Research page Wolter Pieters

Socio-technical cyber security metrics, Information ethics, Adversarial risk management

(Picture by Angela Bloemsaat / TedXEde)

Assistant professor cyber risk

Safety & Security Science Group

Faculty of Technology, Policy and Management

Delft University of Technology

phone: +31 15 27 88989

e-mail: [initial] dot [lastname] at [universitydomain] dot nl

My research focuses on cyber security risk management in complex systems. I work with qualitative and quantitative socio-technical security models, attack models, and attack graphs, to discover and prioritise weaknesses, and evaluate countermeasures. In relation to such decision support, I am also interested in the ethics of cyber security. I address electronic voting, cloud computing and electricity infrastructures as cases.

Selected recent publications: theory

Socio-technical security metrics

Bullee, J.H. and Montoya Morales, A.L. and Pieters, W. and Junger, M. and Hartel, P.H. (2015) The persuasion and security awareness experiment: reducing the success of social engineering attacks. Journal of Experimental Criminology, 11 (1). pp. 97-115. ISSN 1573-3750 *** ISI Impact 1,55 ***

Pieters, W. and Padget, J. and Dechesne, F. and Dignum, V. and Aldewereld, H. (2014) Effectiveness of qualitative and quantitative security obligations. Journal of Information Security and Applications, to appear. pp. 1-14. ISSN 2214-2126

Arnold, F. and Pieters, W. and Stoelinga, M.I.A. (2013) Quantitative penetration testing with item response theory. In: 9th International Conference on Information Assurance and Security, IAS 2013, 4-6 Dec 2013, Gammarth, Tunisia. pp. 49-54. IEEE. ISBN 978-1-4799-2989-4

Pieters, W. and Dimkov, T. and Pavlovic, D. (2013) Security policy alignment: A formal approach. IEEE Systems Journal. ISSN 1932-8184

Pieters, W. and Van der Ven, S.H.G. and Probst, C.W. (2012) A move in the security measurement stalemate: Elo-style ratings to quantify vulnerability. In: NSPW '12: Proceedings of the 2012 New security paradigms workshop, 18-21 Sep 2012, Bertinoro, Italy. pp. 1-14 ACM. 978-1-4503-1794-8

Security ethics

Pieters, W. and Hadžiosmanovic, D. and Dechesne, F. (2014) Cyber Security as Social Experiment. In: NSPW '14 Proceedings of the 2014 workshop on New Security Paradigms, NSPW 2014, 15-18 Sep. 2014, Victoria, BC, Canada. pp. 15-24. ACM. ISBN 978-1-4503-3062-6

Pieters, W. (2013) On thinging things and serving services: technological mediation and inseparable goods. Ethics and information technology, 15 (3). pp. 195-208. ISSN 1388-1957 *** ISI Impact 0,85 ***

Pieters, W. (2011) The (social) construction of information security. The Information Society, 27 (5). pp. 326-335. ISSN 0197-2243 *** ISI Impact 1,111 ***

Pieters, W. and Coles-Kemp, L. (2011) Reducing normative conflicts in information security. In: NSPW '11: Proceedings of the 2011 New security paradigms workshop, 12-15 Sep 2011, Marin County, CA. pp. 11-24. ACM. ISBN 978-1-4503-1078-9

Pieters, W. (2010) Reve{a,i}ling the risks: a phenomenology of information security Techné: Research in Philosophy and Technology, 14 (3). pp. 176-188. ISSN 1091-8264

Pieters, W. and van Cleeff, A. (2009) The Precautionary Principle in a World of Digital Dependencies. IEEE Computer, 42 (6). pp. 50-56. ISSN 0018-9162 *** ISI Impact 2,205 ***

Adversarial risk management

Herley, C. and Pieters, W. (2015) “If you were attacked, you’d be sorry”: Counterfactuals as security arguments. In: New Security Paradigm Workshop (NSPW), 8-11 Sept 2015, Twente, Netherlands. pp. 112-123. ACM. ISBN 978-1-4503-3754-0

van der Wagen, W. and Pieters, W. (2015) From Cybercrime to Cyborg Crime: Botnets as Hybrid Criminal Actor-Networks. British journal of Criminology, 55 (2). pp. 1-18. ISSN 0007-0955 *** ISI Impact 1,56 ***

