Dr Adrian Venables - The Importance of good process in Maritime Cyber Security22nd March 2018
Dr Adrian Venables to present "The Importance of good process in Maritime Cyber Security" at Security Lancasters March Seminar. Adrian Venables is a Commander in the Royal Naval Reserve, independent cyber security consultant and honorary researcher at Lancaster University, he has worked for both government and industry clients advising on computer security, including a part time role at the UK’s Defence Cyber School.
Date: 22st March 2018
Time: 13.00pm - 14.00pm
Location: FASS Meeting Room 2
Followed by Tea, Coffee & Biscuits.
The use of the cyber security triad of confidentially, integrity, and availability is well established in describing the necessary attributes to ensure that information is safeguarded. To achieve each of these elements, another trio of factors is often considered comprising people, process and technology. Although advocates of this triptych of capabilities have previously acknowledged the equal status of each one, increasing importance is now being placed on the technology and people components and less on the process aspect. This has been demonstrated by some cybersecurity practitioners who have emphasised that security technology is at the heart of the enterprise and in the increasing focus of training and upskilling people who have been largely regarded as the greatest single vulnerability in any organisation.
This has resulted in the role of process attracting less interest in terms of resources and emphasis, which is now at risk of becoming the significant weakness within an overall security posture. This paper seeks to address this shortcoming by considering how the role of the process element of cybersecurity can be emphasised by highlighting its importance and, in using the maritime sector as a case study, what factors should be considered by policy makers to produce effective and efficient processes to align the technological and people elements as part of a comprehensive cyber security strategy.
Dr Adrian Venables, served in the Royal Navy for 24 years as a Communications, Warfare, and Intelligence officer and was responsible for the provision and security of a range of Information Systems worldwide, including the management of specialist teams deployed to operational theatres.
Since leaving the Service, he has published a series of journal articles and research papers on the cyber threat landscape and its use by state and non-state actors for espionage, sabotage, and subversion within the maritime environment. A Certified Information System Security Professional and Certified Information System Manager, he holds seven computing and cyber security based degrees and is a Chartered Information Technology Professional Fellow of the British Computing Society, Chartered Engineer Member of the Institution of Engineering Technology and Fellow of the Chartered Management Institute.
More about the Defence Cyber School can be found here:
The Seminar Series is open to all, so please feel free to drop-in on the day, or register your interest by contacting Paul Bennett for more details.
Lancaster University students to take on Inter-ACE cyber security challenge16th & 17th March 2018
Students from Lancaster University will be competing in the largest ethical hacking challenge for university students in the UK. The eight Lancaster students are taking on competitors from 17 of the UK’s other leading cyber security universities in a two-day cyber security competition, Inter-ACE, which is organised by the University of Cambridge.
Now in its third year, Inter-ACE is supported by GCHQ’s National Cyber Security Centre to attract the best young minds into careers in the sector.
Up for grabs is £10,000 in cash prizes and the opportunity to compete with the best of the USA in ‘Cambridge2Cambridge’, a transatlantic contest to be held later this year.
Two teams of four students from Lancaster will be taking their place among the 134 competitors, organised into 34 teams from 18 UK universities. They will face over 20 challenges set by experts from the University of Cambridge and sponsors including Context IS and Palo Alto Networks. The two-day event, taking place at the University of Cambridge on the 16th and 17th March 2018, will culminate in a ceremonial dinner at Trinity College, Cambridge.
Inter-ACE will simulate a number of scenarios, including working to prevent a cyber-attack on the infrastructure of a fictional city and the results of a successful tap on an undersea data cable. Competitors will develop and hone penetrative testing skills. These skills include the binary reverse engineering of malware, breaking into a web application such as an online payment system, decoding secure communications and piecing together intercepted data.
Ollie Cuffley, one of the Lancaster team members, said: “We're really looking forward to putting the skills that we've learned as part of the Ethical Hacking Group here at Lancaster and during our courses to use in real-world challenges. This is also a fantastic chance to meet our counterparts at other universities and build lasting connections with like-minded people.”
