1 CYBERSECURITY RESEARCH AND INNOVATION FOR A MORE SECURE BRITAIN CYBERSECURITY ISSUE 2.0
2 CYBERSECURITY Research and innovation for a more secure Britain 82 million of current EPSRC investments in research 96 Research projects 27 billion lost through cyber crime 82 billion UK s Internet-related market 6% of the UK s GDP is enabled by the Internet and this is set to grow 93% of large corporations and 76% of small businesses reported a cyber breach in the last year The RCUK Global Uncertainties Programme brings together the activities of the UK s in response to global security challenges to help governments, businesses and societies to better predict, detect, prevent and mitigate threats to society. One such challenge is cybersecurity and EPSRC is taking the lead in investing in research and training to help ensure the UK s citizens, communities and businesses are safe and have the confidence to get the most from cyberspace. Key drivers UK society is increasingly dependent on IT networks. Everything from energy, water, banking and shopping involves use of the Internet or other connected computer systems. More than three quarters of households in the UK now have internet access. It is estimated that there are 2.4 billion users on the Internet across the globe. As mobile devices, especially smartphones, become the norm for internet access and as computers become embedded in everyday devices such as cars and televisions and increasingly communicate via the internet the risks we face will alter and expand in unpredicted and unexpected ways. Reliance on cyberspace creates opportunities for the unscrupulous. Of the 27 billion lost through cyber crime in billion was lost Over the last decade the threat to national security and prosperity from cyber attacks has increased exponentially. Over the decades ahead this trend is likely to continue to increase in scale and sophistication, with enormous implications for the nature of modern conflict. We need to be prepared as a country to meet this growing challenge, building on the advanced capabilities we already have. David Cameron, Prime Minister by individuals (fraud and ID theft) and 21 billion to industry (theft of intellectual property, customer data, price sensitive information). In addition to crime, there are also threats from malicious computer code disrupting government systems, both deliberately and accidentally, and the use of cyber techniques by one nation to bring about political or economic pressure on another. Research will be needed to understand the threats and risks we face, and devise suitable protection, mitigation and adaptation strategies. Opportunities For over 20 years EPSRC has been supporting research and training underpinning cybersecurity. We work in collaboration with other Research Councils and in partnership with key government agencies including GCHQ, CPNI and Dstl. As a result the UK has the world-class research base needed to meet cyber threats and enhance our security. We have expertise in computing, mathematics and the sociological and psychological disciplines that shed light on human behaviour and enable us to build systems which are better designed and easier to use. The UK has attracted many companies involved with the cybersecurity area including multinationals such as Hewlett-Packard, Thales, and Microsoft. These companies and many others actively engage with the UK research community. A safe and resilient IT infrastructure is necessary to ensure that the UK remains a desirable place for businesses to operate. Research Council investment in research and training helps to maintain this position.
3 Our vision is for the UK in 2015 to derive huge economic and social value from a vibrant, resilient and secure cyberspace, where our actions, guided by our core values of liberty, fairness, transparency and the rule of law, enhance prosperity, national security and a strong society. Francis Maude, Minister for the Cabinet Office Research for the future Governments cannot deliver a safer online world. We need to work closely with industry to ensure that safe infrastructure and services can be provided to the public and share information and skills. James Brokenshire, the Minister for Crime & Security. 1 Good cybersecurity requires longterm, underpinning research of the highest quality that can keep pace with the changing environment. For example, in a 900,000 project at the University of Bristol researchers are addressing cloud computing (the ubiquitous, on demand network access to shared computing resources). In particular they are using their expertise in cryptography to find cost-effective, secure ways of accessing data. A strong connection with users to ensure relevance and encourage takeup is an important component of our support. More than 200 collaborators work with the research community we support. They represent organisations in national and local government, law enforcement, civil engineering, ICT, transport, defence and aerospace. Priorities for the future cyber crime: countering the financial and social damage. For example, with total funding of 30m over five years from EPSRC, TSB, InvestNI, Queens University Belfast and industry collaborators, the Centre for Secure Information Technologies (CSIT) brings together research specialist in complementary fields such as data encryption, network security systems and intelligent surveillance technology. Other collaborators include: Altera, BAE Systems, Cisco, Q1Labs and Thales as well as government agencies such as the Home Office, GCHQ, CESG, CPNI and Dstl. EPSRC have worked closely with GCHQ to recognise 11 UK universities as Academic Centres of Excellence in Cyber Security Research (ACE-CSRs) and have also partnered with them to identify two Research