introduced how we actually make decisions and why people, especially in the context of cyber security, also make wrong decisions that ultimately lead to mistakes. In particular, the different forms of use of systems (such as misuse, non-use, but also misuse) were part of the presentation.

On the fourth day of the two-week training, Stefan Kenst (Saarland University, Department of Industrial and Organizational Psychology) introduced the different forms of privacy and highlighted the topic of privacy with a psychological perspective. For the second part of the day, Usama Waheed (Lahore University of Management Sciences) was joined by zoom, a renowned expert on the psychological background processes of social media.

The last day of our project week was organized by a small group of psychology students. The students are currently doing their master’s degree in psychology and developed content on social engineering processes as part of a seminar with Dr. Bajwa. As a final part of the seminar, they presented different types of social engineering attacks to the training participants by letting the participants perceive for themselves how a social engineering attack occurs in the real world during the presentation. The final part of the last day was a short presentation by Richard Bergs, who talked about the psychological concept of trust in the interaction of people and systems.

After the many new impressions and exciting content, the group decided to travel to Heidelberg on Saturday. Heidelberg is located about 130 kilometers from Saarbrücken and can be reached in about two hours by train. Along the so-called „Philosophenweg“ (Philosophers‘ Path), we explored the former royal residence city from above and took a break while enjoying a beautiful view over the picturesque old town of Heidelberg. Finally, we hiked to Heidelberg Castle, which is mentioned in writings as early as the 12th century, has served as a motif and source of inspiration for paintings and poems over the past centuries, and is considered one of the oldest as well as most famous landmarks in Germany. We ended the day of the excursion with a joint dinner in Heidelberg’s city center.

The second week began with a presentation by Dr. Verena Distler at the University of Luxembourg. Dr. Distler spoke about studies focusing on human-computer interactions (HCI) and initiated an exciting exchange about the future of human-centered cybersecurity research. After lunch, the group explored the capital of the Grand Duchy, stopping at the Court of Justice of the European Union, among other locations, before touring the historic Old Town under the guidance of Dr. Bajwa.

On the following Tuesday, Niklas George started with a presentation on so-called nudging, the psychological process of getting users (or people in general) to change behavior. In the afternoon, we again had Matthias Fassl (CISPA – Helmholtz Center for Information Security) who mainly talked about ethical foundations in cybersecurity research and presented current study results of his research group.

Wednesday started with a presentation on psychological methodology. After Richard Bergs had given a short overview of psychology as a science in the first week, Dr. Rudolf Siegel as well as Rafael Mrowczynski (both CISPA – Helmholtz Center for Information Security) talked about higher statistical methods, but also gave an insight into qualitative research methods, which are more widely used in cybersecurity research. Johanna Gathen (Saarland University, Department of Industrial and Organizational Psychology) concluded the training day by presenting on user education and training.

The last two days of the training were primarily used to develop a first draft of a possible Human Factor course that will be implemented at the Pakistani universities. Dr. Bajwa recapped the findings of the last few days and, at the request of many participants, spoke about WEIRDness in psychological research. WEIRD is an acronym that describes the groups of people who are particularly likely to be subjects in psychological studies, namely people from backgrounds that are western, educated, industrialized, rich, and democratic. Dr. Bajwa presented efforts in research to break with this paradigm and showed movements to improve research in this direction. Last but not least, it is this cultural exchange of the participants in this project that contributes to making research more generalizable.

The group used the rest of the day for discussions about the previous content. Finally, questions arose which topics of this training could be implemented in a Human Factor course, what the focus of such a course should be, but also what content would need to be taught in order to give students an all-round view of the topic of Human Factor. The group agreed on several topics that corresponded closely to a recommendation issued by the Association for Computing Machinery (ACM), but modified this curriculum recommendation by adding topics. Finally, it was decided to review the individual contents of the training and to exchange findings in another online meeting.

Overall, the two-week training was a complete success. All project partners confirmed that they had gained a lot for themselves in the course of the last two weeks and that they had taken away new impressions, ideas and inspiration from it.

Saarland University would like to thank all participating project partners for the intensive and enriching intellectual exchange, participation and interest, whether on-site or remote.

On December 1st, our third program day, the Foreign Economic Relations Board of Turkey (DEİK Turkey) invited us to a joint meeting at their head office in the heart of Instanbul.

