Academic Centre of Excellence in Cyber Security Research - University of Oxford

Lead Research Organisation: University of Oxford
Department Name: Computer Science

Abstract

Cyber Security Research in the University of Oxford is founded upon the observation that in order to make meaningful progress in this field, a multi-disciplinary approach is needed, and that the research outputs must be firmly grounded in rigorous academic excellence provided by the component disciplines. To this end, we have structured ourselves as a network which links research, teaching, and good practice across many departments of the University. The network comprises researchers and projects of various sizes, with a number of particular flagship large initiatives, which draw in research activity from across the University, including the Centre for Doctoral Training in Cyber Security, the Global Cyber Security Capacity Centre, and the Cyber Studies Programme.

The status as an Academic Centre of Excellence in Cyber Security Research helps to catalyse such initiatives, to bring together researchers in new projects and activities, and to raise the profile nationally and internationally of the research in this area. Our network of projects and academics across the University also provides a context and pool of expertise to refer to when individual academics are making their own grant proposals, as well as a clearing-house for external enquiries - whether from the press, or from companies and others seeking research partners.

Planned Impact

The main purpose of this ACE-CSR proposal is for impact. In addition to the pre-existing academic disciplines which benefit from the research through the usual means, the following beneficiaries exist:

* the wider academic community: the breath of concerns faced in the challenges of Cyber Security are not always appreciated by the academic community at large. Some may be undertaking research which might fall into this category, without realising it; others have techniques and expertise which could be brought to bear, but are unaware of the opportunities - for research funding and for engaging with real, pressing problems for society.

* the information security community: practitioners of security and vendors of solutions will always need to drawn on expertise which helps to address new and emerging threats - research which covers those topics which are not yet mundane or every-day in character. The centre will improve communication with this community - both for dissemination
and for motivating new research.

* the public sector: by providing a flagship centre, the University will enable public bodies (as well as the private sector) better to understand the capabilities which it can offer and the partnerships which are possible - in some contexts, the University having much more flexibility in undertaking projects, or a range of untapped expertise hard to assemble elsewhere.

* the general public: the University takes seriously a public education and dissemination mission. Members of the University frequently participate in the Media in order to explain or comment upon issues of security or privacy - and how members of the public are impacted or can protect themselves. Through the better linkages and internal communications
enabled by the centre, this public engagement will be strengthened.

Publications

10 25 50
 
Description Commonwealth Parliamentary Association Cybersecurity Programme on Research, Risk and Resilience: Cyber Security and Public Policy: day-long seminar hosted in the University of Oxford for around 30 Commonwealth MPs
Geographic Reach Multiple continents/international 
Policy Influence Type Gave evidence to a government review
URL http://www.uk-cpa.org/programmes-activities/the-cpa-uk-cybersecurity-workshop/
 
Description Evidence to House of Commons Select Committee on Science and Technology on Telecommunications Security
Geographic Reach National 
Policy Influence Type Gave evidence to a government review
URL https://www.parliament.uk/business/committees/committees-a-z/commons-select/science-and-technology-c...
 
Description National Cyber Security Centre Small Grants Scheme
Amount £15,722 (GBP)
Organisation Government Communications Headquarters (GCHQ) 
Sector Public
Country United Kingdom
Start 11/2017 
End 07/2018
 
Description Workshop: Industry 4.0 and Supply Chain Cyber Security
Amount £6,500 (GBP)
Organisation National Cyber Security Centre 
Sector Public
Country United Kingdom
Start 12/2018 
End 02/2019
 
Description Workshop: Towards a Smarter Research Ethics in Cyber Security
Amount £3,739 (GBP)
Organisation National Cyber Security Centre 
Sector Public
Country United Kingdom
Start 11/2017 
End 01/2018
 
Description Workshop: Towards smarter research ethics in data science
Amount £1,100 (GBP)
Organisation Alan Turing Institute 
Sector Academic/University
Country United Kingdom
Start 05/2018 
End 05/2018
 
