Academic Centre of Excellence in Cyber Security Research - University of Northumbria at Newcastle

Lead Research Organisation: Northumbria University
Department Name: Fac of Health and Life Sciences

Abstract

Northumbria University applies knowledge from multiple disciplines, into digital security through the work of the Cyber Security Research Group (CSRG) - a cross university group that combines (i) technical research on biometric encryption, wireless sensor networks, web security protocols, sonification and image recognition, with (ii) human-centred work on usable security, privacy, trust and behaviour change.
Our work ensures that the individual disciplines optimise their contribution to their own discipline, while working together to understand the point of interaction; the different strengths and weaknesses of computers and humans and how they can best work together to defend the enterprise.
The vision of this research group is to secure our digital tomorrow by maximising technological developments, understanding human cybersecurity behaviours and exploring the factors that influence behaviour change including design, law, policy and the social context. We seek to optimise our citizens behaviours as cyber-defenders as well as optimise our technology defences against intrusions.
Northumbria's Digital Living theme provides an opportunity to integrate work across the computational & behavioural sciences, law and design, particularly around secure Big Data & IoT, personal security across the lifespan and building resilient smart cities (where we are currently working in partnership with Newcastle University and Newcastle & Gateshead City Councils as part of the EPSRC funded Urban Living Partnership). In addition as part of the Health and Social Care multidisciplinary research theme, we are growing our research focusing on cybersecurity in the health and social care domains as they struggle to reconcile advances in personal informatics, AI and embedded wireless medical devices with outdated legacy systems, poor security behaviours and vulnerable populations.
We will achieve this vision by (i) incorporating multiple disciplines to broaden our understanding of cybersecurity behaviours. This will include law, ethics, policy and design. (ii) exploring how best to facilitate cybersecurity behaviour change (iii) exploring the needs of diverse populations and designing for inclusivity. At the same time work will continue to (iv) build adaptive technology defences for access control, network intrusion detection and phishing detection - thus reducing the burden on users.

Planned Impact

CSRG has a good track record of policy and practice impact in the areas of biometrics, forensics, network intrusion, surveillance and human aspects of cybersecurity and this will remain the focus if the ACE is successful.

In regard to policy: CSRG recognises the importance of emerging policy developments for cybersecurity in the UK and the EU, particularly around new areas such as cybersecurity and digital forensics. To achieve policy impact we will engage with a number of networks including RISCS, the National Centre for Cyber Security (NCSC) and the scientific advice mechanism of the European Commission and UK networks such as the newly awarded TIPS Network+ (where Coventry has been asked to join the Expert Panel) and the Not-Equal Network+ (where Briggs is interim PI and where cybersecurity is one of three core themes). We will build on our existing work, where we delivered two UK Government Office for Science reports, produced a state of the art review for ESRC on 'Cyber Situational Awareness' and made a contribution to Blackett Review and the Secure by Design initiative on the Internet of Things (IOT). We have also made a contribution to the House of Commons Science and Technology Committee Report on Responsible use of Data (November 28th, 2014) and have worked proactively with Skills for Justice, the National Occupational Standards; Northumbria Police; CPE-ASET; European Network & Information Security Agency) and the APPG on Cyber Security. We will continue to provide comment to any parliamentary discussions or green papers.

In regard to business and community engagement, we will build on our track record of working with SMEs, charities and the public sector as part of Create FUSE North East. Within this context in partnership with Northumbria Police we hosted A Cyber-Wellbeing Solution Hack to explore cybersecurity solutions. We have hosted several educational workshops for members of the University of the Third Age (U3A) where members discussed topics including user authentication, phishing, and privacy settings. Through our new multidisciplinary centre for Policing, Crime and Criminal Justice we will continue to seek impactful activities in these areas. Through our EU and EPSRC funding we will continue to work with companies with regards to cybersecurity insurance and with Health Trusts and hospitals to improve cybersecurity within the Health domain. Nationally, we have secured good partnerships with, inter alia, CESG and the new National Cyber Security Research Centre; British Telecom; Hewlett Packard Enterprise; Price Waterhouse Cooper; Microsoft Research, Atom Bank, Cambridge, AXA and the Home Office. Internationally we are working with Future Cities Lab 2 (Singapore), Pacific Northwest National Laboratories (USA); Mobile Life Centre (Sweden) and Smart Living Lab (Switzerland), Qatar Police and Qatar Ministry of Interior seek to test our Video Surveillance innovations and potentially apply them to FIFA 2022 . Coventry is on the research board of Cybsafe and will provide input into their research strategy.

To ensure businesses and healthcare are engaged, the work will be disseminated directly to national bodies such as CBI, and regional agencies including the LEPs and Health Trusts. We will seek to disseminate our work at industry-government events such as Cyber UK in Practise and through SASIG which specialises in taking human behaviour views to industry.

In regard to public understanding and dissemination: We will create a project website, where findings and outputs from the research group will be hosted. The website will also allow for the collection of participant and public responses, as well short briefing notes. Social media outputs including Facebook and Twitter will be incorporated into the communication strategy and links to other relevant projects. Our communication will be predominately public/business facing rather than researcher facing.

