Launch of a new research agenda for a safer society The National Cyber Security Research Agenda, 3rd edition (NCSRA-III), will be presented at June 5th 2018 during an iPoort session in Nieuwspoort in The Hague between 5:00 PM and 6:30 PM. If you are able to join, please register here.Program of the afternoon4:30 - 5:00 Reception 5:00 - 5:10 Introduction by Peter Zinn, session chairman5:10 - 5:15 Presentation by Michel van Eeten, professor Governance of cybersecurity TUD, on behalf of the board of editors5:15 - 5:25 Handing over the NCSRA-III by Jan Piet Barthel, director dcypher, to Stan Gielen (NWO), Henk Jan Vink (TNO) and Patricia Zorko (J&V)5:25 - 5:40 Short reaction on the receipt of the agenda by Patricia Zorko (on behalf dcypher supporting ministries), Stan Gielen (on behalf of NWO domains supporting cybersecurity research) and Henk Jan Vink (on behalf of TNO)5:40 - 6:25 Panel discussion led by the Chair Peter Zinn with:Marc Witteman CEO RiscurePatricia Zorko director Cyber Security Ministry of Justice and SecurityStan Gielen president of the Executive Board of NWOKees Verhoeven Member of ParliamentHerbert Bos professor Systems Security VU 6:25 - 6:30 Conclusions by Peter Zinn Chair of the Day6:30 - 7:00 Drinks & Bites  

The rise of IoT botnets – why cyber hygiene remains an issue    by Karine e Silva, PhD Candidate BotLeg Project/ TILT, TiUYou may not be aware, but your device’s processing power could be launching an attack somewhere in the world right now. Put differently, your device could be part of a botnet, a network of compromised devices manipulated from a remote location. The interesting part is that, contrary to infections that bug the owner of the device, a botnet is almost unnoticeable to the host. The infection is made to run in the background, without hurting the normal functioning of the system. Sophisticated forms of botnets continue to be one of the most pervasive threats to the stability of the Internet and its spread to other areas of technology are worrisome.The spread of Mirai, the first large-scale IoT botnet publicized, spawned a turmoil in the cybersecurity community. Although IoT devices had long been reported as a ticking bomb: the level of security embodied in the technology was questionable and a spur of threats against IoT was envisioned. In 2016, Mirai emerged as a powerful, remote network affecting cameras and routers, causing massive disruptions worldwide. The attacks emerging from Mirai paralyzed more than 900.000 Deutsche Telekom customers, a prominent cybersecurity website, and the telecommunications infrastructure of Liberia. Several developments made these outages possible, including the leaking of the Mirai source code, what allowed other cybercriminals to create powerful and resilient versions of the original botnet. By November 2016 Mirai had already compromised a total of 5 million devices and new forms of the botnet have emerged since. The IoT is part of our daily lives and is expected to become a natural, embedded infrastructure at the root of the simplest activities. Smart fridges, ovens, cars, wearables, etc., aim to minimize the burden of decision making and help us minimize the time we spent in repetitive tasks. The wonders (and pitfalls) of IoT come entrenched in the challenges that we have long faced in other connected environments. Various elements make the Internet a prolific environment for threats, but I will focus on two. One, cybersecurity standards, especially those practiced in the IoT, are criticized for being insufficiently low. Two, users make poor cybersecurity decisions in their work and home environments for lack of better understanding, training, and rational constraints. This brings me to the discussion of cybersecurity as a shared responsibility. The theory of cybersecurity is marked by the concept of shared responsibility. In cybersecurity literature, multistakeholderism is a pre-requisite for successful cybersecurity. This concept that cybersecurity is a collective effort is grounded on the fact that the functioning of the Internet is made possible by public and private infrastructures. The Internet is managed a large variety of actors, making it a special case when it comes to critical infrastructure. These multistakeholders, each at their own stance, can influence the outcome of a security threat based on the decisions made at their control level. When we think of digital environments, multiple actors perform both the role of regulator and regulated agent: they are at the same time managing a