Description Adjunct Professor at Griffith University, Queensland Australia 
Organisation Griffith University
Country Australia 
Sector Academic/University 
PI Contribution Andrew Martin has been appointed Adjunct Professor in the INSTITUTE FOR INTEGRATED AND INTELLIGENT SYSTEMS in Griffith University. He has visited twice, giving four research seminars so far, and undertaken a variety of research discussions - not yet leading to funded projects, but which are anticipated in future.
Collaborator Contribution Prof. Dong, who is a formal collaborator for the Smart Grid Security and Privacy project (the project was established in a joint call with Sinagpore; he is PI for that side of the project, at the National University of Singapore) now divides his time between Singapore and Griffith University, where he directs the Institute. He has facilitated this collaboration, and informally brings his research team there into the project.
Impact Four research seminars at Griffith University and, sponsored by Griffith, for the Queensland Government.
Start Year 2017
 
Description Lloyd's Register Foundation Foresight Review: Operational Cyber Security for the Industrial Internet of Things 
Organisation Lloyd's Register Foundation
Country United Kingdom 
Sector Charity/Non Profit 
PI Contribution This collaborative project is co-led by Sadie Creese (member of the ACE), and managed by Katherine Fletcher (part-funded by the ACE).
Collaborator Contribution The other project co-leads are Ali El Kaafarani (possible candidate for Oxford ACE membership in the next round) and Robert Hannigan. Together, the project leads (and other project member: Doctoral and Postdoctoral researchers at Oxford) convened a series of workshops to inform a report on operational cyber security for industrial IoT applications.
Impact This project will result in a Foresight Review which will be publicly available on the Lloyd's Register foundation website from May 2020: https://www.lrfoundation.org.uk/en/foresight/.
Start Year 2019
 
Description APPG-AI 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact Various members of the Academic Centre of Excellence in Cyber Security Research take part in the APPG on AI: Marina Jirotka's ORBIT project is rapporteur for the APPG, and Professor Jirotka gave evidence at Evidence Meeting 2 (27 March 2017). The Oxford ACE Network Coordinator has attended several of these meetings, and arranged for Oxford's Sandra Wachter to give evidence (11 September 2017) and contributed to discussions. Informally, this networking has resulted in seminars given in Oxford and exchange of ideas.
Year(s) Of Engagement Activity 2017,2018
URL http://www.appg-ai.org/
 
Description CDT Project Matchmaking 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach Regional
Primary Audience Professional Practitioners
Results and Impact In October 2017, the ACE Network Coordinator organised a matchmaking workshop, to introduce industry and policy-making partners to researchers from the ACE network in Oxford, in hopes we could co-develop projects which students in the Centre for Doctoral Training could take forward. This has led to at least 2 submissions of projects (final decisions to be made in late March 2018).
Year(s) Of Engagement Activity 2017
 
Description Capture the Flag team 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach Local
Primary Audience Postgraduate students
Results and Impact GCHQ gave a small grant in 2017 to Professor Andrew Martin (declared in this ResearchFish return), which supported outreach activities: Cyber Security students have started a successful Capture-the-Flag team, which has given rise to the Oxford University Competitive Cyber Security Club. The Club used GCHQ's financial support to run special competititons to engage undergraduate students (coming from a variety of backgrounds, not just "security-relevant" degree courses). This has been great exposure for our field, motivating new students to get involved in our area and help address the Cyber skills shortage identified by the UK Government.
Year(s) Of Engagement Activity 2017,2018
URL https://ox002147.gitlab.io/about.html
 
