Academic Centre of Excellence in Cyber Security Research - Newcastle University

Lead Research Organisation: Newcastle University
Department Name: Sch of Computing

Abstract

The Newcastle Academic Centre of Excellence in Cyber Security Research pursues the research vision "Protecting Society's Fabric."
Following the conviction that cyber security does not arise from protecting critical infrastructures alone, the Centre complements core security research (such as cryptography, secure system engineering, or information assurance techniques) with initiatives to protect and support stakeholders (victims and investigators) and a strong focus on science and human dimensions of cyber security. The Centre benefits from Newcastle's long-standing research in dependability and formal methods and has established a leading, rigorous research methodology for the science and human dimensions of cyber security.


Part of the Centre's research is focused on the resilience of critical and emergent infrastructures, where examples include the Internet's identity backbone, the cloud or e-voting as well as the Internet of Things or emergent payment systems.

The Centre offers research on the secure design of security protocols, including cryptographic and formal methods to ascertain the security of such protocols in various contexts.

The Centre investigates the human dimensions of cyber security and scientific, evidence-based methods to strengthen cyber security research. Here, the Centre's investigators ask questions such as how human beings behave in security and privacy situations and how cyber security technologies can become usable.


The Newcastle Academic Centre of Excellence in Cyber Security Research has a history of collaborating with regional, national and international businesses, government and public-sector organizations as well as NGOs aiming at offering more security and privacy for societies and their individuals, in keeping with the theme of "Protecting Society's Fabric."

Planned Impact

1. Cyber Security Hub in the Northeast of England.
The Academic Centre of Excellence in Cyber Security Research creates a cyber security hub in the region and seeks to impact regional businesses as well as other universities. Businesses and universities will benefit from the events, knowledge exchanges and collaborations either immediately with investigators of the Centre or Centre-co-founded initiatives, such as Cyber North.

2. Economic and Societal Impact in the Northeast
As the civic university Newcastle, the Academic Centre of Excellence in Cyber Security Research seeks to impact the overall development of the Northeast by joint ventures and an infusion of know-how and innovation. There are a number of SMEs co-located with Newcastle University, especially on the new Science Central campus, that benefit from the contacts with the Centre.

3. Knowledge Impact
The Centre's research agenda stands to yield results impacting strategic technologies, such as identity management or cloud. It benefits designated strategic topics in the UK cyber security research strategy, including cryptography, risk management or building trusted systems. The Centre supports evidence-based methods for cyber security and stands to advance the research methodology of the field.

4. Training
The Academic Centre of Excellence in Cyber Security Research offers training for students and PhD students as well as positions for highly qualified individuals. Centre investigators offer PhD positions themselves and also act as supervisors for the EPSRC Doctoral Training Centres in Digital Civics and Cloud Computing for Big Data. Furthermore, the Centre supports an MSc programme in Computer Security and Resilience.
 
Description Cloud crime with NCA 
Organisation National Crime Agency
Country United Kingdom 
Sector Public 
PI Contribution Advising the NCA on technical and social aspects of cloud crime. Proposed a research agenda with multiple structured abstracts on forum data analysis.
Collaborator Contribution Offering understanding of the national strategy to address cyber crime and cloud crime. Requirements towards police user engagement. Data for further analysis.
Impact The outcomes of initial conversations have been captured in a results paper governed by David Wall. We've negotiated an information sharing agreement on forum data of interest to the NCA, to employ multiple research methods from machine learning and data mining as well as social sciences (criminology and psychology).
Start Year 2015
 
Description GCHQ - NCSC 
Organisation Government Communications Headquarters (GCHQ)
Country United Kingdom 
Sector Public 
PI Contribution We establish the capability to run analyses for research projects, especially with a machine-learning methodology, on data with protective marking secret.
Collaborator Contribution GCHQ supported the creation of a secure environment, including expertise on design and accreditation.
Impact Secure computing facility for primarily impacting cloud crime research at first. The Secure Data Safe Haven was established and its physical setup accredited by the GCHQ accreditor to be secure to hold government-grade cryptographic devices. The system has been equipped with corresponding government-grade cryptographic devices following a formal GCHQ authorization.
Start Year 2015
 
Description Northumbria Police 
Organisation Northumbria Police
Country United Kingdom 
Sector Public 
PI Contribution Scoping analysis of police (ActionFraud) data to detect patterns in police data, especially towards problem profiles or causality in case files. Eventually, Northumbria Police decided to build up a machine learning capability in-house, after our discussions of possible benefits for classification and analysis.
Collaborator Contribution Briefing on police needs on data analysis and reporting.
Impact Initial meetings towards collaboration agreement. Decisions on building capacity in the Northumbria Police Force.
Start Year 2016
 