network and defining how the network will operate. This phenomenon has a unique potential: those who manage networks (such as Internet intermediaries) have an actual regulatory position and can influence how we experience cybersecurity (for the good and for the bad). Following the premise of multistakeholderism, States, businesses, and citizens alike are called upon to exercise their fair share of responsibility and will be held accountable (legally or morally) for failing to meet these standards. In the EU, States carry out the responsibility for implementing cybersecurity legislation and monitoring its application. Businesses are bound by national and EU regulation determining the technical standards of cybersecurity to be observed in the development of products. Likewise, procedures are responsible for reporting security incidents and respect the protection of our personal data. But it does not end here. We are reasonably expected to keep our devices up to date. Individuals must refrain from engaging in activities that undermine public security. The moment our personal devices become a host cell, we become a vector of cybercrime, and undermine the efforts made by other stakeholders in the chain. In sum, cybersecurity is a goal that is only achievable as long as all actors involved take ownership of their fair share (of the problem and the solution). The final question is: how are we, as a community, contributing to cybersecurity? As individuals, we may not have a direct legal obligation to update our devices, search for secure ways to transmit data, or invest in personal cybersecurity devices. But we still have the moral duty to make decisions that are in the benefit of our community and to avoid becoming a liability for others. So, what are you giving back to our Internet community? 

On 5 June, the third edition of the National Cyber Security Research Agenda (NCSRA-III) will be presented. On Thursday 12 April, cyber security researchers and experts from universities, government institutions and companies discussed the final refinements to this new research agenda in the area of digital security. Computer viruses, hijacked computers, hacking, DDoS attacks, phishing and digital espionage are all threats to the digital security of citizens, companies and governments, and they reach the news headlines almost every week. As we have become increasingly dependent on digital services in our everyday lives over the past two decades, we have also become more vulnerable to such attacks.Cyber security researchers are developing new security systems to protect the Dutch digital society. The National Cyber Security Research Agenda (NCSRA) is intended as a framework for public-private partnership within national research into digital security. The agenda was published for the first time in 2011 and was followed by a second edition, NCSRA-II, in 2013. Five years after the second edition, considerable effort is being put into the realisation of a third edition, NCSRA-III. On Thursday 12 April, stakeholders discussed the draft texts of the agenda that were written earlier this year. The 90 participants included many academic researchers, but also experts from industry (including Philips, KPN, NXP, Secura and Rabobank) and representatives from government ministries, TNO, the Confederation of Netherlands Industry and Employers, the Dutch police and the Dutch judiciary.The NCSRA-III is subdivided into five pillars: better design, better defense, better organisation, better understanding of attacks, and improved privacy. For each pillar, the agenda clearly states what the relationships with the other pillars are. 'The agenda that was published five years ago was more compartmentalised', says chair of the event Wim Hafkamp, chief information security officer at Rabobank (and chair of the dcypher advisory council). At the time, we had nine themes that were largely studied independently. The world has changed since, and we are trying to respond to that by clearly considering the relationships between the five pillars. One example of the difference between the new agenda and the previous edition is that we now pay more attention to the psychological aspects of cyber security, for example the change of behaviour; we no longer examine just the technical aspects.'Jaap-Henk Hoepman, principal scientist of the Privacy & Identity Lab, states two ways in which the playing field for digital security has changed over the past five years: 'First of all, our society has become far more dependent on ICT than