Description Cyber Security Research Ethics workshop 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach Regional
Primary Audience Professional Practitioners
Results and Impact With support from GCHQ (listed in this ResearchFish return), the ACE Network Coordinator and network researchers organised a workshop on 12 December 2017, on Research Ethics and Cyber Security. This brought together academic researchers from multiple universities, members of their Research Ethics Boards and administration teams, companies that conduct research related to Cyber Security, and a representative from the National Cyber Security Centre. The workshop was very successful: plans were made to take this concept forward on a national scale, and funding has been received from the Alan Turing Institute (funding formally granted to an academic from the University of Cambridge, in collaboration with Oxford staff) to host a similar workshop in May 2018. This workshop will include members of EPSRC, ESRC, Dstl, and various companies, in addition to academic participants.
Year(s) Of Engagement Activity 2017
 
Description Cyjax interactions 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach Local
Primary Audience Professional Practitioners
Results and Impact The ACE Network Coordinator has developed a relationship with Cyjax, a company specialising in Threat Intelligence. This has flourished into a collaborative relationship: The company has taken part in miniproject matchmaking (Discussed as an earlier activitiy), offered a Deep Dive visit to Oxford students, and given access to its data to several students, whose research projecst are of interest to the company. The company is now on the Advisory Board of Oxford's Centre for Doctoral Training in Cyber Security: discussions are currently (March 2018) underway regarding meanigful financial support for Oxford research, on topics of mutual interest. The company also now provides threat intelligence to the University of Oxford Department of Computer Science.
Year(s) Of Engagement Activity 2017,2018,2019
 
Description Engagement with BGI 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach Local
Primary Audience Professional Practitioners
Results and Impact In January 2018 we initiated contact with BGI, an insurance brokerage located near Oxford. We have discussed the potential for co-created student research projects, and are also hoping to invite representatives from BGI to a forthcoming project workshop on cyber security risk and the insurance sector.
Year(s) Of Engagement Activity 2018
 
Description Engagement with Context Information Security 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach Regional
Primary Audience Professional Practitioners
Results and Impact In January 2018 we initiated contact with Context, a cyber security firm based in London. We have explored avenues for joint research and sponsorship of students, and hope to take this forward with meaningful financial support for the Centre for Doctoral Training in Cyber Security in 2018.
Year(s) Of Engagement Activity 2018
 
Description Engagement with Department for Transport 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact In January 2018 we initiated contact with the Cyber Security policy researchers at the Department for Transport. After a successful exploratory meeting, we agreed that there was scope for collaboration. As of March 2018 one student has been put in contact with our contacts at DfT to discuss a research project, and we expect that more collaborations will emerge over time.
Year(s) Of Engagement Activity 2018
 
Description Engagement with Transport for London 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach Regional
Primary Audience Professional Practitioners
Results and Impact In February 2018 we initated a relationship with the Cyber Security Analyst team at Transport for London, exploring areas of potential mutual interest. We feel there may be scope for co-created research projects, which we will explore in 2018.
Year(s) Of Engagement Activity 2018
 
Description Engagement with the Satellite Applications Catapult 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach Local
Primary Audience Industry/Business
Results and Impact In February 2018 we initiated contact with the Satellite Applications Catapult, to explore avenues for engagement. We discovered areas of mutual interest and hope to turn this into concrete interaction via Oxford's Centre for Doctoral Training in Cyber Security, with co-created student research projects. The STA also offered to investigate hosting a workshop bringing together members of its SME ecosystem, to discuss potential research projects of interest to Cyber Security and Mathematics researchers.
Year(s) Of Engagement Activity 2018
 
Description Helped organise National PhD Winter School 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Postgraduate students
Results and Impact Andrew Martin served as one of the co-convenors of the UK National PhD Winter School, funded by NCSC and EPSRC, in Newcastle, January 2020. It was attended by 120 PhD students from across the ACE-CSR community. It promoted both advanced education of those students, and their network-building.
Year(s) Of Engagement Activity 2019
 