Pieters, W. and Davarynejad, M. (2015) Calculating Adversarial Risk from Attack Trees: Control Strength and Probabilistic Attackers. In: 9th International Workshop on Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance (DPM), 10-11 Sep 2014, Wroclaw, Poland. pp. 201-215. Lecture Notes in Computer Science 8872 . Springer. ISSN 0302-9743 ISBN 978-3-319-17015-2

Pieters, W. and Probst, C.W. and Lukszo, S. and Montoya Morales, A.L. (2014) Cost-effectiveness of Security Measures: A model-based Framework. In: Approaches and Processes for Managing the Economics of Information Systems. IGI Global, Hershey, PA, USA, pp. 139-156. ISBN 978-1-4666-4983-5

Kulikova, O. and Heil, R. and van den Berg, Jan and Pieters, W. (2012) Cyber crisis management: a decision-support framework for disclosing security incident information. In: International Conference on Cyber Security, CyberSecurity 2012, 14-16 Dec 2012, Washington, USA. pp. 103-112. Cyber Security (CyberSecurity), 2012 International Conference . IEEE Computer Society. ISBN 978-1-4799-0219-4

Selected recent publications: applications

Cloud security

Pieters, W. (2013) Defining "The Weakest Link": Comparative Security in Complex Systems of Systems. In: 2013 IEEE 5th International Conference on Cloud Computing Technology and Science, 2-5 Dec 2013, Bristol, United Kingdom. pp. 39-44. IEEE Computer Society. ISBN 978-0-7695-5095-4

Bleikertz, S. and Mastelic, T. and Pape, S. and Pieters, W. and Dimkov, T. (2013) Defining the cloud battlefield - supporting security assessments by cloud customers. In: International Conference on Cloud Engineering (IC2E 2013), 25-27 Mar 2013 , Redwood City, CA . pp. 78-87. IEEE Computer Society. ISBN 978-1-4673-6473-7

Probst, C.W. and Sasse, A.M. and Pieters, W. and Dimkov, T. and Luysterborg, E. and Arnaud, M. (2012) Privacy penetration testing -- how to establish trust in your cloud provider. In: European Data Protection: In Good Health? International, Foreign and Comparative Law XVIII. Springer, London, pp. 251-266. ISBN 978-94-007-2902-5

Pieters, W. (2011) Security and privacy in the clouds: a bird's eye view. In: Computers, Privacy and Data Protection: an Element of Choice. Springer, Dordrecht, pp. 445-457. ISBN 978-94-007-0640-8

van Cleeff, A. and Pieters, W. and Wieringa, R.J. (2009) Security Implications of Virtualization: A Literature Study. In: 2009 IEEE International Conference on Computational Science and Engineering (CSE09), volume 3, 29 Aug - 31 Aug, Vancouver, BC, Canada. pp. 353-358. IEEE Computer Society. ISBN 978-0-7695-3823-5

Security in electronic voting

Pieters, W. (2011) How devices transform voting. In: Innovating Government. Normative, policy and technological dimensions of modern government. Information Technology and Law Series 20. T.M.C. Asser Press, The Hague, pp. 439-452. ISSN 1570-2782 ISBN 978-90-6704-730-2

van Cleeff, A. and Dimkov, T. and Pieters, W. and Wieringa, R.J. (2011) Realizing Security Requirements with Physical Properties: A Case Study on Paper Voting. In: Proceedings of the International Conference on IT Convergence and Security (ICITCS 2011), December 14 -16, 2011, Suwon, South Korea. pp. 51-67. Lecture Notes in Electrical Engineering 120. Springer Verlag. ISSN 1876-1100 ISBN 978-94-007-2910-0 *** best paper award ***

Jonker, H.L. and Pieters, W. (2010) Anonymity in voting revisited. In: Towards Trustworthy Elections: New Directions in Electronic Voting. Lecture Notes in Computer Science 6000. Springer Verlag, Berlin, pp. 216-230. ISBN 978-3-642-12979-7

Langer, L. and Jonker, H.L. and Pieters, W. (2010) Anonymity and Verifiability in Voting: Understanding (Un)Linkability. In: 12th International Conference Information and Communications Security, ICICS 2010, 15-17 Dec 2010, Barcelona, Spain. pp. 296-310. Lecture Notes in Computer Science 6476. Springer Verlag. ISSN 0302-9743 ISBN 978-3-642-17649-4

