30 September 2014 11:30

Lancaster University research will enable business leaders to take more informed decisions about protecting critical infrastructure from cyber attack.

Working with industrial partners Airbus, Raytheon and Thales, experts from Lancaster University’s Security Lancaster Research Centre are researching how to provide business decision-makers with smarter information about cyber risk. This will enable bosses and workers to mitigate against potential attacks.

The ‘MUMBA’ project is specifically focused on threats to ‘industrial control systems’, which manage key infrastructure such as manufacturing plants, power stations, electricity grids, and transport networks. These systems are increasingly connected to the internet, which makes them potentially more vulnerable to cyber-attack from those with hostile intent.

Professor Awais Rashid, lead scientist on MUMBA and director of Lancaster University’s Security Lancaster research centre, said: “This research is about understanding the cyber security risks at the intersection of people and technology. If you give people lots of technical metrics that they don’t understand you get poor decision-making.

“Risk decisions are made not only at board and management level but also by those working with industrial control systems on a day-to-day basis. Our project will produce a software tool that will allow professionals to more effectively understand and visualise risks to industrial control systems.”

The research project, which has received £393,867 funding by the Engineering and Physical Sciences Research Council (EPSRC), will also study the implications of particular security decisions in 20 - 30 years’ time given long operational life of such systems. This will provide information to ensure much needed future-proofing of critical connected infrastructure.

The project aims to become a cornerstone for future research into articulating and translating cyber risk into metrics that can be understood by leaders as business risks.

The project builds on and extends an already extensive programme of research at Lancaster on understanding and mitigating cyber risks to industrial control systems.

The Lancaster University research forms part of a wider £2.5million research programme that is led by Imperial College London and also includes Queen’s University of Belfast, the University of Birmingham, and City University London.

More information about Lancaster University’s Security Lancaster research centre can be found at: http://www.security-centre.lancs.ac.uk