Securing Convergent Ultra-large Scale Infrastructures

Digital infrastructures are seeing convergence and connectivity at unprecedented scale. This is true for both current critical national infrastructures and emerging future systems, e.g., smart cities, intelligent transportation, high-value manufacturing and Industry 4.0. Cyber security of such ultra-large scale infrastructures faces unprecedented complexity. Diverse legacy and non-legacy software and hardware compose on-the-fly to deliver services to millions of users with varying requirements and unpredictable actions. This complexity is compounded by intricate supply-chains and the need to deliver resilient operations in the presence of untrusted, partially trusted or compromised elements. The integrated exploration of such ultra-large scale, compositionally secure infrastructures is an imperative need, yet to be comprehensively scoped in the research community. There is an urgent need to pivot our perspective away from piecemeal solutions to one that takes a compositional, adaptive view, anticipating and addressing the security challenges arising from hitherto unprecedented complexity, heterogeneity and connectivity. Furthermore, shifting established research paradigms from an ideal vision of security-by-design to the reality of securing-a-compromised-system is imperative.

SCULI will drive this paradigm-shift to predictable security assurances in the presence of uncertainty. This holds the key to addressing the grand challenge of provisioning security at the societal scale—highly interconnected, dynamic, structureless, on-demand systems and services. To do so, it will deliver rapid research advances in four fundamental but interlinked research challenges:

Predictability at ultra-large scale: How to elicit, specify and validate security assurances for service composition in the presence of uncertainty, dynamism and human behaviour (including addressing direct and indirect dependencies and resulting systemic risks)?
Composition at ultra-large scale: How to compose and orchestrate security provision across diverse and heterogeneous evolving infrastructures with legacy and non-legacy elements that change over a long infrastructure lifespan?
Continual assurance at ultra-large scale: How to reason, to requisite levels of accuracy and at an appropriate pace, about the security state at runtime to provide continuity of oversight and trust, when several elements may be partially trusted, under attack, vulnerable or compromised?
Incident response at ultra-large scale: How to orchestrate incident response in a manner that accounts for heterogeneous incident response practices in constituent systems and provides situational awareness at the necessary pace and resolution for human-machine decision-making?
SCULI's research advances will deliver future security provision in digital infrastructures underpinning society for the next several decades. From a practical standpoint, embracing the challenges of delivering security in the context of such highly distributed, independent (individually) yet co-dependent (collectively), infrastructures is the only way to build a resilient digital backbone for industry and society. From a policy perspective, this is critical to the UK's socio-economic prosperity as reflected in the National Cyber Strategy (December 2021). From a citizens and public discourse perspective, this is key to transforming the narrative on cyber security from fear, uncertainty and doubt to predictable, continual assurance, and accountable decision-making when securing societal-scale infrastructures.