it was five years ago.'Second, it is better if we now assume that there is no such thing as an entirely secure digital infrastructure. Instead, we should assume that systems have been attacked and that the attacker has access. If this is the case, how can we best protect ourselves?After a plenary session in which the five research pillars were each briefly introduced by a university researcher, the rest of the afternoon was used for discussions. Two successive discussion rounds were organised for each pillar, so that each participant could comment on two of the pillars. At the end of the afternoon, the discussion leaders reported on the most important comments and remarks.The Pillar "Better design" assumes the idea that many security problems can be prevented by designing systems and services where security is one of the priorities from the outset: this is called security by design. When he presented this pillar, Erik Poll from Radboud University noted that, in recent years, everybody has been talking about security by design, but that far too little has been done about it in practice. An important point that emerged from the discussion round is that the end-user, in particular, should not be forgotten. The pillar "Better defense" is about preventing and detecting attacks, but also about responding to and recovering from attacks. The main challenge here is to efficiently and effectively increase the strength of all defensive resources, says Luca Allodi from Eindhoven University of Technology. "Better governance" is the third pillar. This pillar focuses on the owners of systems and services, namely citizens, companies and government bodies. How do they deal with the available technical possibilities to improve digital security? This pillar attracted the most discussion participants by far, including participants from TNO, the Confederation of Netherlands Industry and Employers, the Dutch police and the Dutch judiciary. Several comments concerned the concept of "security". Security has a subjective component, which is not objectively measurable by definition. But in addition, relatively few hard facts and data are available about the measurable component of security.  Kees Neggers, former director of Surfnet and one of the four Dutch people who have been included in the Internet Hall of Fame, expressed his concern that the deeper underlying causes of digital threats are not sufficiently tackled. For example, the current design of the Internet contains leaks that should be sealed according to him. That is technically feasible, but the investments required are scarcely being made. Representatives from industry expressed the concern that it is particularly difficult to get SMEs involved, even though they jointly constitute 95% of Dutch industry; there is an awareness of digital security among them, but also a lack of concrete action. Finally, Theo Jochoms, adviser on science and education at the Dutch police, noted that a lot of attention is devoted to defending against cyber attacks but relatively little attention to detecting these.The fourth pillar, "Better understanding of attacks", studies vulnerabilities in designs, protocols, systems, defense measures, etc. Without an understanding of vulnerabilities, we cannot defend ourselves. The human factor will be given attention as well. Exposing the psychology of the attacker also makes it possible to improve the defense. Botnets could be knocked out before becoming active, for example. The fifth and final pillar, "Improved privacy", ties in with the fact that privacy is a fundamental right within the EU – one that is protected by law. And just like the efforts to achieve security by design, efforts should also be made to design ICT applications in which privacy is a priority from the outset: privacy by design. One of the points raised during the discussion round was that privacy is also a part of identity management: proving that somebody is who he or she claims to be. A second interesting discussion point, submitted by Professor of Cyber Security Governance at Leiden University, Bibi van den Berg, is that privacy should not only be examined in the narrow sense of the term at the level of the individual but also in the broader sense of a community or organisation. People are very keen to share certain things, whereas they do not wish to share other things at all or just with a few people. And ideas about privacy have also changed over the course of time, but this aspect has barely been studied to date.All comments and remarks made during the discussion afternoon will be carefully considered, concludes Jan Piet Barthel, director of dcypher (the Dutch Cybersecurity Platform Higher Education and Research), the organiser of the discussion afternoon. Proposals for amendments can still be submitted until 23 April. Where necessary, the draft texts of the NCSRA-III will be modified. On 5 June, the third edition of the National Cyber Security Research Agenda will be presented at press centre Nieuwspoort in The Hague.Text: Bennie Mols, sciencejournalistTranslation: NST SciencePhoto's: Thijs ter Hart

