Academic Centre of Excellence in Cyber Security Research - University of Oxford
Lead Research Organisation:
University of Oxford
Department Name: Computer Science
Abstract
Cyber Security Research in the University of Oxford is founded upon the observation that in order to make meaningful progress in this field, a multi-disciplinary approach is needed, and that the research outputs must be firmly grounded in rigorous academic excellence provided by the component disciplines. To this end, we have structured ourselves as a network which links research, teaching, and good practice across many departments of the University. The network comprises researchers and projects of various sizes, with a number of particular flagship large initiatives, which draw in research activity from across the University, including the Centre for Doctoral Training in Cyber Security, the Global Cyber Security Capacity Centre, and the Cyber Studies Programme.
The status as an Academic Centre of Excellence in Cyber Security Research helps to catalyse such initiatives, to bring together researchers in new projects and activities, and to raise the profile nationally and internationally of the research in this area. Our network of projects and academics across the University also provides a context and pool of expertise to refer to when individual academics are making their own grant proposals, as well as a clearing-house for external enquiries - whether from the press, or from companies and others seeking research partners.
The status as an Academic Centre of Excellence in Cyber Security Research helps to catalyse such initiatives, to bring together researchers in new projects and activities, and to raise the profile nationally and internationally of the research in this area. Our network of projects and academics across the University also provides a context and pool of expertise to refer to when individual academics are making their own grant proposals, as well as a clearing-house for external enquiries - whether from the press, or from companies and others seeking research partners.
Planned Impact
The main purpose of this ACE-CSR proposal is for impact. In addition to the pre-existing academic disciplines which benefit from the research through the usual means, the following beneficiaries exist:
* the wider academic community: the breath of concerns faced in the challenges of Cyber Security are not always appreciated by the academic community at large. Some may be undertaking research which might fall into this category, without realising it; others have techniques and expertise which could be brought to bear, but are unaware of the opportunities - for research funding and for engaging with real, pressing problems for society.
* the information security community: practitioners of security and vendors of solutions will always need to drawn on expertise which helps to address new and emerging threats - research which covers those topics which are not yet mundane or every-day in character. The centre will improve communication with this community - both for dissemination
and for motivating new research.
* the public sector: by providing a flagship centre, the University will enable public bodies (as well as the private sector) better to understand the capabilities which it can offer and the partnerships which are possible - in some contexts, the University having much more flexibility in undertaking projects, or a range of untapped expertise hard to assemble elsewhere.
* the general public: the University takes seriously a public education and dissemination mission. Members of the University frequently participate in the Media in order to explain or comment upon issues of security or privacy - and how members of the public are impacted or can protect themselves. Through the better linkages and internal communications
enabled by the centre, this public engagement will be strengthened.
* the wider academic community: the breath of concerns faced in the challenges of Cyber Security are not always appreciated by the academic community at large. Some may be undertaking research which might fall into this category, without realising it; others have techniques and expertise which could be brought to bear, but are unaware of the opportunities - for research funding and for engaging with real, pressing problems for society.
* the information security community: practitioners of security and vendors of solutions will always need to drawn on expertise which helps to address new and emerging threats - research which covers those topics which are not yet mundane or every-day in character. The centre will improve communication with this community - both for dissemination
and for motivating new research.
* the public sector: by providing a flagship centre, the University will enable public bodies (as well as the private sector) better to understand the capabilities which it can offer and the partnerships which are possible - in some contexts, the University having much more flexibility in undertaking projects, or a range of untapped expertise hard to assemble elsewhere.
* the general public: the University takes seriously a public education and dissemination mission. Members of the University frequently participate in the Media in order to explain or comment upon issues of security or privacy - and how members of the public are impacted or can protect themselves. Through the better linkages and internal communications
enabled by the centre, this public engagement will be strengthened.