Dr. Mustafa Cetin Gumusoglu, who is the DEIK Turkey-Pakistan Business Council Coordinator, and Halil Kulluk, the chairman of the Turkey-Finland Business Council, welcomed us and introduced us to further delegation members.

Both emphasized their excitement about our Recypher project as a sustainable strategic bridge between Pakistan, Germany and Turkey and highlighted the interest and capacity of DEiK to serve as a link for such collaborations.

This speech was followed by a presentation from Nevin Cizmeciogulları, the Country Director of IDC Turkey, an international market research and consulting company, who gave us insights into the increasing relevance of cybersecurity within companies as well as a business sector of its own.

Showing data on the role of cybersecurity in different countries and digital transformation which was further accelerated by the global pandemic, she emphasized what an opportunity and at the same time a challenge cybersecurity offers for the industry. With an increasing number of people working remotely, the trust in digital companies is a vital requirement that needs to be addressed.

To overcome these challenges, it is fundamental to form collaborations. Not only between different companies, but also between industry and research projects such as Recypher. This was the central message of the meeting.

In addition to official talks, we also had time for personal exchange with the delegation members, asking and answering questions and that is exactly what enables and promotes the desired collaborations.

The time finally came for our project consortium to meet. After the meeting had to be postponed due to the COVID19 pandemic, we (the Recypher project partners from Pakistan, Turkey and Germany) finally came together and met in person for the first time in Istanbul on November 28th 2021 in Istanbul (Turkey). While previous exchanges and workshops took place virtually, we now had the opportunity to exchange ideas and generate new ones for a whole week.

After a joint dinner on Sunday evening, we were warmly welcomed by Prof. Dr. Bilgin Metin at Bogazici University on Monday. Vice Rector Prof. Dr. Gurkan Kumbaroglu also invited us to his office and welcomed us on behalf of the university. He emphasized the importance of maintaining these new relationships and collaborations even beyond the end of the project.

During the week we had the possibility to get to know even more of the university: Dr. Oguzhan Aygoren introduced the Bogazici University Innovation Center where ideas for business start-ups by students are promoted. In addition, there was a tour of the Cybersecurity Lab which gave a first idea of what a Cybersecurity Awareness Center might look like in the future.

The ideas about these centers were further elaborated during the week. A creativity workshop inspired new ideas for cybersecurity simulations and games that could take place in such a center. In addition to a general collection of ideas and concepts, specific strategic action plans have already been drawn up and responsibilities assigned.

As the goal of our meeting was to benchmark and learn about best practices and collaborations between universities and industry in the field of cybersecurity in Turkey, there were repeated contributions from companies presenting various cybersecurity solutions:

Veysel Ataytür, the CEO and co-founder of Logsign, a Turkish company specializing in robust and smart cybersecurity solutions for enterprises, gave us insights into user entity behaviour analytics which is an essential aspect when it comes to human factors in cybersecurity. Another interesting contribution came from the cybersecurity institute of the Scientific and Technological Research Council of Turkey presenting solutions for a virtual environment in which cybersecurity simulations can be conducted. CRYPTTECH, a Turkish technology and software company developing solutions in the field of cybersecurity, defence industry and artificial intelligence also introduced us to its innovative products.

Considering that we strive for cooperation between research and industry, Turkcell’s UNIBOUNTY project presented by Emin İslam Tatlı, the Turkcell cybersecurity director, was particularly interesting for us: As one of the largest mobile communications providers and mobile network operators in Turkey they offer a bug bounty program for university students at Büsiber (the cybersecurity unit of Bogazici University). This alliance can serve as a model for future collaborations of our project with industry.

Speaking about collaborations with companies, it is vital to mention our meeting with DEİK, the Foreign Economic Relations Board, which was a special highlight for us. If you want to learn more about this particular meeting, check out our blog post called „Study Visit to Turkey: Meeting the Foreign Economic Relations Board“.

Moreover, in addition to Prof. Dr. Metin, further local academicians provided input that stimulated discussions and fostered a shared understanding of the role of human factors among researchers from different disciplines: Dr. Nazım Taşkın gave an overview of traditional research methods in social sciences and cybersecurity and Dr. Zeynep Uludag presented the psychological approach to cybersecurity.

In addition to all these presentations and formal meetings, there was still time for informal exchanges, exploring the city and getting to know each other personally. The resulting bonds will further promote successful and sustainable collaborations within the team in the future.