Pieters, W. (2010) Verifiability of electronic voting: between confidence and trust. In: Data Protection in a Profiled World. Springer, Dordrecht, pp. 157-175. ISBN 978-90-481-8864-2

Grid security

Dechesne, F. and Hadžiosmanovic, D. and Pieters, W. (2014) Experimenting with Incentives: Security in Pilots for Future Grids. IEEE Security & Privacy, 12 (6). pp. 59-66. ISSN 1540-7993 *** ISI Impact 0,96 ***

Socio-technical security metrics Bullee, J.H. and Montoya Morales, A.L. and Pieters, W. and Junger, M. and Hartel, P.H. (2015) The persuasion and security awareness experiment: reducing the success of social engineering attacks. Journal of Experimental Criminology, 11 (1). pp. 97-115. ISSN 1573-3750 * ISI Impact 1,55 * Pieters, W. and Padget, J. and Dechesne, F. and Dignum, V. and Aldewereld, H. (2014) Effectiveness of qualitative and quantitative security obligations. Journal of Information Security and Applications, to appear. pp. 1-14. ISSN 2214-2126 Arnold, F. and Pieters, W. and Stoelinga, M.I.A. (2013) Quantitative penetration testing with item response theory. In: 9th International Conference on Information Assurance and Security, IAS 2013, 4-6 Dec 2013, Gammarth, Tunisia. pp. 49-54. IEEE. ISBN 978-1-4799-2989-4 Pieters, W. and Dimkov, T. and Pavlovic, D. (2013) Security policy alignment: A formal approach. IEEE Systems Journal. ISSN 1932-8184 Pieters, W. and Van der Ven, S.H.G. and Probst, C.W. (2012) A move in the security measurement stalemate: Elo-style ratings to quantify vulnerability. In: NSPW '12: Proceedings of the 2012 New security paradigms workshop, 18-21 Sep 2012, Bertinoro, Italy. pp. 1-14 ACM. 978-1-4503-1794-8	Security ethics Pieters, W. and Hadžiosmanovic, D. and Dechesne, F. (2014) Cyber Security as Social Experiment. In: NSPW '14 Proceedings of the 2014 workshop on New Security Paradigms, NSPW 2014, 15-18 Sep. 2014, Victoria, BC, Canada. pp. 15-24. ACM. ISBN 978-1-4503-3062-6 Pieters, W. (2013) On thinging things and serving services: technological mediation and inseparable goods. Ethics and information technology, 15 (3). pp. 195-208. ISSN 1388-1957 * ISI Impact 0,85 * Pieters, W. (2011) The (social) construction of information security. The Information Society, 27 (5). pp. 326-335. ISSN 0197-2243 * ISI Impact 1,111 * Pieters, W. and Coles-Kemp, L. (2011) Reducing normative conflicts in information security. In: NSPW '11: Proceedings of the 2011 New security paradigms workshop, 12-15 Sep 2011, Marin County, CA. pp. 11-24. ACM. ISBN 978-1-4503-1078-9 Pieters, W. (2010) Reve{a,i}ling the risks: a phenomenology of information security Techné: Research in Philosophy and Technology, 14 (3). pp. 176-188. ISSN 1091-8264 Pieters, W. and van Cleeff, A. (2009) The Precautionary Principle in a World of Digital Dependencies. IEEE Computer, 42 (6). pp. 50-56. ISSN 0018-9162 * ISI Impact 2,205 *

Adversarial risk management Herley, C. and Pieters, W. (2015) “If you were attacked, you’d be sorry”: Counterfactuals as security arguments. In: New Security Paradigm Workshop (NSPW), 8-11 Sept 2015, Twente, Netherlands. pp. 112-123. ACM. ISBN 978-1-4503-3754-0 van der Wagen, W. and Pieters, W. (2015) From Cybercrime to Cyborg Crime: Botnets as Hybrid Criminal Actor-Networks. British journal of Criminology, 55 (2). pp. 1-18. ISSN 0007-0955 * ISI Impact 1,56 * Pieters, W. and Davarynejad, M. (2015) Calculating Adversarial Risk from Attack Trees: Control Strength and Probabilistic Attackers. In: 9th International Workshop on Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance (DPM), 10-11 Sep 2014, Wroclaw, Poland. pp. 201-215. Lecture Notes in Computer Science 8872 . Springer. ISSN 0302-9743 ISBN 978-3-319-17015-2 Pieters, W. and Probst, C.W. and Lukszo, S. and Montoya Morales, A.L. (2014) Cost-effectiveness of Security Measures: A model-based Framework. In: Approaches and Processes for Managing the Economics of Information Systems. IGI Global, Hershey, PA, USA, pp. 139-156. ISBN 978-1-4666-4983-5 Kulikova, O. and Heil, R. and van den Berg, Jan and Pieters, W. (2012) Cyber crisis management: a decision-support framework for disclosing security incident information. In: International Conference on Cyber Security, CyberSecurity 2012, 14-16 Dec 2012, Washington, USA. pp. 103-112. Cyber Security (CyberSecurity), 2012 International Conference . IEEE Computer Society. ISBN 978-1-4799-0219-4