Publications
| Description | The Academic Centre of Excellence exists to catalyse enagement with the University's research in Cyber Security. The funding is intended to support this through engagement with sponsors and other external parties. Such engagement proceeded well up until the pandemic, as indicated elsewhere in this report. |
| Exploitation Route | In line with the objectives of this funding, the outcomes are chiefly "soft" engagement and introduction to the University's research; this grant is not the place to take forward particular research agendas. |
| Sectors | Digital/Communication/Information Technologies (including Software),Security and Diplomacy |
| Description | This is not a regular reserach grant - no research can be undertaken under this funding. The intended and actual impact is in communication of reserach outcomes and promoting engagement and further activity with researchers across the Univrsity of Oxford. This engagement happened well up until the start of the pandemic, as the list of various activities demonstates, including a number of signficant points of engagement with policy makers and practitioners. This is the kind of engagement that was made very difficult by lockdown, and activities have been heavily curtailed. Some online events have been held, and others are anticipated before the grant ends. |
| First Year Of Impact | 2018 |
| Sector | Digital/Communication/Information Technologies (including Software),Education,Government, Democracy and Justice,Security and Diplomacy |
| Impact Types | Societal,Economic,Policy & public services |
| Description | Commonwealth Parliamentary Association Cybersecurity Programme on Research, Risk and Resilience: Cyber Security and Public Policy: day-long seminar hosted in the University of Oxford for around 30 Commonwealth MPs |
| Geographic Reach | Multiple continents/international |
| Policy Influence Type | Contribution to a national consultation/review |
| URL | http://www.uk-cpa.org/programmes-activities/the-cpa-uk-cybersecurity-workshop/ |
| Description | Evidence to House of Commons Select Committee on Science and Technology on Telecommunications Security |
| Geographic Reach | National |
| Policy Influence Type | Contribution to a national consultation/review |
| URL | https://www.parliament.uk/business/committees/committees-a-z/commons-select/science-and-technology-c... |
| Description | National Cyber Security Centre Small Grants Scheme |
| Amount | £15,722 (GBP) |
| Organisation | Government Communications Headquarters (GCHQ) |
| Sector | Public |
| Country | United Kingdom |
| Start | 11/2017 |
| End | 07/2018 |
| Description | Workshop: Industry 4.0 and Supply Chain Cyber Security |
| Amount | £6,500 (GBP) |
| Organisation | National Cyber Security Centre |
| Sector | Public |
| Country | United Kingdom |
| Start | 12/2018 |
| End | 02/2019 |
| Description | Workshop: Towards a Smarter Research Ethics in Cyber Security |
| Amount | £3,739 (GBP) |
| Organisation | National Cyber Security Centre |
| Sector | Public |
| Country | United Kingdom |
| Start | 11/2017 |
| End | 01/2018 |
| Description | Workshop: Towards smarter research ethics in data science |
| Amount | £1,100 (GBP) |
| Organisation | Alan Turing Institute |
| Sector | Academic/University |
| Country | United Kingdom |
| Start | 05/2018 |
| End | 05/2018 |
| Description | Adjunct Professor at Griffith University, Queensland Australia |
| Organisation | Griffith University |
| Country | Australia |
| Sector | Academic/University |
| PI Contribution | Andrew Martin has been appointed Adjunct Professor in the INSTITUTE FOR INTEGRATED AND INTELLIGENT SYSTEMS in Griffith University. He has visited twice, giving four research seminars so far, and undertaken a variety of research discussions - not yet leading to funded projects, but which are anticipated in future. |
| Collaborator Contribution | Prof. Dong, who is a formal collaborator for the Smart Grid Security and Privacy project (the project was established in a joint call with Sinagpore; he is PI for that side of the project, at the National University of Singapore) now divides his time between Singapore and Griffith University, where he directs the Institute. He has facilitated this collaboration, and informally brings his research team there into the project. |
| Impact | Four research seminars at Griffith University and, sponsored by Griffith, for the Queensland Government. |
| Start Year | 2017 |
| Description | Lloyd's Register Foundation Foresight Review: Operational Cyber Security for the Industrial Internet of Things |
| Organisation | Lloyd's Register Foundation |
| Country | United Kingdom |
| Sector | Charity/Non Profit |
| PI Contribution | This collaborative project is co-led by Sadie Creese (member of the ACE), and managed by Katherine Fletcher (part-funded by the ACE). The project co-leads were Robert Hannigan (BlueVoyant) and Ali El Kaafarani (PQShield). |
| Collaborator Contribution | The other project co-leads are Ali El Kaafarani (possible candidate for Oxford ACE membership in the next round) and Robert Hannigan. Together, the project leads (and other project members: Doctoral and Postdoctoral researchers at Oxford) convened a series of workshops to inform a report on operational cyber security for industrial IoT applications. The report has now been published, and the Oxford team is still leading efforts to disseminate the findings and build a coalition to follow up on key recommendations. |