Institutes in strategically important subject areas within cybersecurity. Skills for the future Businesses, whether users or systems providers, need access to a skilled workforce able not only to work to minimise the risks, but also to design and implement new more resilient systems. EPSRC s innovative postgraduate training programmes global threats, cyber war, ethics, regulation, policy and legality: understanding the complexity and countering the threats. human factors and usable security: understanding human behaviour as a route to improving the security of systems. risk identification, reduction, mitigation and management: looking at emerging uses of the Internet and the risks associated with them. secure management and use of data: looking at better ways of storing and sharing data as well as considering ethical and legal issues. making systems more resilient: investigating ways to protect infrastructure against malicious attacks. understanding and monitoring systems and networks: understanding system behaviour so abnormal activity can be identified. are providing the next generation of researchers with the skills required. Two Centres for Doctoral Training (CDTs) in cybersecurity have been established jointly by EPSRC and BIS to provide the next generation of researchers with the advanced skills which are so important to the UK s online future. The Oxford University Centre for Doctoral Training in Cyber Security will cover some of the most pressing cyber security challenges our society faces today. The focus is on four key themes: the security of Big Data cyber-physical security effective systems verification and assurance real-time security These themes link to many existing research strengths at Oxford, and extend their horizon into areas where technology is rapidly emerging and raising pressing cyber security concerns. The projects undertaken at the Centre for Doctoral Training in Cyber Security at Royal Holloway will be driven by the problems faced by businesses and government. Among the range of topics they will investigate are: provably-secure ciphersystems and protocols systems engineering and security analysis trusted and trustworthy platforms organisational processes and socio-technical systems Between them the two Centres will graduate more than 60 PhD students over seven years, making a significant contribution to UK capability in this essential area. Every CDT student s training lasts for four years. It involves both masters-level education in a range of subjects addressing key areas of relevance to cyber security and a challenging and original research project. 1 speech at the launch of the International Cyber Security Protection Alliance 5 July 2011
4 PIONEERING A DIGITAL FUTURE s UK Digital Economy Programme PIONEERING A LOW CARBON FUTURE TECHNOLOGY FOR A SUSTAINABLE ECONOMY case Study 03 tunable starch for GreeN CheMistrY 10 years ago PhD research in the University of York s Green Chemistry Centre of Excellence led to the discovery of new high surface area forms of starch. These are useful in applications from chromatography to catalysis. These new materials have remarkable properties which can be tuned from starch-like to carbon-like. Named Starbons (registered trade name), they are the subject of several patent applications and are sold commercially for laboratory use worldwide. Continued EPSRC support is allowing their use in a number of processes including effluent treatment in the pharmaceutical industry as well as studies on process optimisation, scale-up trials and further applications with the chemical industry. Brian Trenbirth, Technical Director of Contract Chemicals a user of the Starbon technology says that they will be delighted to transfer Starbon technology from laboratory through pilot to full scale production. This innovative technology will enable us to diversify our business portfolio thus helping the company to expand. EPSRC is the main UK government agency for funding high-quality basic, strategic and applied research and related postgraduate training in engineering and the physical sciences, to help the nation exploit the next generation of technological change. It invests more than 800 million a year in a broad range of subjects from mathematics to materials science, and from information technology to structural engineering. August 2010 BUSINESS INFRASTRUCTURE INFRASTRUCTURE SUPPORTING THE FUTURE manufacturing ThE future Economic growth made in Britain s UK Energy Programme Issue 2 PIONEERING SKILLS TO BUILD BRITAIN S FUTURE DElIVErIng WITH business Harnessing world-class knowledge for growth and prosperity The RCUK Global Uncertainties Programme brings together the activities of the UK Research Councils in response to global security challenges: poverty (including the effects of inequality & injustice), conflict, transnational crime, environmental stress and terrorism. The programme will help governments, businesses and societies to better predict, detect, prevent and mitigate threats to security. The (EPSRC) leads on the Cybersecurity strand of the RCUK Global Uncertainties Programme. MANUFACTURING ISSUE 2.0 Global production of cement is set to double to over five billion tonnes/year by But the type most commonly used today has a heavy environmental price accounting for five percent of manmade CO2 emissions. Novacem s cement is carbon-negative absorbing CO2 from the atmosphere during manufacture. This is because it isn t limestone based, requires low process temperatures and contains carbon-negative additives. The company has received additional venture funding through the Royal Society Enterprise Fund and is seeking further commercial sponsorship to take the process through to manufacture. d Physical Sciences and Biological uncil (ESRC), the logy Facilities SKILLS engineering and Physical Sciences research council DIGITAL ECONOMY EPSRC funding has played a key role in developing both a new, carbon-negative cement and its manufacturing process. The development is spearheaded by Novacem, a spin-out company from Imperial College London and is also supported by the Technology Strategy Board and the London Development Agency. CYBERSECURITY RESEARCH AND INNOVATION FOR A MORE SECURE BRITAIN GREEN TECHNOLOGY Other statements in the series: CYBERSECURITY CeMeNt set to reduce CArBoN emissions ENERGY case Study 04 INFRASTRUCTURE ng and Physical Sciences Council Other statements in the series
