Academic Centre of Excellence in Cyber Security Research - De Montfort University
Lead Research Organisation:
De Montfort University
Department Name: Computer Technology
Abstract
The ACE-CSR will recognise a hub of proven industrially relevant research in critical systems, sociotechnical security, and incident response, supported by a mixed portfolio of funding of over £1.5M per year.
The ACE-CSR at De Montfort University will be centred around the Cyber Technology Institute (CTI) with its long-standing record of world-leading cyber-security research within the School of Computer Science and Informatics (SCSI), with additional cross-disciplinary expertise from across the University from areas such as cyber psychology, economics and cyber ethics.
As an ACE we will further increase our collaborative research with nationally and internationally leading partners through networks such as TIPS2, RITICS and RISCS as well as international collaborations with our German, Austrian, and Greek partner institutions with focus on Security of Cyber Physical Systems and Transport. This will add additional value to the network of ACEs through our significant international outreach to both academia and industry.
The ACE-CSR at De Montfort University will be centred around the Cyber Technology Institute (CTI) with its long-standing record of world-leading cyber-security research within the School of Computer Science and Informatics (SCSI), with additional cross-disciplinary expertise from across the University from areas such as cyber psychology, economics and cyber ethics.
As an ACE we will further increase our collaborative research with nationally and internationally leading partners through networks such as TIPS2, RITICS and RISCS as well as international collaborations with our German, Austrian, and Greek partner institutions with focus on Security of Cyber Physical Systems and Transport. This will add additional value to the network of ACEs through our significant international outreach to both academia and industry.
Planned Impact
The Academic Centre of Excellence in Cyber Security Research, De Montfort University, is expected to have societal and economic impact that extends from the current impact of Cyber Security research and its allied activities.
- Economic impact. Cyber security is essential for all modern economic activity, not just electronic commerce, but most others which will end up relying on internet communication and web services in some way. The research of the Centre will provide processes, methods, and tools that organisations can use to improve their cyber security state and posture.
This kind of impact is achieved in the first place in direct ways through contacts with industrial and governmental organisations. The deepest such connection is through the CTI's Industrial Advisory Group of Airbus, BT, Deloitte UK and Rolls-Royce, and other direct industrial and governmental collaborators. This may be through joint research projects (e.g. KTPs such as the one with Airbus), or consultancy, for which we have established partnerships in industry (ICS) and government. In addition, many of our PhD students are part-time, working in industry or government, so will achieve direct impact in their workplaces. In some cases, such as the ACTIVE InnovateUK project, the industrial impact may be at DMU itself via a spin-off company.
Impact is also achieved in a number of indirect ways. One is through research-led teaching. Much of our MSc teaching is as CPD to industry and government based professionals. Many of our undergraduate students go on industrial placements, and 1st year BSc Cyber Security students have been assigned industrial mentors. We provide apprenticeship education in a number of schemes. All of these mean that our research-led teaching reaches industrialists.
Another secondary way is through the traditional as well as non-traditional methods of achieving academic impact. These include published research papers, keynotes and panels, as well as social media and WWW publication, and open source distribution for software and research data. Our annual #DMUCyberWeek event brings in many external organisations.
- Societal impact. Security and privacy for all systems and communications is essential for governmental and other societal activity in much the same way as it is for economic activity. The methods for achieving this kind of impact are essentially the same as above for economic impact. In addition, we have strong public engagement. In particular Boiten, Flick, and Hadlington have strong presences in the media, with Hadlington having appeared on the UK One Show, Boiten on ABC News Australia, all of them and also Janicke with recent pieces on The Conversation which have reached wide audiences including through republication in national newspapers. These and other members of the centre appear on BBC Radio Leicester to comment on cyber security issues very regularly (over 20 times in 2018). The continuation of all this is actively pursued and supported by the University's Communications team.
We also participate in local community engaging events, such as the Leicester Business Fair, and our own "Cyber Wednesday" evening events where we covered topics such as online safety, privacy, and GDPR for a broad local external audience.
