Visible to the public TWC SBE: Option: Small: Building Public Cyber Health - Designing and Testing the Efficacy of a School-Focused, Gamification Approach to Create a Secure Computing EnvironmentConflict Detection Enabled

Project Details

Lead PI


Performance Period

Sep 15, 2013 - Aug 31, 2017


University of North Carolina at Chapel Hill

Award Number

Outcomes Report URL

As the frequency and complexity of cyber attacks increase, approaches to create secure computing environments must look beyond technical barriers that protect from the outside to building a collaborative culture of cyber health from the inside. Use of online incentives have been shown to be an effective tool for enhancing an individual's engagement with a task. This project explores the use of online incentives and social networking to improve an organization's cyber health by coalescing the micro cyber behaviors of individuals within the organization to create a more secure computing environment. Schools represent an ideal setting in which to test such a new model for cybersecurity. Teachers, faculty and parents are motivated to keep students safe and secure. Further, most students today are very technologically savvy, which introduces technology as an ideal means by which to teach students about cyber risks and how to avoid those risks--and to reinforce good cyber behaviors while reducing bad behaviors.

This project approaches the school as a system in which cybersecurity is improved and maintained through the use of digitally-mediated interventions that combine online psychological incentives for student engagement and social networking to reinforce social and authority figure influences. In short, the project broadly aims to "build cybersecurity in" by engaging multiple stakeholders to help build a more robust public cyber health system. The effectiveness of incentives in building collective cybersecurity awareness and reinforcing positive cyber behaviors is being explored through intervention experiments that are implemented in three student populations: 1) elementary school students who are being exposed to supervised use of digital devices, both in a school environment and at home, for the first time; 2) middle school students who are "experimental" users of digital devices and have limited awareness of cybersecurity concepts; and 3) college students who have been shown to demonstrate risky cyber behaviors that often put them and other university stakeholders at risk.

Recent success in school-based public health interventions to modify personal health behavior informs the project's approach to building public cyber health. In particular, the well-known Health Belief Model provides a lens for exploring how individuals balance belief in their susceptibility to a cyber threat against their belief in the effectiveness of the proposed mitigating behavior when deciding whether to adopt that behavior. However, there are important differences between public health and cybersecurity. Online incentives, used in public health in particular, have been shown to be most effective in modifying behaviors that individuals already know they should perform and that they already know how to perform. This research will explore whether interventions delivered through digital devices can be successful in both changing an individual's current risky behavior and introducing new safe behaviors, at various ages. To assess the impact of the interventions, throughout the study data will be collected on individuals' cybersecurity knowledge, perceptions and behaviors using surveys and by monitoring intervention experiments.

If successful, the novel public cyber health interventions developed in this project will provide benefits that cascade over the long-term to businesses that hire participating students, additional organizations that adopt the intervention techniques, and the broader cyber community. In the near term, this project will directly benefit student participants, as well as teachers and parents, by improving their cybersecurity knowledge, perceptions, and behaviors, thus reducing their risks. Thereafter, the techniques developed will be made widely available for use by other schools and organizations, and as individuals become more secure, the project's impacts have the potential to be further amplified by participants' security behaviors outside of the organizational environment. Further, specific at-risk groups are being targeted in the study?two of the student populations participating provide unique challenges to our research as well as unique rewards if our research is successful. The elementary school population will be drawn from a charter school composed exclusively of minority youth in North Carolina that face significant social, economic, and educational challenges. The middle school partner, located in a rural, economically-challenged eastern North Carolina, is struggling to provide the technical skills that its students need to succeed in the wider global economy.