Professor Frank Stajano of the University of Cambridge, the founder of Inter-ACE, said “Protecting IT and infrastructure means understanding how it can be attacked. The head of the National Cyber Security Centre, Ciaran Martin, is absolutely right in that a major cyber-attack on the UK is a now matter of “when, not if” and we must recognise that the UK faces an urgent skills shortage.
“Inter-ACE gives future cyber security professionals the opportunity to test their skills against the best and meet others in their field and future employers. This is about engaging with the next generation of cyber security talent, and raising awareness of this vital, interesting and exciting career choice.
“It’s also about making the good work of cyber security professionals much more visible. Like other initiatives such as NCSC’s CyberFirst programme, the interesting experiences of the University students taking part in this year’s event will help to inspire those currently at school to consider a rewarding career in this field.”
Chris Ensor, Deputy Director for Skills and Growth at the NCSC, said: “The InterACE competition is a fantastic way to encourage bright young minds to hone their cyber knowledge further and meet like minded people.
“The cyber threat is growing, and so making sure that young people have the cyber security skills to help protect us has never been more important. We at the NCSC hope the entrants will be inspired – and can perhaps inspire others – into starting a thrilling career defending the UK and helping make it the safest place to live and work online.”
Established through the UK’s National Cyber Security Strategy and supported by GCHQ’s National Cyber Security Centre, the competition is sponsored by Microsoft, BT, Palo Alto and Context IS.
The 18 universities sending teams to Inter-ACE are Queen’s University Belfast, the University of Birmingham, the University of Cambridge, Cardiff University, De Montfort University, the University of Edinburgh, Edinburgh Napier University, Imperial College London, the University of Kent, Lancaster University, Newcastle University, the University of Oxford, Royal Holloway University of London, the University of Southampton, the University of Surrey, University College London, the University of Warwick and the University of York.
The Lancaster team is sponsored by Holker IT and Fujitsu.
A MAJOR CYBER ATTACK HAS OCCURRED. HOW SHOULD YOUR NATION RESPOND?26th & 27th February 2018
We frequently hear the terms “Cyber 9/11” and “Digital Pearl Harbor,” but what might policymakers do the day after a crisis? The Cyber 9/12 Student Challenge is an annual cyber policy competition for students across the globe to compete in developing national security policy recommendations tackling a fictional cyber catastrophe. In 2018, the Student Challenge will take place in London, United Kingdom in February, Washington, DC in March, and Geneva, Switzerland in April.
What is this challenge about?
Now entering its sixth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges associated with cyber crisis and conflict. Part interactive learning experience and part competitive scenario exercise, it challenges teams to respond to a realistic, evolving cyberattack and analyse the threat it poses to national, international, and private sector interests.
Students have a unique opportunity to interact with expert mentors and high-level cyber professionals while developing valuable skills in policy analysis and presentation. The competition has already engaged over 700 students from universities in the United States, United Kingdom, France, United Arab Emirates, Poland, Switzerland, Austria, Hungary, Sweden, Finland, and Estonia.
Led by Daniel Price (Associate Director and Business Partnerships Manager for Security Lancaster) and advised by Mark Lacy from the Politics, Philosophy and Religion Department, the Lancaster University team was comprised of Ric Derbyshire, James Boorman, Wojciech Strupczewski and Karena Kyne.
“Imminent cyber war, keynote speakers of the highest calibre, and drinks on the 34th floor. Or in other words, a weekend away for the Lancaster University interdisciplinary team at the Cyber 9/12 event organised by the Atlantic Council at the BT Tower in London.
Based on an analysis of the above, our team went on to develop a set of policy recommendations aimed at countering said threat vectors. These recommendations were divided up across tactical, operational, strategic and policy action-levels, as well as the short, medium and long-term time frames.
Composed of both computer science and International Relations academics, our team employed a dual technical and political approach.
With the exercise scenario including such aspects as aviation networks, stock exchange tampering and social media manipulation, technical expertise was of paramount importance, as was our ability to effectively merge it with a policy-side approach aimed at developing politically feasible and coherent recommendations.