| Impact | This project resulted in a Foresight Review on Cyber Security for the Industrial IoT, which is publicly available on the Lloyd's Register foundation website, in English and Spanish: https://www.lrfoundation.org.uk/en/publications/download-foresight-review-on-cyber-security/. |
| Start Year | 2019 |
| Description | APPG-AI |
| Form Of Engagement Activity | A formal working group, expert panel or dialogue |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Policymakers/politicians |
| Results and Impact | Various members of the Academic Centre of Excellence in Cyber Security Research take part in the APPG on AI: Marina Jirotka's ORBIT project is rapporteur for the APPG, and Professor Jirotka gave evidence at Evidence Meeting 2 (27 March 2017). The Oxford ACE Network Coordinator has attended several of these meetings, and arranged for Oxford's Sandra Wachter to give evidence (11 September 2017) and contributed to discussions. Informally, this networking has resulted in seminars given in Oxford and exchange of ideas. |
| Year(s) Of Engagement Activity | 2017,2018 |
| URL | http://www.appg-ai.org/ |
| Description | CDT Project Matchmaking |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | Regional |
| Primary Audience | Professional Practitioners |
| Results and Impact | In October 2017, the ACE Network Coordinator organised a matchmaking workshop, to introduce industry and policy-making partners to researchers from the ACE network in Oxford, in hopes we could co-develop projects which students in the Centre for Doctoral Training could take forward. This has led to at least 2 submissions of projects (final decisions to be made in late March 2018). |
| Year(s) Of Engagement Activity | 2017 |
| Description | Capture the Flag team |
| Form Of Engagement Activity | A formal working group, expert panel or dialogue |
| Part Of Official Scheme? | No |
| Geographic Reach | Local |
| Primary Audience | Postgraduate students |
| Results and Impact | GCHQ gave a small grant in 2017 to Professor Andrew Martin (declared in this ResearchFish return), which supported outreach activities: Cyber Security students have started a successful Capture-the-Flag team, which has given rise to the Oxford University Competitive Cyber Security Club. The Club used GCHQ's financial support to run special competititons to engage undergraduate students (coming from a variety of backgrounds, not just "security-relevant" degree courses). This has been great exposure for our field, motivating new students to get involved in our area and help address the Cyber skills shortage identified by the UK Government. |
| Year(s) Of Engagement Activity | 2017,2018 |
| URL | https://ox002147.gitlab.io/about.html |
| Description | Cyber Security Research Ethics workshop |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | Regional |
| Primary Audience | Professional Practitioners |
| Results and Impact | With support from GCHQ (listed in this ResearchFish return), the ACE Network Coordinator and network researchers organised a workshop on 12 December 2017, on Research Ethics and Cyber Security. This brought together academic researchers from multiple universities, members of their Research Ethics Boards and administration teams, companies that conduct research related to Cyber Security, and a representative from the National Cyber Security Centre. The workshop was very successful: plans were made to take this concept forward on a national scale, and funding has been received from the Alan Turing Institute (funding formally granted to an academic from the University of Cambridge, in collaboration with Oxford staff) to host a similar workshop in May 2018. This workshop will include members of EPSRC, ESRC, Dstl, and various companies, in addition to academic participants. |
| Year(s) Of Engagement Activity | 2017 |
| Description | Cyjax interactions |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | Local |
| Primary Audience | Professional Practitioners |
| Results and Impact | The ACE Network Coordinator has developed a relationship with Cyjax, a company specialising in Threat Intelligence. This has flourished into a collaborative relationship: The company has taken part in miniproject matchmaking (Discussed as an earlier activitiy), offered a Deep Dive visit to Oxford students, and given access to its data to several students, whose research projecst are of interest to the company. The company is now on the Advisory Board of Oxford's Centre for Doctoral Training in Cyber Security: discussions are currently (March 2018) underway regarding meanigful financial support for Oxford research, on topics of mutual interest. The company also now provides threat intelligence to the University of Oxford Department of Computer Science. |
| Year(s) Of Engagement Activity | 2017,2018,2019 |
| Description | Engagement with BGI |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | Local |
| Primary Audience | Professional Practitioners |
| Results and Impact | In January 2018 we initiated contact with BGI, an insurance brokerage located near Oxford. We have discussed the potential for co-created student research projects, and are also hoping to invite representatives from BGI to a forthcoming project workshop on cyber security risk and the insurance sector. |
| Year(s) Of Engagement Activity | 2018 |