- Economic impact. Cyber security is essential for all modern economic activity, not just electronic commerce, but most others which will end up relying on internet communication and web services in some way. The research of the Centre will provide processes, methods, and tools that organisations can use to improve their cyber security state and posture.
This kind of impact is achieved in the first place in direct ways through contacts with industrial and governmental organisations. The deepest such connection is through the CTI's Industrial Advisory Group of Airbus, BT, Deloitte UK and Rolls-Royce, and other direct industrial and governmental collaborators. This may be through joint research projects (e.g. KTPs such as the one with Airbus), or consultancy, for which we have established partnerships in industry (ICS) and government. In addition, many of our PhD students are part-time, working in industry or government, so will achieve direct impact in their workplaces. In some cases, such as the ACTIVE InnovateUK project, the industrial impact may be at DMU itself via a spin-off company.
Impact is also achieved in a number of indirect ways. One is through research-led teaching. Much of our MSc teaching is as CPD to industry and government based professionals. Many of our undergraduate students go on industrial placements, and 1st year BSc Cyber Security students have been assigned industrial mentors. We provide apprenticeship education in a number of schemes. All of these mean that our research-led teaching reaches industrialists.
Another secondary way is through the traditional as well as non-traditional methods of achieving academic impact. These include published research papers, keynotes and panels, as well as social media and WWW publication, and open source distribution for software and research data. Our annual #DMUCyberWeek event brings in many external organisations.
- Societal impact. Security and privacy for all systems and communications is essential for governmental and other societal activity in much the same way as it is for economic activity. The methods for achieving this kind of impact are essentially the same as above for economic impact. In addition, we have strong public engagement. In particular Boiten, Flick, and Hadlington have strong presences in the media, with Hadlington having appeared on the UK One Show, Boiten on ABC News Australia, all of them and also Janicke with recent pieces on The Conversation which have reached wide audiences including through republication in national newspapers. These and other members of the centre appear on BBC Radio Leicester to comment on cyber security issues very regularly (over 20 times in 2018). The continuation of all this is actively pursued and supported by the University's Communications team.
We also participate in local community engaging events, such as the Leicester Business Fair, and our own "Cyber Wednesday" evening events where we covered topics such as online safety, privacy, and GDPR for a broad local external audience.
Organisations
People |
ORCID iD |
| Eerke Boiten (Principal Investigator) |
| Description | The CTI is a broad research centre with relevant impacts across all areas of cyber security. The grant supports this research centre in a broad sense. The research of the centre has had impact academically, through industrial partners and collaborations (e.g. in the AIR4ICS project or through the Industrial Advisory Groups), through part-time PhD study of industry staff, on the cyber security of universities locally and through an NCSC research project, on the cyber security of Greece through an academic working in CTI and part-time in the Greek national Cyber Security Centre, in industrial control systems, etcetera. The CTI provided 2 Impact Case Studies to the REF: one on human error in cyber security, and one on industrial control system security. The research capacity also connects with a wide range of activities in the local economy, such as with the LEP and the development of a cyber hub for the East Midlands. There is also cross-fertilisation between the ACE-CSR and the Academic Centre of Excellence in Cyber Security Education (Gold). |
| First Year Of Impact | 2019 |
| Sector | Aerospace, Defence and Marine,Digital/Communication/Information Technologies (including Software),Education,Energy,Financial Services, and Management Consultancy,Healthcare,Government, Democracy and Justice,Manufacturing, including Industrial Biotechology,Transport |