Cloud security Pieters, W. (2013) Defining "The Weakest Link": Comparative Security in Complex Systems of Systems. In: 2013 IEEE 5th International Conference on Cloud Computing Technology and Science, 2-5 Dec 2013, Bristol, United Kingdom. pp. 39-44. IEEE Computer Society. ISBN 978-0-7695-5095-4 Bleikertz, S. and Mastelic, T. and Pape, S. and Pieters, W. and Dimkov, T. (2013) Defining the cloud battlefield - supporting security assessments by cloud customers. In: International Conference on Cloud Engineering (IC2E 2013), 25-27 Mar 2013 , Redwood City, CA . pp. 78-87. IEEE Computer Society. ISBN 978-1-4673-6473-7 Probst, C.W. and Sasse, A.M. and Pieters, W. and Dimkov, T. and Luysterborg, E. and Arnaud, M. (2012) Privacy penetration testing -- how to establish trust in your cloud provider. In: European Data Protection: In Good Health? International, Foreign and Comparative Law XVIII. Springer, London, pp. 251-266. ISBN 978-94-007-2902-5 Pieters, W. (2011) Security and privacy in the clouds: a bird's eye view. In: Computers, Privacy and Data Protection: an Element of Choice. Springer, Dordrecht, pp. 445-457. ISBN 978-94-007-0640-8 van Cleeff, A. and Pieters, W. and Wieringa, R.J. (2009) Security Implications of Virtualization: A Literature Study. In: 2009 IEEE International Conference on Computational Science and Engineering (CSE09), volume 3, 29 Aug - 31 Aug, Vancouver, BC, Canada. pp. 353-358. IEEE Computer Society. ISBN 978-0-7695-3823-5	Security in electronic voting Pieters, W. (2011) How devices transform voting. In: Innovating Government. Normative, policy and technological dimensions of modern government. Information Technology and Law Series 20. T.M.C. Asser Press, The Hague, pp. 439-452. ISSN 1570-2782 ISBN 978-90-6704-730-2 van Cleeff, A. and Dimkov, T. and Pieters, W. and Wieringa, R.J. (2011) Realizing Security Requirements with Physical Properties: A Case Study on Paper Voting. In: Proceedings of the International Conference on IT Convergence and Security (ICITCS 2011), December 14 -16, 2011, Suwon, South Korea. pp. 51-67. Lecture Notes in Electrical Engineering 120. Springer Verlag. ISSN 1876-1100 ISBN 978-94-007-2910-0 * best paper award * Jonker, H.L. and Pieters, W. (2010) Anonymity in voting revisited. In: Towards Trustworthy Elections: New Directions in Electronic Voting. Lecture Notes in Computer Science 6000. Springer Verlag, Berlin, pp. 216-230. ISBN 978-3-642-12979-7 Langer, L. and Jonker, H.L. and Pieters, W. (2010) Anonymity and Verifiability in Voting: Understanding (Un)Linkability. In: 12th International Conference Information and Communications Security, ICICS 2010, 15-17 Dec 2010, Barcelona, Spain. pp. 296-310. Lecture Notes in Computer Science 6476. Springer Verlag. ISSN 0302-9743 ISBN 978-3-642-17649-4 Pieters, W. (2010) Verifiability of electronic voting: between confidence and trust. In: Data Protection in a Profiled World. Springer, Dordrecht, pp. 157-175. ISBN 978-90-481-8864-2

Grid security Dechesne, F. and Hadžiosmanovic, D. and Pieters, W. (2014) Experimenting with Incentives: Security in Pilots for Future Grids. IEEE Security & Privacy, 12 (6). pp. 59-66. ISSN 1540-7993 * ISI Impact 0,96 *