5 CASE STUDY 01 Riding with the White hats A major issue in cyber security is staying ahead of attackers and ensuring that new systems are not vulnerable targets. This is where White hats come in (the term comes from Hollywood westerns where the good guys wear the white hats). The White hats help security companies to find weaknesses that could be exploited. Andy King from the University of Kent used EPSRC funding to spend nine months working with White hats at security firm Portcullis to link his academic computer science research with real threats and vulnerabilities. His work revealed a weakness: the process relies on humans finding the errors. As he says The reasoning is if they can t find the errors then no one else can, but that doesn t mean those errors are not there and cannot be found so it makes sense to automate the process. Andy is now devising computer-based tools that will accelerate the discovery of security flaws. These tools will automate the time-consuming and labour-intensive tasks that have to be undertaken when searching for vulnerabilities. The project will develop programme analysis techniques that will automatically recover information about the behaviour of a programme, and then present it in a digestible form to the White hat. CASE STUDY 02 Protecting children online Recent years have seen a rapid rise in the number and use of online social networks. These pose two significant risks in terms of child exploitation by paedophiles: preying on children via chat rooms and web-based communities; and distributing and sharing child abuse media. The Isis project led by Professor Awais Rashid of Lancaster University working in collaboration with Swansea and Middlesex Universities is using the expertise of the team in monitoring, natural language analysis, child protection and ethics to develop a toolkit with 94% accuracy in identifying masquerading adults. The team has helped law enforcement agencies identify those posing as children or using multiple identities to groom their victims. It has also worked with pupils helping them understand online risks. The research has also developed a methodology to identify and mitigate ethical misuses of powerful policing tools. The results form the basis of guidelines for building and developing ethical monitoring solutions. The team s research has featured in over 18 countries and is already being exploited. Isis Forensics Ltd, a spin-out company, has licensed the Language Analysis Software that has been developed by Lancaster University staff within the Isis project.
6 Academic Centres of Excellence in Cyber Security Research (ACE-CSRs) In a national partnership with BIS, the Centre for the Protection of National Infrastructure (CPNI), GCHQ, the Office of Cyber Security and Information Assurance (OCSIA) and RCUK, EPSRC has recognised 11 UK universities as ACE-CSRs, they are: Imperial College London, Lancaster University, Newcastle University, Queen s University Belfast, Royal Holloway, University of London, University of Bristol, University of Birmingham, University of Cambridge, University of Oxford, University of Southampton, University College London. These 11 centres conduct world-leading research and training activities which will ultimately help protect the UK s citizens, businesses, infrastructure and government from cyber threats by extending knowledge and enhancing skills in cyber security. The ACE-CSR scheme is one of a number of initiatives outlined in the UK Government s National Cyber Security Strategy. The Strategy describes how Government is working with academia and industry to make the UK more resilient to cyber attacks. Each ACE-CSR receives a support grant from EPSRC to help them to work with partners in the private, public and third sectors. EPSRC-GCHQ Cyber Research Institutes Two academic Research Institutes have been established jointly by EPSRC and GCHQ to tackle some of the UK s most pressing cybersecurity challenges. Through these Institutes we are supporting more than 10m of collaborative research activity which is inspired by real world, cutting edge, security issues. The Research Institute in the Science of Cyber Security is a virtual organisation involving seven universities. Its Director is Professor Angela Sasse of University College London. It brings together leading academics in the field of cybersecurity including social scientists, mathematicians and computer scientists from across the UK. Its research programme will help to answer two common questions faced by any organisation interested in enhancing its security: how secure are we, and how do we make better security decisions? The Research Institute in Automated Programme Analysis and Verification is led by Professor Philippa Gardner of Imperial College London. Its partners across six leading UK universities will investigate new ways of automatically analysing computer software to reduce its vulnerability to cyber threats.its outputs will provide businesses, individuals and government with additional confidence that software will behave in a secure fashion when installed on operational networks.