| Impact Types | Cultural,Societal,Economic,Policy & public services |
| Description | ICS community of interest Vulnerability Identification guidance |
| Geographic Reach | National |
| Policy Influence Type | Membership of a guideline committee |
| Description | Involvement with DCRF Web 3.0 exploration |
| Geographic Reach | National |
| Policy Influence Type | Contribution to a national consultation/review |
| Impact | Area is as yet mostly unregulated. Contributed to an event in October 2022, and some inputs reflected (not attributed) in resulting Insight Paper. |
| URL | https://www.gov.uk/government/publications/insight-paper-on-web3 |
| Description | Leicester, Leicestershire and Rutland Cyber Resilience Forum |
| Geographic Reach | Local/Municipal/Regional |
| Policy Influence Type | Participation in a guidance/advisory committee |
| Description | Open letter on COVID tracking apps and subsequent discussion with government officials and minister |
| Geographic Reach | National |
| Policy Influence Type | Implementation circular/rapid advice/letter to e.g. Ministry of Health |
| URL | https://github.com/CCTPS/UK |
| Description | A Framework for Quantifying the Privacy/Utility Trade-off in Generative Model based Synthetic Data |
| Amount | £150,000 (GBP) |
| Funding ID | R-AST-040 |
| Organisation | Alan Turing Institute |
| Sector | Academic/University |
| Country | United Kingdom |
| Start | 10/2021 |
| End | 04/2025 |
| Description | A Maturity Assessment Framework For Uk HEIs |
| Amount | £12,000 (GBP) |
| Organisation | National Cyber Security Centre |
| Sector | Public |
| Country | United Kingdom |
| Start | 12/2019 |
| End | 02/2020 |
| Description | Cognitive and Socio-Technical Cybersecurity in Modern Railway Systems |
| Amount | £200,000 (GBP) |
| Funding ID | Cognitive and Socio-Technical Cybersecurity in Modern Railway Systems |
| Organisation | PETRAS National Centre of Excellence |
| Sector | Academic/University |
| Country | United Kingdom |
| Start | 01/2022 |
| End | 06/2023 |
| Description | CyberASAP CyberGames |
| Amount | £32,000 (GBP) |
| Organisation | Innovate UK |
| Sector | Public |
| Country | United Kingdom |
| Start | 04/2021 |
| End | 06/2021 |
| Description | CyberASAP SACRED |
| Amount | £28,000 (GBP) |
| Organisation | Innovate UK |
| Sector | Public |
| Country | United Kingdom |
| Start | 04/2021 |
| End | 06/2021 |
| Description | INSURE: Intrusion detectioN System for pUblic hotspot cybeR sEcurity |
| Amount | £42,829 (GBP) |
| Funding ID | 133894 |
| Organisation | Innovate UK |
| Sector | Public |
| Country | United Kingdom |
| Start | 09/2019 |
| End | 02/2020 |
| Description | INSURE: Intrusion detectioN System for pUblic hotspot cybeR sEcurity |
| Amount | £16,547 (GBP) |
| Funding ID | 105350 |
| Organisation | Innovate UK |
| Sector | Public |
| Country | United Kingdom |
| Start | 03/2019 |
| End | 07/2019 |
| Description | Consortium for EPSRC cross Research Institute submission |
| Organisation | Cardiff University |
| Country | United Kingdom |
| Sector | Academic/University |
| PI Contribution | Consortium formed for application to EPSRC cross Research Institute submission. DMU acted as Principal Investigator and co-ordinator for all parties. Invited talks and workshops have been organised with participation from both parties. |
| Collaborator Contribution | Cardiff university has provided expertise in the area of psychology and training in high pressure situations. In addition they have participated in talks and workshops for students and industry audiences. |
| Impact | Participation in CyberWeek2021 and 2022, multi-disciplinary Cyber Security, Psychology |
| Start Year | 2020 |
| Description | Consortium for Leicester Institute of Technology bid |
| Organisation | University of Leicester |
| Country | United Kingdom |
| Sector | Academic/University |
| PI Contribution | The bid for an Institute of Technology strongly relied on the Cyber Security group at DMU. |
| Collaborator Contribution | Partners covered other areas of education in this IOT bid. |
| Impact | Established stronger relationships with regional partners in education and industry, exploited in subsequent opportunities. |
| Start Year | 2020 |
| Description | Consortium for OfS short courses bid |
| Organisation | Leicester College |
| Country | United Kingdom |
