University of Maryland


Faculty, staff, and students from across the UMD iSchool are pushing the boundaries of thought in sociotechnical cybersecurity.

What is sociotechnical cybersecurity (STC)?

Sociotechnical aspects of cybersecurity considers the human element that interacts with the technological for the creation, maintenance, and operation of cybersecurity. STC includes organizational, economic, social, legal, educational, psychological, political, policy, cultural, ecosystem, and other approaches engaging the human and technology interactions needed to secure the space, infrastructure, people and systems within the cyber environment.

Why is STC important?

Purely technical solutions to cybersecurity are insufficient as they do not wholly account for the complex range of users and environments those solutions must address. The U.S. 2016 federal cybersecurity R&D strategic plan named sociotechnical approaches as the path forward for the cybersecurity of systems and infrastructure. The plan called further investigations of STC research, transition to practice, and workforce development

New to the STC space?

In the STC name, we bridge two fields of study–sociotechnical studies and cybersecurity studies. For a primer on the sociotechnical space, we recommend Sawyer & Jarrahi (2014) Sociotechnical approaches to the study of Information Systems (pdf). For cybersecurity grounding, we recommend Craigen et al. (2014) Defining Cybersecurity (pdf).