Dr. Basit Shafiq, Bilal Afzal, Dr. Naveed Bhatti, Dr. Faisal Iradat, Dr. Yawar Abbas, Dr. Syed Irfan Nabi, Dr. Haider Abbas, Dr. Sahar Nadeem Hamid, Dr. Bilgin Metin, Dr. Saddaf Rubbab, Dr. Nazim Taskin, Dr. Yousra Javed, Dr. Ammar Masood, Dr. Mobin Javed, Dr. Nida Bajwa, Dr. Kashif Kifayat, Stefan Kenst, Anja Winkelmann

The 25th of March is the day you should mark in your calendar: On this day the big kick-off meeting of the RECYPHER project will take place! Join our public viewing livestream on Youtube to be part of it!

  • How can you join the meeting?
  • -We will start at 11 am (German time), respectively 3 pm (Pakistani time) on 25th of March
  • -Click here to join our Youtube Livestream: Click here to view

Our special guests invited are the Ambassador Germany Pakistan, the Minister of Science and Technology Pakistan and the Vice-Chancellors, Rectors and Presidents of Partner Universities.Join us and be part of it!

RECYPHER ("Rethinking Cybersecurity in Pakistan – Human factors‘ Essential Role") is a project, which is designed to create a comprehensive capacity building in Paklistan in the area of cybersecurity and psychology. The project is funded by the European Union within the Erasmus+ programme.

Digitalization has reached every corner of our lives and enables us to be connected to family and friends as well as work from home. While there are countless positive aspects of these developments, it necessary to realize that an increasing digitalization also brings along numerous ways of being exploited. Citizens, enterprises and even governments are potential targets of cyberattacks, damaging IT systems and stealing personal information and secret documents. A report of the European Parliament states that the current worldwide costs of cybercrime attacks can be estimated at approx. 530 billion euros. And the trend is clearly going upwards.

It is clear that there is a need to counter these attacks and protect citizens and companies. Although for a long time technological solutions were at the center of cybersecurity debates, lately there has been an increasing realization that an emphasis needs to be put on psychological factors of users for IT security as a whole to work. Take the example of cybercriminals who pursue non-technical strategies, such as „social engineering“, to gain access to data of potential victims or to install malware on their computers. Hackers might contact their victims through means of psychological manipulation strategies manage to make them reveal their password for a service. A complex algorithm to encrypt such a password cannot protect users who reveal a critical piece of information that enables attackers to get access to their most sensitive data.

The psychological component and human factors of cybersecurity are at the center of debates in developed countries now, as they struggle in fighting these attacks, yet there is a clear need to build up defense systems in developing countries where more and more people are getting access to the internet is even more important. Developing nations, such as Pakistan, suffer major IT security breaches regularly and are confronted with an enormous challenges on making their systems secure as well as ensure the cyber safety of their citizens and organizations.

And this is where the capacity-building project „Rethinking Cybersecurity in Pakistan – Human factors‘ Essential Role“ (RECYPHER), aims to uplift and build capacity in the area of cybersecurity in Pakistan with a particular focus on human factors. In order to achieve this goal, the RECYPHER project has set the following goals:

Development of Cybersecurity Awareness Centers

Cybersecurity Awareness Centers will be set up at selected universities in Pakistan to create a space where a broad group, from interested citizens and students to IT experts, can be sensitized to the topic of IT security. In these centers IT security and its challenges are experienced in real-life experiments and simulations, in order to create an awareness of its importance amongst citizens. It should be clarified how easily visitors‘ data can be accessed, for example, by creating individual personality profiles simply through the presence of their electronic devices. A further central idea of Cybersecurity Awareness Centers is that training courses should take place here, which enable training in specialized areas of cybersecurity and at the same time integrate the applied knowledge of psychology.

Building networks

A focal aspect for initiating economic development in the field of cybersecurity is to create a closer connection between students of the selected partner universities and companies active in this field. Within the framework of offers and events dealing with the topic of IT security, an opportunity for exchange and contact is to be created for interested students as well as companies. Young students should not only be sensitized to the topic, but also have the opportunity to enter this branch of industry.