The Dutch Government organizes the international One Conference 2018. This conference aims to facilitate the exchange of knowledge and ideas within the international cyber security community. To this aim 1200 people from the (inter)national CERT community, academia, security professionals from public and private sector as well as our key partners from law enforcement and intelligence will participate in this event. The international One Conference is located in The Hague, the Netherlands, 2 & 3 October 2018The conference program offers topics of interest for a wide variety of participants, from (technical) specialists to decision-makers and researchers, from both the private and the public sector.SessionsThe Dutch Government invites researchers, companies and professionals to submit proposals for presentations. All sessions are 40 minutes in length including Q&A. Previously published and/or presented material is welcome if the information and message are still new and relevant to this audience. Presentations will ultimately be chosen based on relevance to the topics below, maturity of results and relevance to the audience.TopicsTopics include but are not limited to:Technical: botnets and C&C, exploitation & malware, vulnerability research, design & attack surface,  attacker MO, deployment of defensive measures, (inter)networking and operations, metrics & measurements, field-related (privacy, cryptography, ..), domain-related (IoT, ICS/SCADA, mobile, medical, automotive, ..)Incident response: monitoring and detection, information sharing, threat intelligence, CSIRT maturity, incident handling, cooperation (tactical and operational), incident analysis, coordinated vulnerability disclosure, case studies, lessons learnedGovernance: law enforcement, legal aspects, cross-border collaboration, risk management, public-private partnerships, organizational structures, coordinated vulnerability disclosure, data breaches, supply chain: responsibility & liabilityStrategic issues: cyber security & economic growth, implementing international cyber security strategy, (conflicts of) interest of values in cyber security, future scenarios, the role of the government, cyber espionage & future economic impact, incentives in cyber securityHuman factor: offenders, victims, social engineering, insider threat, post awareness, education and training, privacyResearch & innovation: completed and ongoing cyber security research (fundamental and applied) and innovationProposal requirementsPresentation proposals (maximum one page) should consist of:Title and abstractType of presentation (e.g. lecture, panel, demo and interactive aspects such as Q&A’s or real time polling)Aim of the presentation. What’s in it for the audience (public and private sector)?Target audience (e.g. technical specialists, analysts, policy makers)Short bio of the speakerAll presentations are in English, commercial presentations are excluded.Proposals can be submitted to speakers@one-conference.nlImportant datesDeadline for submission: Friday 15 June 2018Presenter notification: Wednesday 15 August 2018Conference: Tuesday 2 & Wednesday 3 October 2018 The One Conference 2018 is organized by the Ministry of Justice and Security and the Ministry of Economic Affairs and Climate Policy.

The deadline for PoPETs 2019, Issue 1 is three weeks away: May 31 (11:59PM Samoa Time, UTC-11), 2018.  