The National Cyber Security Strategy Our Forward Plans December 2013 1 The UK Cyber Security Strategy Report on progress December 2013 Our Forward Plans Two years have passed since we first set out our
Cyber Security: Designing and Maintaining Resilience White paper presented by: Georgia Tech Research Institute Cyber Technology and Information Security Laboratory Dr. George A. Wright Chief Engineer Terrye
WHITE PAPER Cybersecurity in Modern Critical Infrastructure Environments SECURE-ICS Be in Control Securing Industrial Automation & Control Systems This document is part of CGI s SECURE-ICS family of cyber
Qatar National Cyber Security Strategy MAY 2014 i ii TABLE OF CONTENTS FOREWORD... v EXECUTIVE SUMMARY... vi 1. INTRODUCTION...1 2. THE IMPORTANCE OF CYBER SECURITY TO QATAR...3 2.1 Threats... 3 2.2 Challenges...
Testimony of Farnam Jahanian, Ph.D. Assistant Director Computer and Information Science and Engineering Directorate Before the Committee on Science, Space, and Technology Subcommittee on Technology and
EUROPEAN COMMISSION Brussels, 2.7.2014 COM(2014) 442 final COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE
ICC CYBER SECURITY GUIDE FOR BUSINESS ICC CYBER SECURITY GUIDE FOR BUSINESS Acknowledgements The ICC Cyber security guide for business was inspired by the Belgian Cyber security guide, an initiative of
Competitive analysis of the UK cyber security sector A study by Pierre Audoin Consultants for the Department for Business, Innovation and Skills Version 1 July 29 th, 2013 www.pac-online.com Disclaimer
Digital Built Britain Level 3 Building Information Modelling - Strategic Plan February 2015 1 P a g e Contents 1. Ministerial Foreword 2. Industry Foreword 3. Executive Summary 4. Introduction, Context
Developing DECC s Evidence Base January 2014 Crown copyright 2014 You may re-use this information (not including logos) free of charge in any format or medium, under the terms of the Open Government Licence.
The National Cloud Computing Strategy May 2013 dbcde.gov.au/cloud nbn.gov.au Commonwealth of Australia 2013 The material in this paper is licensed under a Creative Commons Attribution 3.0 Australia license,
10101010101010101010101010101010101010101010101010101010101010101 01010101010101010101010101010101010101010101010101010101010101010 NCSRA II 01010101010101010101010101010100101010101010101010101010101010101
EUROPEAN COMMISSION Brussels, 6.5.2015 COM(2015) 192 final COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE
National Spatial Data Infrastructure Strategic Plan 2014 2016 Federal Geographic Data Committee December 2013 Federal Geographic Data Committee Federal Geographic Data Committee, Reston, Virginia: 2013
Annual Report 2010 Taking control of growth We re taking control of growth at Experian by focusing our efforts on our best opportunities. Firstly, we re doing more to expand our global reach into key vertical
Making the UK the best place to invest 2 Table of contents Our vision for the UK 3 Executive summary 4 Nine key facts why government must take action 5 The investment challenge 6 Introduction: investment
110101001101101101010011000 11011010100110110101001100 11011010011011010100110000 10100110110101001100010010 Protecting Information The Role of Community Colleges in Cybersecurity Education A Report from
Accessibility, sustainability, excellence: how to expand access to research publications Report of the Working Group on Expanding Access to Published Research Findings 2 Foreword This report, Accessibility,
National Cyber Security Research Agenda Trust and Security for our Digital Life Version 1.2 dr.ir. Herbert Bos prof.dr. Sandro Etalle dr.ir. Erik Poll Editors: (Vrije Universiteit Amsterdam) (Technische
The IT Industry s Cybersecurity Principles for Industry and Government 2011 ITI MEMBER COMPANIES Apple Inc. TABLE OF CONTENTS Executive Summary 5 Setting the Stage 7 Six Cybersecurity Principles 9 Principle
SOFTWARE ENGINEERING Key Enabler for Innovation NESSI White Paper Networked European Software and Services Initiative July 2014 Executive Summary Economy and industry is experiencing a transformation towards
The Contribution the ICT Industry Can Make to Sustainable Development A Materiality Assessment by the Global esustainability Initiative April 2008 Prepared by: 1 Dear Colleagues, In response to rapid advances
INTERNATIONAL STRATEGY FOR CYBERSPACE Prosperity, Security, and Openness in a Networked World MAY 2011 Table of Contents I. Building Cyberspace Policy............................... 3 Strategic Approach
in depth report Managing digital risk Trends, issues and implications for business about lloyd s Lloyd s is the world s leading specialist insurance market, conducting business in over 200 countries and
Priority III: A National Cyberspace Security Awareness and Training Program Everyone who relies on part of cyberspace is encouraged to help secure the part of cyberspace that they can influence or control.