Description Sunderland Inhouse Cloud 
Organisation Sunderland City Council
Country United Kingdom 
Sector Public 
PI Contribution Deliver understanding of cloud crime on government in-house clouds, especially with the capacity to analyse business-process level incidents.
Collaborator Contribution Offers data to be analysed by the project.
Impact Initial conversations to date. Established a data exchange. Realized clusterings and machine learning analysis on Sunderland in-house cloud configuration data, identifying abnormal cases (computers, users) incl. factors such as services and apps setup.
Start Year 2015
 
Description ACE-CSR ALO meeting with focus on PhD proposals 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach Local
Primary Audience Professional Practitioners
Results and Impact Preparation of PhD proposals for the NCSC PhD competition. Discussion of promising topics such as smart buildings, etc.
Year(s) Of Engagement Activity 2017
 
Description ACE-CSR/RISCS Workshop on Scientific Methods in Cyber Security Research 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact We hosted a RISCS Workshop on scientific methods in cyber security research, incl. framing of research questions, challenges and pivotal changes that need to be enacted to yield strong scientific results. The workshop was attended by about 50 participants, from the RISCS community as well as professional practitioners interested in consuming cyber security research results.
Year(s) Of Engagement Activity 2018
 
Description BDA4CID 2018 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact Cyber-attacks have posed real and wide-ranging threats for the information society. Detecting cyber-attacks becomes a challenge, not only because of the sophistication of attacks, but also because of the large scale and complex nature of today's IT infrastructures.

When significant amounts of data is collected from computer systems operations and monitoring, data science and intelligent advanced analytics are necessary to correlate, learn and mine, interpret and visualize such data. To mitigate existing cyber threats, it is important that cyber-attack detection and security analysis take advantage of data science and advanced analytics. Big data provides a systemic approach, from capturing of IT operation data, through data processing and event correlation, to anomaly detection and response decision.

This Workshop will focus on the cutting-edge developments from both academia and industry, with a particular emphasis on novel techniques to capture, store and process the big-data from a wide range of sources in monitoring IT infrastructures, and in particular on the methodologies and technologies which can be applied to correlate, learn and mine, interpret and visualize the cyber security data.

This workshop is timely and interesting for researchers, academics and practitioners in big data processing and analytics, cyber security, cyber defense, security analytics, data mining and machine learning of security data, security information and event management, along with anomaly detection. The workshop is very relevant to the big data community, especially data mining, machine learning, cycler physical systems, computational intelligence, and will bring forth a lively forum on this exciting and challenging area at the conference.
Year(s) Of Engagement Activity 2018
URL http://siwn.org.uk/events/bda4cid/
 
Description Bankademia Workshop 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact Participation in a banking and Academia summit between 15 academics and 15 banking executives/experts on possibilities of joint engagements and funding schemes. Networking.
Year(s) Of Engagement Activity 2018
 
Description Dr T Gross Refining Evidence-Based Methods in Cyber Security Research 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact We hosted a high-profile evidence-based methods workshop. 25 international experts (incl. principal investigators and program committee members of relevant venues) attended a two-day workshop on establishing the current state of play of evidence-based methods in cyber security research as well as that steps to be undertaken to improve the research methodologies employed.

Abstract: Evidence-based methods is a fundamental requirement for authoritative cyber security research. However, recent analyses and community dialogue highlight an outstanding need for the refinement of such methods in this field to enable scientists and practitioners alike; as well as a well understood baseline for reviewers of cyber security research. Similarly, the discourse in other fields, such as medicine or psychology, offers harbingers of possible perils on the road ahead. This workshop sets out to take stock in the present state of evidence-based methods in cyber security research, discuss 'what good looks like' and explore a way ahead to provide a resource for the community and incentivise its uptake. Complemented by keynote inputs, the workshop offers plenty of opportunities for a fruitful dialogue between experts both in plenum and break-out sessions. The participants are invited to form well-argued positions in their discourse to offer guidance to the field.
Year(s) Of Engagement Activity 2019
 
Description Engagement activity with the RISCS (Research Institute in the Science of Cyber Security) 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact We offered insights in the state-of-play of evidence-based methods in security and privacy at the RISCS meeting, incl. a poster presentation.
Year(s) Of Engagement Activity 2017
 
Description Formal Negotiation with NCA on Information Sharing Agreement 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact Negotiation to finalize Information Sharing Agreement with the National Crime Agency (NCA)
Year(s) Of Engagement Activity 2018
 
Description GCHQ Workshop on Establishment of Secure Data Safe Haven 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach Local
Primary Audience Professional Practitioners
Results and Impact The meeting was to prepare the creation of a secure data centre, inter alia meant to enable work on law enforcement data with protective marking, such as from the NCA or other police forces.
Year(s) Of Engagement Activity 2017
 
Description GCHQ/NCSC Meeting to establish cryptographic capacities of the Secure Data Safe Haven 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach Local
Primary Audience Professional Practitioners
Results and Impact Establishing the final security mechanisms of the Secure Data Safe Haven.
Year(s) Of Engagement Activity 2018
 