The necessity of this multi-faceted approach was a demanding challenge but in the end, both beneficial and rewarding to all of us. Integrating such disparate skills led us all to grow significantly as professionals.
Once at the event, we were able to present our work to a panel of judges, composed of top-tier executives from the cyber divisions of multi-national banks, internet corporations and the government.
In addition to our presentation, we had the pleasure of attending an array of fascinating panels that all included the same top brass from both the public and private sector, as well as keynote addresses delivered by prominent figures in the cyber community.
Besides these more professionally-oriented activities, we were able to enjoy lunches and drinks at the BT Tower, networking with members of other universities as well as the judges and keynote speakers. The most memorable of all was the opportunity to enjoy a few drinks as well as the assembled company, on the 34th floor of the BT Tower, which provided a magnificent view over the entirety of London. Needless to say, numerous selfies were taken.
In the evenings, our team enjoyed dinners in the city, relaxing after a day of hard work, with some socialising thrown in.
All in all, it was a superb event that we all fully enjoyed. Not only were we able to expand our professional skillsets in an interdisciplinary working group, but had the opportunity to learn and network with prominent figures from the cyber community, and build some lasting friendships”
Find out more about the competition here:
The latest issue of CREST Security Review (CSR) is out today, focusing on ‘transitions’.28th February 2018
From helping extremists reintegrate back into society, to looking at cults and the reasons why people both leave and stay, this issue explores the series of difficult transitions some individuals and groups make.
From helping extremists reintegrate back into society, to looking at cults and the reasons why people both leave and stay, this issue explores the series of difficult transitions some individuals and groups make.
Inside this issue:
- Sarah Marsden writes for us on programmes that seek to help extremists make the transition from violent groups back into society.
- Suzanne Newcombe looks at cults and the reasons why people both leave and stay.
- Refugees often don’t have choices in the series of difficult transitions they make. Christopher McDowell charts the risks and dangers of these transitions.
- Simon Wells shows us how research has helped track how negotiations progress, giving us examples from two hostage crises.
- Tina Christensen presents the results from her study into a Swedish programme that helps far-right extremists make the transition to productive democratic citizens.
Each issue of CREST Security Review also features articles outside of its special focus. In this issue we include research on Russian interference in public discourse, the difficulties of communicating across culture, and a mindmap on what people mean when they say ‘I don’t know’ during an interview setting.
About CREST Security Review
CREST Security Review is a quarterly magazine produced by the Centre for Research and Evidence on Security Threats (CREST). It provides a gateway to the very best knowledge and expertise on understanding, mitigating and countering security threats, providing research-based answers to real-world problems. Each issue includes articles focused on a particular topic; past issues have addressed a range of topics including information elicitation, after Islamic State and decision making. You can see all six previous issues here.
Karena Kyne presents at Innovation Methodologies for Defence Challenges conference30th January 2018
Karena Kyne presents at the Innovation Methodologies for Defence Challenges conference, which was held on 30th January at Saint Paul University, Ottawa together with the Canadian Forces College’s Centre for National Security Studies, the Royal Military College Saint-Jean, the Center for International Policy Studies, and the Mapping and Charting Establishment.
The three-day event was organized by Philippe Beaulieu-B (Canadian Forces College) and Philippe Dufort (Saint Paul University) who arranged a practitioner based conference with fascinating workshops, talks and activities. Key note speakers, Dr. James Greer Leads Institute, Ofra Graicier Israel Defence Dorce, Ben Zweibelson Program Director for Special Operations Forces Design Education at the Joint Special Operations University, Dr. Harold Nelson University of Montanna, Antoine Bousquet, Birkbeck University of London and arak Barkawi, London School of Economics were among the guests at this event.
Karena Kyne’s paper, interestingly titled “Methods for Tracing Impacts of the Pace of Change Via the Amazon Effect, Black Mirror Thinking and Fish Tank Events” presented her concepts with reference to Charlie Brooker’s anthology series Black Mirror and theorized the character of the desire and need for just-in-time delivery with reference to electronic commerce company Amazon.com.