PoPETs/PETS now has 4 deadlines a year; submit whenever you feel ready! Read the CFP below for more details on our hybrid journal/symposium model, which includes the option to resubmit with major revisions to a subsequent deadline. See the web site (https://petsymposium.org/) for full information, including submission guidelines (https://petsymposium.org/authors.php). Papers must be submitted via the submission server for Issue 1 at: https://submit.petsymposium.org/2019.1/ We look forward to your submissions!Call for Papers19th Privacy Enhancing Technologies Symposium (PETS 2019) Stockholm, Sweden General information: https://petsymposium.org/ Submission server: https://submit.petsymposium.org/2019.1/  The annual Privacy Enhancing Technologies Symposium (PETS) brings together privacy experts from around the world to present and discuss recent advances and new perspectives on research in privacy technologies. The 19th PETS event will be organized by KTH and held in Stockholm, Sweden 2019 (exact dates TBD). Papers undergo a journal-style reviewing process and accepted papers are published in the journal Proceedings on Privacy Enhancing Technologies (PoPETs).PoPETs, a scholarly, open access journal for timely research papers on privacy, has been established as a way to improve reviewing and publication quality while retaining the highly successful PETS community event. PoPETs is published by De Gruyter Open, the world's second largest publisher of open access academic content, and part of the De Gruyter group, which has over 260 years of publishing history. PoPETs does not have article processing charges (APCs) or article submission charges.Submitted papers to PETS/PoPETs should present novel practical and/or theoretical research into the design, analysis, experimentation, or fielding of privacy-enhancing technologies.Authors can submit papers to PoPETs four times a year, every three months, and are notified of the decisions about two months after submission. In addition to accept and reject decisions, papers may receive 'resubmit with major revisions decisions', in which case authors are invited to revise and resubmit their article to one of the following two issues. We endeavor to assign the same reviewers to revised versions. Papers accepted for an issue in the PoPETS 2019 volume must be presented at the symposium PETS 2019.Submit papers for PoPETs 2019, Issue 1 at https://submit.petsymposium.org/2019.1/. Submitted papers must be anonymized, and may be at most 15 pages excluding bibliography and appendices and 20 pages total. Reviews are double blind. Please see the submission guidelines at https://petsymposium.org/authors.php#submission-guidelines and view our FAQ at https://petsymposium.org/faq.php for more information about the process.Important Dates for PETS 2019 Issue 1All deadlines are 23:59:59 American Samoa time (UTC-11) Paper submission deadline: May 31, 2018 (firm) Rebuttal period: July 9 -- 11, 2018 Author notification: August 1, 2018 Camera-ready deadline for accepted papers and minor revisions (if accepted by the shepherd): September 15, 2018Authors invited to resubmit with major revisions can submit the revised (full) paper two weeks after the stated deadline. Such papers must, however, be registered with an abstract by the usual deadline. All other papers than these major revision resubmissions must be submitted by the stated deadline, including papers submitted to and rejected from previous issues. To benefit from the two-week deadline extension, major revisions must be submitted to one of the two issues following the decision. Major revisions submitted to later issues are treated as new submissions, due by the regular deadline and possibly assigned to new reviewers.Suggested topics include but are not restricted to:Behavioural targetingBlockchain technologies applied to privacyBuilding and deploying privacy-enhancing systemsCrowdsourcing for privacyCryptographic tools for privacyData protection technologiesDifferential privacyEconomics of privacy and game-theoretical approaches to privacyEmpirical studies of privacy in real-world systemsForensics and privacyHuman factors, usability and user-centered design for PETsInformation leakage, data correlation and generic attacks to privacyInterdisciplinary research connecting privacy to economics, law, ethnography, psychology, medicine, biotechnology, human rightsLocation and mobility privacyMachine learning and privacyMeasuring and quantifying privacyMobile devices and privacyObfuscation-based privacyPolicy languages and tools for privacyPrivacy in cloud and big-data applicationsPrivacy in social networksPrivacy-enhanced access control, authentication, and identity management Profiling and data miningReliability, robustness, and abuse prevention in privacy systemsSurveillance Systems for anonymous communications and censorship resistanceTraffic analysisTransparency enhancing tools Web privacy We also solicit Systematization of Knowledge (SoK) papers on any of this topics. To be suitable for publication, SoK articles must provide an added value beyond a literature review, such as novel insights, identification