Centre for Cyber Security and Resilience

Artificial intelligence (AI) is a pervasive technology. It can aid all areas of our lives. Cyber security and resilience is no exception.

We can develop systems which learn to make systems more secure. AI can also benefit from cyber security and resilience. We can make AI more robust and less susceptible to attacks.

Theme lead: Dr Stephen McGough

Our research theme will look at all aspects of bio/nano cyber security. We must secure the entire supply chain of nano-bio products and processes as:

• DNA synthesis becomes cheaper
• sophisticated molecular and genetic engineering tools become more widespread

This includes securing:

• the design process of nano-bio products (cells lines, plasmids, organoids, etc)
• their deployment (e.g. in the food supply, environment or body)
• final decommissioning

Our theme is keen to engage with a gamut of stakeholders. They represent experts on nanotechnology, biotechnology, cybersecurity.

They include industrial, government and public organisations and individuals. We gather all relevant perspectives on the future of bio/nano cyber security. That includes responsible innovation.

Theme lead: Prof Natalio Krasnagor

Cyber-Physical Systems (CPSs) are inter-connected systems that include physical components, computer control, networking and data collection, and human interactions. Examples include industrial control systems, precision agriculture, critical national infrastructure, on-body medical devices and drones. CPSs must be resilient to both cyber and physical attacks, and research is required to offer secure, resilient and, safe systems at all abstraction layers. This is not only meant to protect CPSs from threats creating a hazard for society: CPS research, in turn, infuses new thought paradigms into cyber security and resilience through the integrative modelling of the physical world and circular causality (feedback loops) of cybernetics, which give rise to autonomous and adaptive security systems.

We focus primarily on modelling and analysis as a solution to the challenge of CPSs, including how whole-system models and Digital Twins (DT) can better demonstrate resilience, how models of human performance and threats can be incorporated into these models. We will also investigate side channels and how both cyber and physical attacks can compromise CPSs, as well as how explainable trustworthy Artificial Intelligence (AI) can be used in CPSs in a way that is both verifiable and understandable.

Theme leads: Dr Ken Pierce and Dr Mujeeb Ahmed

Many service firms (accounting, legal and financial) embrace big data and data analytics.

Research on Fintech applications and the effects of cyber-crime is sparse. So we're unclear about the impact on various stakeholders and firms’:

• financial performance/risk
• social commitments
• governance

Under this theme, research and targeted grants will cluster around various sub-themes.

We'll investigate Fintech firms and financial institutions, looking at:

• cyber risk assessment/mitigation models
• governance systems/social responsibility
• human interactions/behaviours

We aim to present international insights and key policy implications. They will reflect cross-country comparisons.

We'll use inter-disciplinary research designs, new methods and unique datasets for cyber security. They will address both conceptual and empirical contexts.

Theme lead: Dr Marwa Elnahass

This theme will investigate the end-to-end protection for medical systems to:

• safeguard patients’ lives, health and treatment success
• ensure informed privacy for their data

It will not only consider the cyber security and resilience of such systems. It will also investigate privacy preservation and disclosure risk mitigation on identifying or sensitive personal information.

Its scope covers:

• medical, clinical and public-health systems
• the sharing and analysing of health data
• the challenges of ethics and governance vis-à-vis evolving healthcare technology

Theme leads: Dr Jaume Bacardit and Dr Leo Freitas

The vision for the stream governance, law, and new technologies is to explore the interaction between politics, international relations and law in cybersecurity research and development that places sociotechnical understandings of cybersecurity at the heart of its research.

Considering the increased role of cybersecurity in national security and economic concerns, this stream of research considers how policymakers, industry professionals, and civil society view cybersecurity, what problems they identify, and then how they then pursue legal or policy initiatives to address those cybersecurity concerns. We consider the following non-exhaustive list as indicative of the themes of this stream:

• Political salience: As cybersecurity moves from an issue considered technical and niche to one that is central to many states’ security policies, how does this change the importance of cybersecurity in the eyes of the public? Could cybersecurity become an issue that carries similar weight to other political issues such as health, the economy, or immigration? This research theme explores public understandings, and the political importance of, cybersecurity to a general public audience, which can help us to understand how this may shape cybersecurity laws and policies.
• Geopolitical cybersecurity: With increased geopolitical fragmentation and increased security and trade tension between states, is cybersecurity moving from something considered a public good to one that is considered rivalrous, reducing the potential for international collaboration and collective responsibility? This this research theme considered the impact of geopolitics and increased national protectionism and its impact upon international cybersecurity cooperation.
• Informed lawmaking: How do policymakers levels of understanding and expertise impact upon the development of legal regimes for cybersecurity compliance and enforcement? To what extent do lawmakers rely on the expertise of cybersecurity professionals, and how are the views of the general public taken into account during legislative development?
• Regulatory convergence/divergence: This research theme explores laws applicable to cybersecurity in a comparative perspective. Do we see cybersecurity legislation implemented by states or regions converging towards common goals, approaches and standards, or do we instead see divergence, where the approaches, standards, or compliance mechanisms increasingly differ between states or regions?
• Future-proof law and policy: Regulating new and emerging technologies is a complex issue, where there is a difficult balance to be struck between technological neutrality, ensuring that new developments can be captured by new laws and policies, and specificity, which ensures a clear and precise approach to regulation. This theme explores how this balance can be struck, or indeed, whether such a balance is possible.
• Compliance by design: To what extent can regulatory mechanisms be incorporated into cybersecurity technology design? Privacy by design holds that privacy and data protection should be considered at all stages of the development process, rather than seeking to ‘retrofit’ privacy or treat it as an after-thought. As legal cybersecurity compliance mechanisms develop, can they be incorporated into the design of systems in a way that guarantees ‘cybersecurity by design’?

Theme lead: Dr Ben Farrand

The Human Identity and Trust cross-cutting theme seeks to promote social justice by advancing knowledge on public awareness of and engagement in cyber security issues and citizens’ experiences of cyber security threats. By examining how individuals and groups negotiate their identities online; the level of trust they invest in their online interactions; and how they navigate their online decisions, the twofold aim is to (a) prevent digital technologies from performing as sites that reflect, exacerbate, or reinscribe social inequalities through design, production, and use and (b) identify and promote ways to protect citizens’ online identities and enhance individual and community trust in digital technologies.

Potential projects and approaches

The following themes and issues are illustrations of potential projects, reflecting the cross-cutting theme’s vision:

- To identify potential interdisciplinary research projects (UK centred or cross-national studies):

To understand the social implications of current and future technologies, the aims is to foster and support a series of citizen-oriented interdisciplinary research projects between members of HASS and other Faculties to attract research grants, centred on the intersectional dimensions of cybersecurity pertaining to identity and trust, by focusing on:

a) accountability, trust, and transparency

b) the growing normalisation of dis/misinformation, surveillance, and capitalist exploitation.

c) factors of age; disability; gender; children and youth; race, and ethnic identities

d) knowledge-sharing to promote online safety in everyday life and work, by enabling individuals and organisations reduce the risk of cyber-attack.

Theme leads: Prof Deborah Chambers and Dr Tina Sikka

Our vision for this research stream is to pioneer a new era in cyber security research and development that places ethical considerations, public trust, and environmental sustainability at the forefront.

By prioritizing ethics, ESG impact, public trust, and long-term efficacy, this stream of research ensures that cyber security solutions are not only cutting-edge but also responsible, sustainable, and capable of safeguarding individuals, organizations, and societies in an ever-changing threat landscape. We consider the following themes as examples (not limited to these):

• Ethical Considerations: In the rapidly evolving field of cyber security, it is crucial to develop innovative solutions that align with ethical principles. Responsible innovation ensures that technologies and practices are developed and deployed with a focus on protecting individual rights, privacy, and data security. This research theme helps mitigate potential ethical dilemmas and prevents the misuse of cyber security technologies for harmful purposes.
• Public Trust and Confidence: Responsible and sustainable innovation in cyber security instills confidence and trust among the public and stakeholders. When individuals know that research and solutions prioritize their safety and well-being, they are more likely to embrace and adopt cyber security measures, thereby enhancing overall cyber resilience.
• Environmental Impact: Sustainability in cyber security research addresses the ecological footprint of digital technologies. As the world increasingly relies on digital infrastructure, it is essential to develop eco-friendly solutions that reduce energy consumption and waste. Sustainable cyber security practices align with broader environmental goals, contributing to a greener and more environmentally conscious society.
• Future-Proof Solutions: Responsible innovation looks beyond short-term gains and aims to develop long-lasting solutions that can adapt to future challenges. Cyber threats constantly evolve, and sustainable innovation ensures that cyber security solutions remain effective and relevant over time, providing continuous protection against emerging threats.
• Regulatory Compliance: As governments and international bodies strengthen data protection and cyber security regulations, responsible innovation becomes a necessity. Research that adheres to ethical and sustainable practices is more likely to comply with existing and future regulations, reducing legal risks and liabilities.
• Social Impact: Cyber security incidents can have far-reaching consequences, affecting not only individuals but also critical infrastructures and societies as a whole. Responsible innovation focuses on minimizing negative social impacts, fostering a safer and more resilient digital environment for everyone.
• Preventing Technological Lock-in: Sustainable innovation encourages open and interoperable technologies. Avoiding proprietary and closed systems prevents technological lock-in, enabling the seamless integration of diverse cyber security solutions and fostering healthy competition among vendors.

Theme lead: Prof Marwa Elnahass