Karena’s aim was to ground theory into practice in through accessible concepts, in order to think through how to apply post modern, critical and reflexive thinking within a practitioner context. Her theme was: how do we speak and think about the impacts of the accelerated pace of change in relation to military logistics and technology?
The aim of the conference was to ask why and how both military commanders and also military institutions are integrating reflexivity, critical thinking and post-modern insights, with a focus on practitioners. Karena was funded by Security Lancaster Mini Project fund. You can find out more details here.
Influence And Interference From Russian Twitter Accounts Following UK Terrorist Attacks
18th December 2017
The level of influence and interference by Russian-linked social media trying to engineer social division in the UK, including through Russian Twitter accounts, is considerably more extensive than has been reported to date.
A CREST report published today identifies the systematic use of fake social media accounts, linked to Russia, amplifying the public impacts of four terrorist attacks that took place in the UK in 2017.
The report was written by researchers at the Cardiff University Crime and Security Research Institute (CSRI). It was funded by CREST as part of our ‘Soft Facts and Digital Behavioural Influencing’ project, led by Professor Martin Innes, who directs the CSRI. You can read more about the project here.
Significantly, the project team found evidence of:
- Stimulation of cumulative extremism: social media platforms were being ‘weaponised’ on all sides of the political spectrum, for example amplifying both pro and anti far-right messages.
- Greater volume of accounts than previously thought: the project’s data show at least 47 active accounts.
- Targeting UK uncertainty: the accounts were active around all four UK terror attacks that the project looked at in 2017.
The evidence gathered by the team shows that at least 47 Russian twitter accounts were used to influence and interfere with public debate following the terror attacks at Westminster Bridge, Manchester Arena, London Bridge and Finsbury Park. Of these accounts, eight were especially active, posting at least 475 Twitter messages across the four attacks, which were reposted in excess of 153,000 times.
A significant aspect of these interference campaigns was the use of these accounts as ‘sock puppets’ – where interventions were made on both sides of polarised debates, amplifying their message and ramping up the level of discord and disagreement within public online debate.
Terrorist violence is fundamentally designed to ‘terrorise, mobilise and polarise’ its audiences. The evidence suggests a systematic strategic political communications campaign has been directed at the UK, designed to amplify the public harms of terrorist attacks.
The report is available to download for free from here.
New issue of CREST Security Review: Decision Making
24 October 2017
This issue of CREST Security Review (CSR) highlights research on decision making, showing how it has been applied in a variety of real-world settings, from extreme environments to the emergency services. Current research can help decision makers avoid misleading biases, being paralysed by the choices available, or failing to get information out to the people who need it.
Every day we make thousands of decisions. Trivial decisions like what to have for breakfast and what to wear to work are decided rapidly without much thought. Decisions with more significant consequences take longer. For example, in critical incidents the complex decisions faced by the emergency services need to be made quickly and have little margin for error.
As Julie Gore and her colleagues show us in this issue, there is a rich history of research on decision making. We feature some of the latest examples, including decision-making processes in cyber security, decision making under stress and terrorist decision making. As always, this latest issue of CREST Security Review is available to download, read and share.
Inside this issue:
- Nikki Power looks at decision making during emergencies, and how the blue-light services work together.
- Drawing on research in the same field, Laurence Alison, Michael Humann and Sara Waring highlight the importance of communicating with victims and casualties.
- Emma Barrett and Nathan Smith give us some factors to help us assess a group’s decision-making capability under extreme stress.
- Simon Ruda shows us how small manipulations can change the decisions made by large numbers of people.
- Awais Rashid and Sylvain Frey investigate cyber security decision-making processes.
- Paul Gill explains the eight things we need to know about terrorist decision making.
- Jan-Willem Bullée looks at how we can be manipulated into making bad decisions.
- Julie Gore talks about the Naturalistic Decision Making community and the rich history of research on this topic.
- Renate Guerts shows us why professionals are needed to assess risks of violence.
Each issue of CREST Security Review also features articles outside of its special focus. In this issue we include research on spotting smugglers as well as what lessons we can take from Northern Ireland to help our understanding of engagement in violent extremism.