Publications

10 25 50
 
Description This award does not fund original research but is designed to build capacity and improve knowledge exchange in cybersecurity. Throughout 2022 and 2023 members of the Northumbria Cyber Security Group have engaged fully with other UK networks (attending workshops and sandpits organised by SPRITE, PETRAS, REPHRAIN) and have organised their own meetings with key government departments (Cabinet Office, Ofcom, ICO), with regional professional networks (CyberNorth) and with international organisations (International CyberCrime Centre, Vancouver; University of Lisbon, University of British Columbia) to ensure that methods and findings from Northumbria colleagues are able to influence approaches to cybersecurity training and to professional practice.
Exploitation Route Some of the work will be incorporated into Northumbria's new Centre for Doctoral Training in Citizen-Centred AI. Future workshops and placements with Ofcom are planned. Future collaborative work is planned for 2024 with both the International CyberCrime Centre (SFU Vancouver) and also with University of British Columbia.
Sectors Digital/Communication/Information Technologies (including Software)

Security and Diplomacy

 
Description We have set up training for older adults in the region on cybersecurity. They will act as "guardians" to spread good practise within their peers. We are also working to improve cybersecurity literacy in teenagers. We are part of the NorthEast Cybersecurity Dynamo - advising SMEs in the area on best practise and our students run a cybersecurity clinic. We have advised the BBC licensing board on how to advertise and management requests to adults over 75 to buy a licence to reduce the possibility of fraud. We are submitting an impact case study to the REF on our impact in cybersecurity behaviours We have consultancy with the government to produce a cybersecurity culture change program for government.
Sector Digital/Communication/Information Technologies (including Software),Education,Financial Services, and Management Consultancy,Government, Democracy and Justice
Impact Types Societal

Economic

 
Description Online workshop: including public voices in responsible AI research and practice
Geographic Reach National 
Policy Influence Type Contribution to a national consultation/review
 
Description (PANACEA) - Protection and privAcy of hospital and health iNfrastructures with smArt Cyber sEcurity and cyber threat toolkit for dAta and people
Amount € 4,961,144 (EUR)
Funding ID 826293 
Organisation European Commission 
Sector Public
Country European Union (EU)
Start 01/2019 
End 12/2021
 
Description Centre for Digital Citizens
Amount £370,628,536 (GBP)
Funding ID EP/T022582/1 
Organisation Newcastle University 
Sector Academic/University
Country United Kingdom
Start 11/2020 
End 11/2025
 
Description Centre for Digital Citizens - Next Stage Digital Economy Centre
Amount £3,797,252 (GBP)
Funding ID EP/T022582/1 
Organisation Engineering and Physical Sciences Research Council (EPSRC) 
Sector Public
Country United Kingdom
Start 11/2020 
End 10/2025
 
Description PrivIoT - Understanding and Mitigating Privacy risks of IoT Homes with Demand-Side Management
Amount £170,601 (GBP)
Organisation PETRAS National Centre of Excellence 
Sector Academic/University
Country United Kingdom
Start 11/2022 
End 07/2023
 
Description Collaboration with Imperial College London on the future of Digital Identity 
Organisation Imperial College London
Country United Kingdom 
Sector Academic/University 
PI Contribution Contributing to a workshop and document: 'Future Identities: Changing Identities in the UK, 10 years on'. The aim is to reflect on a decade of progress since we co-authored the 2012 Government Office for Science technology foresight report on how identity in the UK might change over the coming decade.
Collaborator Contribution Contributing to a workshop and document: 'Future Identities: Changing Identities in the UK, 10 years on'. The aim is to reflect on a decade of progress since we co-authored the 2012 Government Office for Science technology foresight report on how identity in the UK might change over the coming decade.
Impact The aim is to produce a new report but this is in progress
Start Year 2023
 
Description Collaboration with International CyberCrime Research Centre (ICCRC) 
Organisation Simon Fraser University
Country Canada 
Sector Academic/University 
PI Contribution Visit to ICCRC by P Briggs in summer of 2022 to engage in initial discussions around future collaboration, and to describe the work of the Northumbria Cyber Security Group
Collaborator Contribution Visit to Northumbria by R. Frank (director of the IRCC) in September 2023 to discuss the possibility of running future collaborative summer schools, followed by a discussion about future funding.
Impact papers are under development between SFU criminology collaborators and Northumbria authors. One has been submitted to the ACM Conference on Computer Human Interaction and another is in progress. A joint presentation was made to the Western Criminology Society Conference.
Start Year 2022
 
Description Horizon 2020 Gemelli Hospital 
Organisation Agostino Gemelli University Polyclinic
Country Italy 
Sector Hospitals 
PI Contribution Working with Gemelli and other instituitions as part of an EU horizon 2020 project. We are working with their staff to identify poor cybersecurity behaviours; barriers to change and designing interventions to support behaviour change
Collaborator Contribution gemelli lead the consortium and have provided access to staff in the hospital
Impact 3 papers and a new toolkit have been developed
Start Year 2019
 
Description Citizen-Centric Artificial Intelligence Systems 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Industry/Business
Results and Impact A workshop held at the Royal Society where P Briggs was involved in a panel on Citizen Centred AI (organised by Southhampton University) and discussed some of the cybersecurity issues in relation to AI.
Year(s) Of Engagement Activity 2023
URL https://www.linkedin.com/pulse/ccais-workshop-2023-ccais-h1vie/?trk=public_post_main-feed-card_resha...
 
Description Cyberfest 2023 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach Regional
Primary Audience Professional Practitioners
Results and Impact Two workshops given as part of the 2023 CyberFest conference organised by Cyber North. The first was "AI - The fakes just got real" held on 12 September. The second, "Cybersecurity Culture and Peer Support" was held on 14th September, 2023.
Year(s) Of Engagement Activity 2023
URL https://cybernorth.biz/cyberfest/
 
Description Workshop with Ofcom on Online Harms and the impact of AI 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact Two day workshop with representatives from Ofcom to discuss the implictions of the new Online Safety Bill and to discuss the implications of Generative AI for Ofcom regulation
Year(s) Of Engagement Activity 2023