| Sector | Academic/University |
| PI Contribution | Cyber security as part of an OfS short courses bid (successful). |
| Collaborator Contribution | Other areas in the bid. |
| Impact | Successful bid, OfS short courses to be put on. |
| Start Year | 2021 |
| Description | Industrial Advisory Group for the Cyber Technology Institute at DMU |
| Organisation | Airbus Group |
| Department | Airbus Operations |
| Country | United Kingdom |
| Sector | Private |
| PI Contribution | Industrial Advisory Group for the Institute. Research collaborations, collaborations in outreach. |
| Collaborator Contribution | Industrial Advisory Group for the Institute. Research collaborations, collaborations in outreach. Advice from industrial partners on research, teaching, and enterprise. Joint outreach. Joint cyber defence exercises. Support to research projects. Joint research bids. Mentorship of undergraduate students. Joint KTPs. |
| Impact | Joint outreach. Joint cyber defence exercises. Support to research projects. Joint research bids. Mentorship of undergraduate students. Joint KTPs. |
| Start Year | 2015 |
| Description | Industrial Advisory Group for the Cyber Technology Institute at DMU |
| Organisation | BT Group |
| Country | United Kingdom |
| Sector | Private |
| PI Contribution | Industrial Advisory Group for the Institute. Research collaborations, collaborations in outreach. |
| Collaborator Contribution | Industrial Advisory Group for the Institute. Research collaborations, collaborations in outreach. Advice from industrial partners on research, teaching, and enterprise. Joint outreach. Joint cyber defence exercises. Support to research projects. Joint research bids. Mentorship of undergraduate students. Joint KTPs. |
| Impact | Joint outreach. Joint cyber defence exercises. Support to research projects. Joint research bids. Mentorship of undergraduate students. Joint KTPs. |
| Start Year | 2015 |
| Description | Industrial Advisory Group for the Cyber Technology Institute at DMU |
| Organisation | Deloitte Touche Tohmatsu |
| Department | Deloitte, UK |
| Country | United Kingdom |
| Sector | Private |
| PI Contribution | Industrial Advisory Group for the Institute. Research collaborations, collaborations in outreach. |
| Collaborator Contribution | Industrial Advisory Group for the Institute. Research collaborations, collaborations in outreach. Advice from industrial partners on research, teaching, and enterprise. Joint outreach. Joint cyber defence exercises. Support to research projects. Joint research bids. Mentorship of undergraduate students. Joint KTPs. |
| Impact | Joint outreach. Joint cyber defence exercises. Support to research projects. Joint research bids. Mentorship of undergraduate students. Joint KTPs. |
| Start Year | 2015 |
| Description | Industrial Advisory Group for the Cyber Technology Institute at DMU |
| Organisation | Rolls Royce Group Plc |
| Country | United Kingdom |
| Sector | Private |
| PI Contribution | Industrial Advisory Group for the Institute. Research collaborations, collaborations in outreach. |
| Collaborator Contribution | Industrial Advisory Group for the Institute. Research collaborations, collaborations in outreach. Advice from industrial partners on research, teaching, and enterprise. Joint outreach. Joint cyber defence exercises. Support to research projects. Joint research bids. Mentorship of undergraduate students. Joint KTPs. |
| Impact | Joint outreach. Joint cyber defence exercises. Support to research projects. Joint research bids. Mentorship of undergraduate students. Joint KTPs. |
| Start Year | 2015 |
| Description | Covid tracking apps: engagement with academia, press, specific audiences |
| Form Of Engagement Activity | A press release, press conference or response to a media enquiry/interview |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Public/other audiences |
| Results and Impact | Prof Boiten was one of the initiators of an open letter by UK academics on the privacy aspects of COVID tracking apps, which was signed by over 200 academics from mainly computer science and law. He was also one of the press contacts for this. In this capacity, he spoke to national and international press, and appeared on national television in the US, the Netherlands, and the UK. The initiators also spoke to a government minister about this. There were several conference and seminar presentations following this. |