About CREST Security Review
CREST Security Review is a quarterly magazine produced by the Centre for Research and Evidence on Security Threats (CREST). It provides a gateway to the very best knowledge and expertise on understanding, mitigating and countering security threats, providing research-based answers to real-world problems.
Each issue includes articles focused on a particular topic; past issues include Information Elicitation, Cyber Security, Transmission, After Islamic State and Networking. You can read all the issues for free here.
Lancaster PhD student presents at 2017 Strategic Command Deterrence Symposium.
Security Lancaster and The Department of Politics, Philosophy and Religion funded Karena Kyne – a faculty-funded PHD student based in PPR- to attend the Strategic Command Deterrence Symposium in Omaha, Nebraska. Karena was selected to present alongside military personnel and fellow researchers by Mr. Howard Buffet, from Columbia University and the School of International and Public Affairs, who moderated the panel titled New Thinking on Deterrence.
Karena’s paper was called Impacts of the Accelerated Pace of Technological Change on Military Logistics where she spoke about the shifting ontologies of hybrid war and logistics.
She argued that the pace of technological change needs to be considered in order to support new ways of mobilizing innovative capabilities and insure flexibility in bureaucratic process and, importantly to make conceptual space for new methods of thinking through the ‘speed, scale and scope’ of modern war and its logistics.
The event closed with some words from General Hyten – Air Force General and Commander of United States Strategic Command who said “I love the Buffet panel … because each of them I probably disagree with more than any other group of people on stage …and the more I think about what you say and the more you challenge me to think about what I think, is unbelievably important.”
The panel took place in front of an audience of 650 from a range geographical locations and interdisciplinary backgrounds.
Watch the video of Karena’s panel here:
National recognition for Lancaster’s cyber security research
4 April 2017
Lancaster University’s world-class work to make the internet a safer place has been recognised by the UK’s National Cyber Security Centre (NCSC). Artificially intelligent tools that are helping police tackle online child sexual abuse, improving the security and resilience of critical national infrastructure and designing resilient networked systems are just some of the areas where Lancaster researchers excel.
Minister for the Cabinet Office, the Rt Hon. Ben Gummer MP has announced that Lancaster University has been recognised by the NCSC (part of GCHQ) and the Engineering and Physical Sciences Research Council as an Academic Centre of Excellence in Cyber Security Research.
Lancaster is the only recognised Academic Centre of Excellence in Cyber Security Research in North West England, and one of 14 across the whole of the UK.
Ben Gummer, Minister for the Cabinet Office & Paymaster General, said:
“This Government is determined to make the UK the safest place in the world to live, work and do business online.
“That is why we need truly ground-breaking research to stay one step ahead of the growing threat of cyber attacks.
“By engaging with business, industry and academia, we will ensure that we develop the skills and research we need to tackle this growing threat to the UK.”
Chris Ensor, Deputy Director for Cyber Security Skills and Growth at the NCSC, said:
“It’s fantastic to see so many leading universities committed to trailblazing improvements to the UK’s cyber security research, and it is particularly good to see Scotland represented for the first time.
“At the NCSC, we are absolutely committed to maintaining and improving our already strong reputation as a global leader in cutting-edge research, and look forward to collaborating with these establishments to make the UK the safest place to live and work online.
“These universities conduct world-class cyber security research and this initiative will improve the way academics, government and business work together – benefiting the whole of the country.”
This recognition is a renewal of previous recognition for Lancaster University’s work in the cyber security field by the national body.
Lancaster University’s cyber security research forms part of the work of the Security Lancaster Institute, which provides world-class research and training on issues relating to the safety and security of UK society.
The Institute’s work is inter-disciplinary and crucially puts the person at the heart of security decisions – taking into account human factors, as well as technology.
Professor Awais Rashid, Director of Security Lancaster, said: “Cyber crime is a large and growing threat to modern society. Whether it is theft of personal data, attacks against critical infrastructure or crimes such as online fraud and sharing of abuse images of children, cyber crime affects us all.
“This recognition demonstrates the importance and significance of the work undertaken here at Lancaster to protect the people and the economy of the UK.”