Highlighting the importance of the psychological side of IT security

So far, linking psychology with cybersecurity is still a young area, even in developing countries, yet there is great potential for growth. In addition to the technological solutions, the psychological side of human-machine interaction must also be considered in order to be able to create a holistic concept for cybersecurity. As research in the social sciences in Pakistan does not have the prominence it deserves, especially in comparison to science subjects, one of the fundamental goals of this project is to boost the relevance of psychology in general and specially in the field of cybersecurity

Our first National Conference was held at the Air University in Islamabad on 30th September 2022, with an attendance of around 300 participants. The conference aimed to foster a network between cybersecurity experts and social scientists and promote the exchange of good practices. Thus, the social scientists and cybersecurity experts from Recypher project partners and other Universities across Pakistan were welcomed at the campus of the Air University. In addition to academicians and students, a significant number of industry executives, key government representatives, and relevant stakeholders also participated in the conference.

The Conference started with a speech by the Secretary of Information Technology, Mr. Mohsin Mushtaq, and was followed by speeches of the Vice Chancellor of the Air University, Air Marshal Javaid Ahmad HI(M) Retd., Director of the National Center for Cyber Security, Prof. Dr. Kashif Kifayat, and representatives of the European partners in ReCyP: HER (Dr. Nida Bajwa from the University of Saarland in Germany, Prof. Dr. Bilgin Metin from Bogazici University Istanbul, and Dr. Katharina Krombholz from CISPA Helmholtz Center for Information Security). All conference speakers emphasized the utmost significance of applying a psychological approach to raise awareness, understand, and curtail cyber security incidents in today’s digital world.

After the official opening ceremony and a keynote speech by Prof. Dr. Katharina Krombholz about the current trends and future perspectives of Human Factors in cybersecurity, the conference continued with open slots. Nine available slots provided different topics to the target groups. Three of those were research talks about Human Factors (e.g., Scientometric Analysis, Qualitative research in Usable Security). Four were round tables and panel discussions about different achievements in the ReCyP: HER project (Cybersecurity awareness centers: A new concept for immersive learning environments; Human Factors related challenges in Cybersecurity in Pakistan: Ideas for interdisciplinary elective project courses; Social Science meets Cybersecurity: How to design a course on HF- A pilot project; National Report on Interdisciplinary Collaboration between Cybersecurity experts and social scientists in Pakistan). Additionally, there were two presentations covering the topics of individual funding possibilities for students by DAAD and funding possibilities for universities for international collaboration by Erasmus+.

All in all, the National Conference was a complete success and a significant milestone in creating a strong network between social scientists and cybersecurity experts as well as industry representatives. We worked together as a team and have kept in touch with each other since. Many thanks to our partners from Air University, who organized a great event with everything needed and much more.

The end of September 2022 marked a significant period for our project. After detailed planning, we began our travel to Pakistan with two primary goals. The first goal was to have the curriculum discussion at our partner university LUMS (Lahore University of Management Sciences). To achieve this goal, we planned a two-day discussion with representatives of all our partner universities with incredible support from our colleagues at CISPA (Helmholtz Center for Information Security). The aim was to get an in-depth understanding of the strengths and challenges of the curricula of the cybersecurity programs at our partner universities in Pakistan. Hence, we could identify the areas of improvement in their curricula and discuss different measures in the subsequent. In turn, we could enlighten curricula from the perspective of established international standards and the general call to implement more applied elements in the cybersecurity curricula.

To have a fruitful and structured discussion in Pakistan, we started our pre-work online before the travel. All partner universities reviewed their cybersecurity programs and compared them with international cybersecurity guidelines (e.g., ACM guidelines, Association for Computing Machinery) to identify areas of improvement to discuss afterward. Based on this pre-work Prof. Dr. Katharina Krombholz and her team from CISPA prepared an agenda for the two-day discussion containing different methods (e.g., research marketplace, focus groups, group activities) and topics such as career paths of graduates, competencies of cybersecurity students expected by the industry, interdisciplinarity of cybersecurity, assessment, and quality control.

Many lessons were learned during the two-days discussion. The importance of bridging the gap between theory and practice, possibilities to motivate students, balancing the focus of student projects (research vs. industry), and teaching transferable computing knowledge were identified as crucial aspects to be considered in the cybersecurity curriculum.

But it would have been a pity to be in Lahore and not add great memories to our academic discussion. Thanks to our hosts, we were able to take part in cultural activities and not missed learning and encountering the cultural elements. Experiencing the Pakistani culture enabled us to better understand the local standards, that will strengthen our future collaboration.

All in all, we want to thank our great hosts for the warm welcome in Lahore! In addition, we are thankful to all our partner universities and the CISPA team for accompanying us and constructing memories together as a team.

If you are interested to know about our next stop in Pakistan (achieving our second goal), read our next post on the National Conference at the Air University, Islamabad.