| Year(s) Of Engagement Activity | 2020,2021 |
| URL | https://github.com/CCTPS/UK |
| Description | Cyber Defence Exercises |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | Cyber Defence Exercises have been performed with 114 participants in both the attacking (Red) and defending (Blue) teams drawn from industry and government. The exercises have included international participants from Austria, USA, Germany, Denmark and Australia and focused on incident response within the Operational Technology domain. Using a hybrid cyber range researchers were able to develop new tools and techniques to allow better responses to attacks against Industrial systems whilst also providing useful hands-on experience of physical equipment for participants. |
| Year(s) Of Engagement Activity | 2019,2020,2021 |
| Description | Cyber Security Workshop for local authorities |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | Regional |
| Primary Audience | Policymakers/politicians |
| Results and Impact | Dr Richard Smith ran a Cyber Security Workshop exercise based around an Advanced Persistent Threat attack against a unitary authority. Utilising gamification techniques to facilitate active learning, participants were required to make decisions at every stage of the attack lifecycle. With a limited budget available participants choices around both technical and strategic aspects directly impacted upon their future choices and their approval rating with the public. The session was designed to foster discussion between technical and management staff on the topic and teams were formed to ensure a mixture of both. |
| Year(s) Of Engagement Activity | 2021 |
| Description | Cyber Week |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Industry/Business |
| Results and Impact | A week of activities at the CTI where industrial partners, DMU speakers, and other contacts demonstrate important aspects of cyber security and run training events, open to all interested, targeting in the first place regional industry and government organisations, and students of all disciplines. The 2021 edition was organised in collaboration with the regional Chamber of Commerce, and due to its online incarnation had an international reach. |
| Year(s) Of Engagement Activity | 2017,2018,2019,2020,2021,2022 |
| Description | Cyberweek 2023 |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | Regional |
| Primary Audience | Postgraduate students |
| Results and Impact | A week of events at DMU, with different industrial partners involved in organising different days, attracted audiences of 10-50. |
| Year(s) Of Engagement Activity | 2023 |
| URL | https://www.eventbrite.co.uk/e/dmu-cyberweek2023-tickets-536217329467 |
| Description | Discussion on cyber crime and politics |
| Form Of Engagement Activity | A press release, press conference or response to a media enquiry/interview |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Media (as a channel to the public) |
| Results and Impact | How sophisticated was the DDOS attack against Labour? Contribution to a Full Fact article, aimed at informing the general public and debunking potentially misleading information. |
| Year(s) Of Engagement Activity | 2019 |
| URL | https://fullfact.org/news/labour-ddos-attack/ |
| Description | Engagement with DCRF Web 3.0 regulation workshop |
| Form Of Engagement Activity | A formal working group, expert panel or dialogue |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Policymakers/politicians |
| Results and Impact | Workshop on Web 3.0 and the challenges it puts for UK regulators as federated in DCRF (Ofcom, ICO, and others). |
| Year(s) Of Engagement Activity | 2022 |
| URL | https://competitionandmarkets.blog.gov.uk/2022/11/10/web-3-0-and-distributed-ledger-technologies-a-r... |
| Description | Engagement with national and international press |
| Form Of Engagement Activity | A press release, press conference or response to a media enquiry/interview |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Media (as a channel to the public) |
| Results and Impact | Public engagement on a wide range of cyber security topics by Eerke Boiten (steadily increased, up to ~40 per year since 2017), and others. Newspapers (including Le Monde), local radio, TV (Al Jazeera and regional), online publications (Wired, The Conversation, SC Magazine, The Register) etc |
| Year(s) Of Engagement Activity | 2015,2016,2017,2018,2019,2020,2021,2022 |
