TSAS counts many stars amongst its research affiliates and Professor Benoit Dupont stands out as a particularly brilliant one. A professor at Université de Montréal, he is the director of the Centre for Comparative Criminology and holds the Canada Research Chair in Security, Identity and Technology. He was recently awarded $1.6 million by the government of Canada’s Networks of Centres of Excellence for his network of experts in cyber security known as SERENE – RISC, the Smart cybERsEcurity Network.
Professor Dupont received his PhD in political science 13 years ago. During his studies, Dupont found that political science had a blind spot. It was missing an important element – that of policing, and policing intrigued him. “Political science had little to offer in this area”, says Dupont. “This discipline is not interested in the most important institution in liberal society today, which is the police force. The police is the front line institution offering order and safety to people in our society.”
Consequently, Dupont turned his research focus to criminology and the manner in which police interact with people. He was also interested in how technology develops and shapes society and he began to integrate technology into his policing and security research with the Canada Chair application.
After 10 years of focusing on policing Dupont shifted his research completely to cyber security and cybercrime, studying how people learn to become hackers and how they build trust between themselves. Dupont explains, “Hackers have to learn online, and to trust people they’ve never met before. I analyze their conversations and the hard drives of those people who have been arrested. I try to measure how they develop their knowledge and success and to learn what motivates them to become hackers.”
With the recent award from Canada’s Networks of Centres of Excellence (– a funding agency that brings SSHRC, NSERC and the Health Research Council together) Dupont has established SERENE, a multidisciplinary network of cybersecurity academics who are focused on improving the security of Canadian citizens. They will collaborate with government agencies responsible for the implementation of cybersecurity and with private companies that protect critical infrastructure and telecommunications businesses to fuse dispersed knowledge to help people implementing cybersecurity to be more effective.“We’re looking at increasing the resilience of the digital ecosystem overall by improving technical practices and addressing social and regulatory issues,” explains Dupont.
Dupont sees it as a knowledge mobilization network that is not producing new knowledge but rather trying to craft a message around existing knowledge without betraying the integrity of those who produced the research. He wants to make this knowledge available to policymakers and business people in order to make it useful to society as a whole. “There’s still a lot of work to do in this area,” notes Dupont. Researchers will share their expertise through workshops, online databases, professional development programs, and TV shows.
On a macro level Dupont studies the cybersecurity policies of other countries and compares them to Canadian policies. He looks at private-public partnerships that serve to protect people from hackers. Dupont believes that the private sector is well equipped to establish cyber protection programs stating that, “internet providers could play a bigger role in cybersecurity if they were to include public education and security within their mandates.” Dupont and his team are exploring potential incentives for private companies to do just this.
At a micro level Dupont is studying how hackers organize themselves. Since “they don’t have hierarchical systems. They therefore have to set up systems differently other than on an organized level.”
Dupont and his team of 17 researchers are trying to identify and predict trends that might open bridges between security and new technologies in order to prepare for future risks. But he is convinced that it’s impossible to be completely risk-free and prevent all attacks. There will always be someone who can penetrate the system.
How do we mitigate these compromises and how do we keep trust in our systems? “I’m starting to think more in terms of resilience. And this is where SERENE’s themes converge with those of TSAS. Yes, you need to work on prevention and control but you also need to carry out research on how you work when you haven’t been able to prevent attacks and have been victimized.”
TSAS looks forward to the academic and applied outcomes of SERENE-RISC over the next years to come.