of research gaps, or challenges to commonly held assumptions. General Chair (gc19@petsymposium.org)Panos Papadimitratos, KTHSimone Fischer-Hübner, Karlstad University Program Chairs/Co-Editors-in-Chief (pets19-chairs@petsymposium.org) Carmela Troncoso, EPFLKostas Chatzikokolakis, CNRS Program Committee/Editorial Board:Ruba Abu-Salma, UCLGunes Acar, Princeton UniversitySadia Afroz, ICSI / BerkeleyWilliam Aiello, University of British ColumbiaMashael Al-Sabah, Qatar UniversityMario Alvim, Universidade Federal de Minas GeraisAbdelrahaman Aly, KU LeuvenHadi Asghari, TU DelftShehar Bano, University College LondonKevin Bauer, MIT Lincoln LaboratoryLujo Bauer, Carnegie Mellon UniversityCecylia Bocovich, University of WaterlooNikita Borisov, UIUCBogdan Carbunar, Florida International UniversityMelissa Chase, Microsoft ResearchChristopher Clifton, Purdue UniversityScott Coull, FireEyeJed Crandall, University of New MexicoAnupam Das, Carnegie Mellon UniversityRinku Dewri, University of DenverClaudia Diaz, KU LeuvenSerge Egelman, ICSI / BerkeleyTariq Elahi, KU Leuven Ittay Eyal, TechnionJulien Freudiger, AppleSébastien Gambs, Université du Québec à Montréal (UQAM)Yossi Gilad, MITRachel Greendstat, Drexel UniversityJens Grossklags, Technical UniversityMunich Amir Herzberg, Bar Ilan UniversityNick Hopper, University of MinnesotaAmir Houmansadr, University of MassachusettsAmherst Yan Huang, Indiana University BloomingtonKévin Huguenin, Université de LausanneRob Jansen, U.S. Naval Research LaboratoryMobin Javed, Lahore University of Management Sciences and ICSIPhilipp Jovanovic, EPFL Peter Kairouz, Stanford universityApu Kapadia, Indiana University BloomingtonAniket Kate, Purdue UniversityStefan Katzenbeisser, TU DarmstadtFlorian Kershbaum, University of WaterlooBoris Koepf, IMDEA Software InstituteYoshi Kohno, University of WashingtonPonnurangam Kumaraguru, IIIT DelhiAlptekin Küpçü, Koç University Susan Landau, Tufts UniversityDouglas Leith, Trinity College DublinJanne Lindqvist, Rutgers UniversityChang Liu, BerkeleyWouter Lueks, EPFLAshwin Machanavajjhala, Duke UniversityIvan Martinovic, University of Oxford Nick Mathewson, Tor ProjectMichelle Mazurek, University of MarylandSusan McGregor, Tow Center for Digital Journalism & Columbia Journalism SchoolSarah Meiklejohn, UCL Alan Mislove, Northeastern UniversityPrateek Mittal, Princeton UniversityTakao Murakami, National Institute of Advanced Industrial Science and Technology (AIST)Steven Murdoch, University College LondonArvind Narayanan, Princeton UniversityMelek Onen, EURECOMCristina Onete, University of Limoges / XLIMClaudio Orlandi, Aarhus University Rebekah Overdorf, KU LeuvenCatuscia Palamidessi, Inria Panagiotis Papadimitratos, KTH Charalampos Papamanthou, University of MarylandPaul Pearce, UC BerkeleyFabian Prasser, TU MunichBart Preneel, KU LeuvenAnanth Raghunathan, GoogleJoel Reardon, University of CalgaryAlfredo Rial, University of LuxembourgFranziska Roesner, University of WashingtonThomas Roessler, GoogleStefanie Roos, University of WaterlooAhmad-Reza Sadeghi, Technische University DarmstadtPeter Schwabe, Radboud University NijmegenZubair Shafiq, University of IowaReza Shokri, National University of Singapore Claudio Soriente, NECAnna Squicciarini, Penn State University Nick Sullivan, CloudflarePaul Syverson, U.S. Naval Research LaboratoryNina Taft, GoogleDoug Tygar, UC Berkeley Narseo Vallina, IMDEA Networks InstituteJoris Van Hoboken, Vrije Universiteit Brussels / University of AmsterdamEugene Vasserman, Kansas State UniversityTara Whalen, Google Philipp Winter, Princeton UniversityMatthew Wright, RITThomas Zacharias, University of EdinburghBen Zhao, University of Chicago Submission GuidelinesFor full details of submission guidelines please refer to: https://petsymposium.org/authors.php#submission-guidelines. Papers not following these instructions risk being rejected without consideration of their merits! Andreas Pfitzmann Best Student Paper Award The Andreas Pfitzmann PETS 2019 Best Student Paper Award will be selected at PETS 2019. Papers written solely or primarily by a student who is presenting the work at PETS 2019 are eligible for the award. Submission Papers must be submitted via the PETS 2019 submission server. The URL for Issue 1 is: https://submit.petsymposium.org/2019.1/. HotPETsAs with the last several years, part of the symposium will be devoted to HotPETs -- the "hottest," most exciting research ideas still in a formative state. Further information will be published on the PETS 2019 website soon.