Description Meet Warner Brothers 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Industry/Business
Results and Impact Members of the Oxford ACE met with representatives of Warner Brothers, to discuss potential avenues for engagement. While several topics might be worth exploring in future, we were not able to identify any specific next steps. This in itself was useful, since both parties now have contacts in the relevant organisations, should relevant questions arise, even if there is no concrete follow-up at the moment.
Year(s) Of Engagement Activity 2017
 
Description Participation in CyberInvest meetings 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Industry/Business
Results and Impact As an Academic Centre of Excellence in Cyber Security Research, we are invited to attend CyberInvest meetings, where the ACE Universities are introduced to companies who are looking to invest in UK academic research in our field. We have attended a number of these events (at London in March 2016, Nova South in November 2017, Liverpool March 2018, Manchester in April 2018, Stratford on Avon in June 2018, etc) and have made several good contacts.
Year(s) Of Engagement Activity 2017,2018
 
Description Participation in Oxford Cyber Cluster 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach Regional
Primary Audience Professional Practitioners
Results and Impact The ACE Network Coordinator is an active member of the Oxford Cyber Cluster, part of the UK Cyber Security Forum cluster network. The Cluster exists to provide an independent source of cyber secutiyy news and information for the Oxfordshire business community, and to create a network amongst cyber security practitioners. Whilst there has not been any direct tangible outcome of membership, being part of this network is a useful way to keep in touch with developments in our local area. In the longer term, we hope to develop ideas for research projects which would be of interest to our local community. We have also used the Cluster as a way to improve our links to Oxford Brookes University, who also does teaching in research in this area, and with whom it would be sensible to work together on areas of joint interest. We have discussed running joint recruitment/outreach events (e.g. a capture-the-flag type challenge), inviting each other's researchers to give seminars, and potentially co-developing a "Smart House" test environment which both universites could make use of. We haven't got any tangible success yet but we would never even have had these discussions were it not for the Cluster.
Year(s) Of Engagement Activity 2017,2018
URL https://www.oxcyber.uk/cx/
 
Description Visit Roke 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach Regional
Primary Audience Professional Practitioners
Results and Impact Visit Roke to explore avenues for engagement: this has resulted in Roke joinng the Advisory Board of the Centre for Doctoral Training in Cyber Security at the University of Oxford, collection of several topics which are ripe for industry-academia collaboration, and the creation/testing of an electronic system to facilitate sharing of project ideas in future. We also now have a license to use Roke's software for academic research at the University of Oxford. We are currently (March 2018) exploring meaningful financial support for cyber security research at Oxford which would be of direct interest to Roke, and our Capture the Flag team is discussing running training exercises with Roke staff on cyber security.
Year(s) Of Engagement Activity 2017
 
Description Workshop: Industry 4.0 and Supply Chain Cyber Security 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Industry/Business
Results and Impact Workshop held 14 January 2019 in Oxford, to discuss cyber security for supply chains for just-in-time production and Industry 4.0. Attended by a mix of academics and industry (approximately 50-50 split). This workshop was funded by an NCSC Small Grant.
Year(s) Of Engagement Activity 2019
 
Description Workshop: Towards a smarter research ethics for Cyber Security 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Other audiences
Results and Impact We organised a workshop on research ethics processes for Cyber Security research, which involved researchers from the ACE Universities, colleagues from the National Cyber Security Centre, and people working in industry. The goal was to identify a community of people interested in developing better review processes, to be used by academia, industry, etc. This event (supported with a small grant from NCSC) contributed to several outcomes:
- further funding raised to hold a workshop in May 2018 at the Alan Turing Institute
- the establishment of a Research Ethics Board in the Computer Science Department at Oxford University
- ongoing discussions within Oxford to develop research ethics/risk assessment processes for internal use (one form already in use, as of 2019)
- ongoing discussions with colleagues across the UK (in industry and academia) to share best practice
- ongoing attempts to raise funds to turn this into a properly resourced project, to develop tools for ethics oversight of the emerging fields of cyber security and data science.
Year(s) Of Engagement Activity 2017