| Description | Engagement with Context Information Security |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | Regional |
| Primary Audience | Professional Practitioners |
| Results and Impact | In January 2018 we initiated contact with Context, a cyber security firm based in London. We have explored avenues for joint research and sponsorship of students, and hope to take this forward with meaningful financial support for the Centre for Doctoral Training in Cyber Security in 2018. |
| Year(s) Of Engagement Activity | 2018 |
| Description | Engagement with Department for Transport |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Policymakers/politicians |
| Results and Impact | In January 2018 we initiated contact with the Cyber Security policy researchers at the Department for Transport. After a successful exploratory meeting, we agreed that there was scope for collaboration. As of March 2018 one student has been put in contact with our contacts at DfT to discuss a research project, and we expect that more collaborations will emerge over time. |
| Year(s) Of Engagement Activity | 2018 |
| Description | Engagement with Transport for London |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | Regional |
| Primary Audience | Professional Practitioners |
| Results and Impact | In February 2018 we initated a relationship with the Cyber Security Analyst team at Transport for London, exploring areas of potential mutual interest. We feel there may be scope for co-created research projects, which we will explore in 2018. |
| Year(s) Of Engagement Activity | 2018 |
| Description | Engagement with the Satellite Applications Catapult |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | Local |
| Primary Audience | Industry/Business |
| Results and Impact | In February 2018 we initiated contact with the Satellite Applications Catapult, to explore avenues for engagement. We discovered areas of mutual interest and hope to turn this into concrete interaction via Oxford's Centre for Doctoral Training in Cyber Security, with co-created student research projects. The STA also offered to investigate hosting a workshop bringing together members of its SME ecosystem, to discuss potential research projects of interest to Cyber Security and Mathematics researchers. |
| Year(s) Of Engagement Activity | 2018 |
| Description | Helped organise National PhD Winter School |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Postgraduate students |
| Results and Impact | Andrew Martin served as one of the co-convenors of the UK National PhD Winter School, funded by NCSC and EPSRC, in Newcastle, January 2020. It was attended by 120 PhD students from across the ACE-CSR community. It promoted both advanced education of those students, and their network-building. |
| Year(s) Of Engagement Activity | 2019 |
| Description | Meet Commonwealth Parliamentary Association UK |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Policymakers/politicians |
| Results and Impact | ~25 MPs from Commonwealth countries (and... was it Libya?) visited Oxford on 25 February 2020, to discuss Cyber Security. We provided presentations from (XYZ).... which sparked questions and discussion afterwards, and the Oxford University Policy Engagement Officer reported... |
| Year(s) Of Engagement Activity | 2020 |
| Description | Meet Warner Brothers |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Industry/Business |
| Results and Impact | Members of the Oxford ACE met with representatives of Warner Brothers, to discuss potential avenues for engagement. While several topics might be worth exploring in future, we were not able to identify any specific next steps. This in itself was useful, since both parties now have contacts in the relevant organisations, should relevant questions arise, even if there is no concrete follow-up at the moment. |
| Year(s) Of Engagement Activity | 2017 |
| Description | Participation in CyberInvest meetings |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Industry/Business |
| Results and Impact | As an Academic Centre of Excellence in Cyber Security Research, we are invited to attend CyberInvest meetings, where the ACE Universities are introduced to companies who are looking to invest in UK academic research in our field. We have attended a number of these events (at London in March 2016, Nova South in November 2017, Liverpool March 2018, Manchester in April 2018, Stratford on Avon in June 2018, etc) and have made several good contacts. |
| Year(s) Of Engagement Activity | 2017,2018 |
| Description | Participation in Oxford Cyber Cluster |
| Form Of Engagement Activity | A formal working group, expert panel or dialogue |
| Part Of Official Scheme? | No |
| Geographic Reach | Regional |
| Primary Audience | Professional Practitioners |