Description GCHQ/NCSC Top-Brass Workshop 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact Offering a wide range of topics covered by the Academic Centre of Excellence in Cyber Security Research (ACE-CSR). Negotiations on topics of joint interest, incl. PhD topics. Presentation of Secure Data Safe Haven as well as capacities built at Newcastle University.
Year(s) Of Engagement Activity 2017
 
Description Initial Workshop with Financial Conduct Authority 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Third sector organisations
Results and Impact Initial meeting to present research topics of the ACE-CSR and CRITiCaL in financial areas, negotiation on topics of joint interest.
Year(s) Of Engagement Activity 2017
 
Description Keynote on Investigating Human Factors Privacy with Evidence-based Methods. 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact Advocating evidence-based methods, strong experimentation as well as quantitative methods, such as effect sizes and their confidence intervals, for privacy research.
Year(s) Of Engagement Activity 2017
 
Description Meeting with BAe 
Form Of Engagement Activity Participation in an open day or visit at my research institution
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Industry/Business
Results and Impact Scoping meeting with presentation of ACE-CSR and CRITiCaL portfolio to evaluate possible strategic partnership with BAe.
Year(s) Of Engagement Activity 2018
 
Description Meeting with CLUE 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Industry/Business
Results and Impact Conversation on possible collaborations with CRITiCaL and the ACE-CSR, liaison with police forces.
Year(s) Of Engagement Activity 2017
 
Description Meeting with Northumbria Police on Possible Collaborations 
Form Of Engagement Activity Participation in an open day or visit at my research institution
Part Of Official Scheme? No
Geographic Reach Regional
Primary Audience Professional Practitioners
Results and Impact We hosted a workshop with Northumbria Police discussion multiple possible avenues for research engagements with CRITiCaL as well as the Academic Centre of Excellence in Cyber Security Research (ACE-CSR).
Year(s) Of Engagement Activity 2017
 
Description Meeting with Northumbria Police to Discuss Possible Avenues for Collaboration 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach Local
Primary Audience Professional Practitioners
Results and Impact Establishing a list of possible collaborations based on a number of research projects of the ACE-CSR and CRITiCaL.
Year(s) Of Engagement Activity 2018
 
Description Negotiation with Sunderland Council on Data Exchange, based on Structured Abstract 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach Regional
Primary Audience Third sector organisations
Results and Impact We proposed a structured abstract of an research endeavor to Sunderland Council and reached an agreement on a first data exchange for Machine Learning Analysis.
Year(s) Of Engagement Activity 2017
 
Description Presentation to the North East Fraud Forum 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach Regional
Primary Audience Industry/Business
Results and Impact Presentation to ~50 people at the North East Fraud Forum.
Year(s) Of Engagement Activity 2018
 
Description RISCS Community Meeting Contribution on State-of-Play of Evidence-based Methods in Security and Privacy 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact We offered a talk on the results of our Systematic Literature Review on the qualitative completeness of reporting as well as quantitative aspects of security and privacy user studies from major venues in the years 2006-2016.
Year(s) Of Engagement Activity 2017
 
Description Scientific Methods and Approaches for Cyber Security Workshop 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact Interactive workshop on the scientific methods, their challenges and pivotal steps to take. Gathering inputs from practitioners and academics alike in a concept writing exercise and focus group discussions to create a report/position paper.
Year(s) Of Engagement Activity 2008
 
Description Talk on Evidence-based Methods in Research on Stress and Fear on Password Choice 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact Advocating evidence-based methods, rigorous experiment design and estimation theory at STAST.
Year(s) Of Engagement Activity 2017
 
Description Talk on Strength of Evidence in Cyber Security User Studies at RISCS Community Meeting 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact Talk on evidence-based methods, considering strength of evidence, based on a systematic literature review, including sampling methodology and replications.
Year(s) Of Engagement Activity 2018
 
Description Technologies of Crime, Justice and security Conference 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact ~50 people interested in Crime, Justice and Security. Presenting techniques for using AI to help practitioners in these areas.
Year(s) Of Engagement Activity 2018
 
Description Top-Brass NCSC Meeting on ACE-CSR 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Supporters
Results and Impact We hosted a top-brass meeting with NCSC on ongoing and emergent research topics at the ACE-CSR.
Year(s) Of Engagement Activity 2018
 
Description Workshop on Evidence-based Methods in Privacy and Identity Management 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact We held a workshop on the reporting standards in evidence-based methods of privacy and identity management (as well as security in general) as means to improve paper reporting as well as judgment of program committees to evaluate publications soundly.
Year(s) Of Engagement Activity 2017
 
Description Workshop on Trust in Financial Technologies 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact We hosted a workshop on cyber security and trust in financial technologies (FinTech).
Year(s) Of Engagement Activity 2018
 
Description e-Crime and Artificial Intelligence Forum 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Industry/Business
Results and Impact Presentation at a regular forum meeting (e-Crime) on the machine learning approaches which can be taken to help identify potential offenders and those more likely to be attacked.
Year(s) Of Engagement Activity 2018
URL http://akjassociates.com/event/aiforum