ACM Digital Threats: Research and Practice (DTRAP) is a peer-reviewed journal that targets the prevention, identification, mitigation, and elimination of digital threats. DTRAP promotes the foundational development of scientific rigor in digital security by bridging the gap between academic research and industry practice. Accordingly, the journal welcomes the submission of scientifically rigorous manuscripts that address extant digital threats, rather than laboratory models of potential threats. To be accepted for publication, manuscripts must demonstrate scientific rigor and present results that are reproducible.DTRAP invites researchers and practitioners to submit manuscripts that present scientific observations about the identification, prevention, mitigation, and elimination of digital threats in all areas, including computer hardware, software, networks, robots, industrial automation, firmware, digital devices, etc. For articles involving analysis, the journal requires the use of relevant data and the demonstration of the importance of the results. For articles involving the results of structured observation such as experimentation and case studies, the journal requires explicit inclusion of rigorous practices; for example, experiments should clearly describe why internal validity, external validity, containment, and transparency hold for the experiment described.For further information and to submit your paper, visit https://mc.manuscriptcentral.com/dtrap or write to dtrap-editors@acm.org. Digital Threats Announcement March 2018 (pfd)

Cybercrime: interdisciplinary approaches to cutting crime and victimisation in cyber space‘Cybercrime’ has developed from the old narrower concepts of computer crime and e-crime into a much broader concept covering many different forms of criminal activity in cyber space. Although some law enforcement agencies use ‘cyber-dependent crime’ and ‘cyber-enabled crime’ to classify cybercrime, the boundary between cybercrime and traditional forms of crime has never been clear cut and is becoming increasingly blurred due to the level of hyper-connectivity in today’s highly digitized and networked world. The ubiquitous use of the Internet and smart mobile devices in people’s everyday lives, the wide adoption of cloud based services by industry and government, and, for example, the advent of the Internet of Things (IoT), the Internet of Everything (IoE), and the Cyber-Physical Systems (CPSs), lead to the widely accepted belief that almost all criminal activities have some cyber elements. As a consequence, digital forensics (or cyber forensics) have become an essential part of almost all crime investigation processes of law enforcement around the world.In the last two decades or so, a lot of research has been done on cybercrime. However, there is a clear fragmentation problem: researchers in different disciplines (e.g. criminology and computer science) tend to publish their work in their own fields and do not write for a wider audience. This has been changing recently due to the creation of some interdisciplinary outlets such as the Crime Science Journal, but it is still rare to see research papers on cybercrime that target a truly interdisciplinary audience with both researchers and practitioners in mind. Crime science focuses on improving the detection, prevention and understanding of crime and disorder.This special issue is one of the first attempts to bring together cybercrime researchers from different fields by encouraging them to publish papers on cutting cybercrime that can benefit researchers and practitioners from a wider spectrum including crime science and computer science. https://www.springeropen.com/collections/CYCREdited byShujun Li, Professor of Cyber Security, School of Computing, University of Kent, UK – Lead Guest EditorMichael Levi, Professor of Criminology, School of Social Sciences, Cardiff University, UK – Guest Co-EditorDavid Maimon, Associate Professor, Department of Criminology and Criminal Justice, University of Maryland, USA – Guest Co-EditorKim-Kwang Raymond Choo, Cloud Technology Endowed Associate Professor, Department of Information Systems and Cyber Security, University of Texas at San Antonio, USA – Guest Co-EditorGianluca Stringhini, Senior Lecturer (Associate Professor), Department of Computer Science & Department of Security and Crime Science, University College London (UCL), UK – Guest Co-Editor ResearchVictims of cybercrime in Europe: a review of victim surveysReview the evidence provided by victim surveys in order to provide a rough estimate of the personal crime prevalence of the main types of cybercrime.Authors:Carin M. M. Reep-van den Bergh and Marianne JungerCitation:Crime Science 2018 7:5Published on: 4 April 2018ViewFull TextViewPDF  