| Description | Engagement with national and international press |
| Form Of Engagement Activity | A press release, press conference or response to a media enquiry/interview |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Media (as a channel to the public) |
| Results and Impact | Press engagements of Prof Eerke Boiten recorded elsewhere. Also significant media and press engagement by Dr Catherine Flick (frequent regional radio, national radio, frequent international press including Wired and WSJ) Dr Richard Smith (regional radio, other press) Dr Francisco Aparicio Navarro (national press including Observer) Dr Ismini Vasileiou (various media including The Conversation) Dr Isabel Wagner (national press including New Scientist) PhD student Thomas Reisinger (The Conversation) |
| Year(s) Of Engagement Activity | 2019,2020,2021,2022 |
| Description | Engagement with the press on public interest aspects of security, cryptography, and privacy |
| Form Of Engagement Activity | A press release, press conference or response to a media enquiry/interview |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Media (as a channel to the public) |
| Results and Impact | Quotes in international, national (Guardian, Independent,...), and online press (Wired, TheRegister, ...) Media comment pieces, e.g. many in The Conversation LinkedIn columns Twitter engagement and online blogs Regional and national radio TV - national and international |
| Year(s) Of Engagement Activity | 2013,2014,2015,2016,2017,2018,2019,2020,2021,2022 |
| Description | FOSAD summer schools |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Postgraduate students |
| Results and Impact | CryptoForma became a partner in the international FOSAD summer school. Selection of speakers, sponsoring of speakers, and sponsoring of UK attendants. Eerke Boiten is still a member of the steering commitee of this summer school series |
| Year(s) Of Engagement Activity | 2012,2013,2014,2015,2016,2017,2018,2019,2020,2021 |
| URL | https://sites.google.com/uniurb.it/fosad |
| Description | Involvement with regional cyber emergency planning |
| Form Of Engagement Activity | A formal working group, expert panel or dialogue |
| Part Of Official Scheme? | No |
| Geographic Reach | Regional |
| Primary Audience | Professional Practitioners |
| Results and Impact | Dr Richard Smith is involved in regional cyber security emergency planning, and attends regular meetings in relation to this. |
| Year(s) Of Engagement Activity | 2019,2020,2021,2022 |
| Description | Multiple interviews on BBC Radio Leicester regarding cybercrime and privacy |
| Form Of Engagement Activity | A broadcast e.g. TV/radio/film/podcast (other than news/press) |
| Part Of Official Scheme? | No |
| Geographic Reach | Regional |
| Primary Audience | Media (as a channel to the public) |
| Results and Impact | Eerke Boiten has been a regular visitor to BBC Radio Leicester (some 20 times over this period), covering cybercrime and privacy topics. |
| Year(s) Of Engagement Activity | 2017,2018,2019,2020,2021,2022 |
| Description | Panel on cryptocurrencies at Henry George School of Social Sciences |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Public/other audiences |
| Results and Impact | Prof E Boiten joined an international panel discussion on cryptocurrencies. |
| Year(s) Of Engagement Activity | 2023 |
| URL | https://www.youtube.com/watch?v=6aCKa-2NWzM |
| Description | Press engagement on Ransomware by Eerke Boiten |
| Form Of Engagement Activity | A broadcast e.g. TV/radio/film/podcast (other than news/press) |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Public/other audiences |
| Results and Impact | Interview on Al Jazeera English (TV), 5 February 2023 Interview on LBC (Radio), 11 August 2022 |
| Year(s) Of Engagement Activity | 2022,2023 |
| Description | Press engagement on Twitter, ChatGPT; TV, radio, press, online |
| Form Of Engagement Activity | A press release, press conference or response to a media enquiry/interview |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Public/other audiences |
| Results and Impact | Several members of the team (Prof E Boiten, Dr C Flick, Dr F Aparicio-Navarro particularly) engaged with the media on various cyber security related topics. International TV, national and regional radio, newspapers, online publications. |
| Year(s) Of Engagement Activity | 2022,2023 |