| Results and Impact | The ACE Network Coordinator is an active member of the Oxford Cyber Cluster, part of the UK Cyber Security Forum cluster network. The Cluster exists to provide an independent source of cyber secutiyy news and information for the Oxfordshire business community, and to create a network amongst cyber security practitioners. Whilst there has not been any direct tangible outcome of membership, being part of this network is a useful way to keep in touch with developments in our local area. In the longer term, we hope to develop ideas for research projects which would be of interest to our local community. We have also used the Cluster as a way to improve our links to Oxford Brookes University, who also does teaching in research in this area, and with whom it would be sensible to work together on areas of joint interest. We have discussed running joint recruitment/outreach events (e.g. a capture-the-flag type challenge), inviting each other's researchers to give seminars, and potentially co-developing a "Smart House" test environment which both universites could make use of. We haven't got any tangible success yet but we would never even have had these discussions were it not for the Cluster. |
| Year(s) Of Engagement Activity | 2017,2018 |
| URL | https://www.oxcyber.uk/cx/ |
| Description | Semiar (and reserach residency) Cyber War Crimes: Mitigating Civilian Impact in Nation-State Cyberattacks |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Postgraduate students |
| Results and Impact | During the pandemic, we hosted a Fulbright Scholar, Tarah Wheeler, on a Fulbright Scholarship visiting from the Belfer Centre at Harvard. She engaged widely with UK practitioners and policy-makers in collaboration with Lord Alderdice. (He is not formally a member of the ACE-CSR, so this is not listed as a project Collaboration, but the ACE-CSR provided support and context to the visit). The formal engagement with the ACE-CSR came with a public seminar (presented online due to the pandemic) entitled Cyber War Crimes: Mitigating Civilian Impact in Nation-State Cyberattacks. It was moderated by an external parner (a journalist) and attracted a broad audience. The work has given rise to a further more substantial research project. |
| Year(s) Of Engagement Activity | 2021 |
| URL | http://www.cs.ox.ac.uk/seminars/2385.html |
| Description | Seminer: Fighting the cyber - national security policy and operations in the digital age |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | Two presentations in one session presented during lockdown, presented to a wide audience, mainly advertised to alumni and centre supporters. Fighting the cyber - national security policy and operations in the digital age -- Prof. Ciarian Martin (Oxford Blavatnik School of Government; previously NCSC CEO) Another day, another threat: Cyber Security in the University during a Pandemic -- Graham Ingram (CISO, University of Oxford) Outcome is increased engagement across the community with Oxford Cyber Security activities, as well as educational outcomes for indivudual participants. |
| Year(s) Of Engagement Activity | 2021 |
| URL | https://www.eventbrite.co.uk/e/oxford-security-alumni-network-inaugural-event-tickets-142495777707 |
| Description | Visit Roke |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | Regional |
| Primary Audience | Professional Practitioners |
| Results and Impact | Visit Roke to explore avenues for engagement: this has resulted in Roke joinng the Advisory Board of the Centre for Doctoral Training in Cyber Security at the University of Oxford, collection of several topics which are ripe for industry-academia collaboration, and the creation/testing of an electronic system to facilitate sharing of project ideas in future. We also now have a license to use Roke's software for academic research at the University of Oxford. We are currently (March 2018) exploring meaningful financial support for cyber security research at Oxford which would be of direct interest to Roke, and our Capture the Flag team is discussing running training exercises with Roke staff on cyber security. |
| Year(s) Of Engagement Activity | 2017 |
| Description | Workshop: Industry 4.0 and Supply Chain Cyber Security |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Industry/Business |
| Results and Impact | Workshop held 14 January 2019 in Oxford, to discuss cyber security for supply chains for just-in-time production and Industry 4.0. Attended by a mix of academics and industry (approximately 50-50 split). This workshop was funded by an NCSC Small Grant. |
| Year(s) Of Engagement Activity | 2019 |
| Description | Workshop: Towards a smarter research ethics for Cyber Security |
| Form Of Engagement Activity | A formal working group, expert panel or dialogue |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Other audiences |
| Results and Impact | We organised a workshop on research ethics processes for Cyber Security research, which involved researchers from the ACE Universities, colleagues from the National Cyber Security Centre, and people working in industry. The goal was to identify a community of people interested in developing better review processes, to be used by academia, industry, etc. This event (supported with a small grant from NCSC) contributed to several outcomes: - further funding raised to hold a workshop in May 2018 at the Alan Turing Institute - the establishment of a Research Ethics Board in the Computer Science Department at Oxford University - ongoing discussions within Oxford to develop research ethics/risk assessment processes for internal use (one form already in use, as of 2019) - ongoing discussions with colleagues across the UK (in industry and academia) to share best practice - ongoing attempts to raise funds to turn this into a properly resourced project, to develop tools for ethics oversight of the emerging fields of cyber security and data science. |
| Year(s) Of Engagement Activity | 2017 |