3rd Interdisciplinary Summer school on Privacy (ISP 2018)  July 9-13, 2018, Berg en Dal / Nijmegen (The Netherlands) Theme:  AI, Algorithms & Privacy. We invite doctoral researchers working on privacy, data protection, security, surveillance and ethics to participate in the second Interdisciplinary Summer school on Privacy (ISP 2018) to be held from July 9 - July 13, 2018 in Berg en Dal (The Netherlands), close to Radboud University (Nijmegen).https://isp.cs.ru.nl # Teachers Mireille Hildebrandt (VUB / Radboud University)Julia Powels (University of Cambridge)Paul Dourish (University of California, Irvine)Christian Sandvig (University of Michigan)Lina Dencik (Cardiff University)Malte Ziewitz (Cornell UniversityRobin Pierce (Tilburg University)Martijn van Otterlo (Tilburg University)Krishna Gummadi (Max Planck Institute) # Background of the summerschoolThe interdisciplinary summerschool on privacy (ISP) provides an intensive one week academic post-graduate programme teaching privacy from a technical, legal and social perspective. The goal of the summerschool is to provide students with a solid background in the theory of privacy construction, modelling and protection from these three different perspectives. It also aims to help them to establish a first international network with peers and senior academics across these disparate disciplines. Participants of the summerschool are awarded two ECTS (study credits) and receive a certificate of attendance issued by the Radboud University attesting this.For more information https://isp.cs.ru.nl# Theme: AI, Algorithms & PrivacyThe theme "AI, Algorithms & Privacy" addresses the privacy issues that arise from the use of Artificial Intelligence and machine learning algorithms, and studies how to address these issues. Topics within this theme are e.g. transparency, discrimination, and adversarial learning.# FormatThe summer school is interdisciplinary, involving the following disciplines: computer science, law and social sciences / media and communication studies. The school lasts one week, with nine scheduled lectures (five morning lectures and four afternoon lectures) of two hours each. These nine lectures are equally distributed over the three disciplines, with top-notch lectures from each of the disciplines. The lectures will lay the grounds for an interdisciplinary conversation among students and lecturers coming from a variety of backgrounds.The remaining time is used for hands on working group sessions to study practical cases. The cases will be offered by businesses, governments, government related institutions (like DPAs) and civil society/NGOs.Groups of six students, ideally two from each discipline, are formed to tackle the cases and report back on their results in a plenary session.The school is held in a location that encourages dialogue and social interactions between both the staff and the students, both during lectures and in the evening. Staff (i.e. lecturers) are encouraged to stay at the summer school for the whole length of the school. The summer school is foremost aimed at PhD students from computer science, law and social sciences.# Practical InformationThe summer school is held at http://www.hotelerica.nl, Berg en Dal, The Netherlands. The hotel is well equipped and ideally situated in the woods close to Nijmegen, and easily reached by bus from Nijmegen train station. Nijmegen has direct train connections with Schiphol, the Dutch national airport.## RegistrationVisit the following web page to register:https://isp.cs.ru.nl/registration.php We offer the following options.- Single room: € 950 (late: € 1050)- Shared room: € 725 (late: € 825)- No room (lunch/school only): € 516 (late: € 616)    (for local people who do not need accommodation)Payment by credit card accepted. Early registration fees expire on May 1. Admission after June 1 subject to availability. Registration may close earlier if the maximum number of participants (40) is reached.## StipendsA limited number of stipends is available. To see whether you would qualify for a stipend, and to start the application process, see https://isp.cs.ru.nl/stipends.php## ContactFor further information please consult our website https://isp.cs.ru.nl or contact us by email at summerschool@pilab.nl## Organiser- Jaap-Henk Hoepman (Radboud University /PI.lab) ## Steering CommitteeClaudia Diaz (KU Leuven / imec),Seda Gürses (KU Leuven / imec),Eleni Kosta (TILT - Tilburg University / PI.lab),Jo Pierson (Vrije Universiteit Brussel / imec), andThorsten Strufe (TU Dresden) ## Supported byPI.lab - The Privacy & Identity Lab.imecRadboud University (more support to be announced soon)