Lancaster experts work across a wide variety of sectors to help businesses, other organisations and individuals gain an understanding of cyber threats, how to counter them, embed cyber security practices and establish a cyber security culture to help support and protect the UK economy.
Recent Lancaster cyber security work as part of the international research project iCOP resulted in a new online tool designed to spot new child sexual abuse media online.
Other recent research has highlighted vulnerabilities in online passwords and in particular how easy it is for criminals to guess people’s passwords when they possess information on their targets.
Lancaster researchers have also worked with the NCSC to help develop their Industrial Control Systems lab.
In addition, Lancaster is at the forefront of helping the UK meet the skills gap in the cyber security industry. The university delivers an MSc in Cyber Security that is fully certified by Government. It is also leading a major international research project to create a ‘Body of Knowledge’ that will provide the foundations for future teaching and training in the field.
£7.1 million R&D boost for North West businesses
12 January 2017
Lancaster University is launching a £7.1 million low-carbon research and development programme to support small and medium sized enterprises (SMEs) in Lancashire, Cumbria, Cheshire and Liverpool. The award-winning Centre for Global Eco-Innovation, at Lancaster University, returns with more than 50 long-term projects involving three-year PhD, or one-year Master degree, high-calibre graduate researchers working full-time on projects bespoke to the needs of their host business.
Individual projects can be worth up to £100,000 in value & in addition, more than 80 short-term student dissertation or placement projects are also available with researchers working on a project for up to six months.
The projects on offer are part-funded by the European Regional Development Fund and therefore offer significant value to participating companies.
“On offer is £7.1 million worth of research opportunities for regional businesses, enabling them to develop their business and make the transition to a lower carbon economy,” said Dr Andy Pickard, manager of the Centre for Global Eco-Innovation.
“Small and medium sized businesses may have a low carbon research idea that will help to grow the company, but which they don’t have the capacity to undertake the work themselves. The Centre’s funded research projects give them the chance to pursue these opportunities, helping spark economic growth and job creation.” he added.
Researchers will be supervised jointly by leading academics from UK top-ten ranked Lancaster University and a representative from their host SME. Depending on the needs of the projects, graduate researchers could have expertise from a wide range of science and technology disciplines including engineering, environmental science, computing, chemistry and physics, or alternatively design or management skills.
“We already have projects proposed to look into a variety of subjects including new ways to deal with Japanese knotweed, innovative approaches to measuring air quality, insulation in buildings, rewetting of coastal land to store carbon, and energy generation from small-scale hydro installations,” said Dr Pickard.
The initiative provides access for SMEs to facilities at Lancaster University and also involves the Centre for Ecology & Hydrology and the Universities of Chester, Cumbria, Liverpool, and Liverpool John Moores.
The Centre for Global Eco-Innovation recently completed a similar three year programme with Liverpool University and Inventya, which created 308 jobs and generated 190 new products and services, winning a business Impact Award and a Green Gown Award for research and development.
Following an independent evaluation 89 per cent of participant businesses said they would recommend the programme to others and 75 per cent said they expect significant or very significant impact on their business performance, jobs and growth.
Technology company Demopad, which has offices at Lancaster University’s InfoLab21 and trades worldwide, participated in the first Centre for Global Eco-Innovation programme. The company worked with a graduate researcher as part of a three-year PhD. The research programme resulted in new hardware products that the company has been selling in the UK as well as exporting to overseas. This included the Centro 8, which acts as a connecting hub for a vast array of sophisticated high-end home entertainment systems. It is also able to automatically control heating and lighting in homes, helping to reduce energy use, bills and carbon consumption.
Mike Cain, director of Demopad, said: “As a business manager this investment through the Centre for Global Eco-Innovation has encouraged us to think we can now compete on a global scale and enabled us to bring benefits to all aspects of our business, way beyond the actual project focus.
“Our relationship with Lancaster University has been nothing short of transformational. It has given us the opportunity to have a virtually unlimited extension of our research and development resource.”
The Centre for Global Eco-Innovation is part-funded by around £4 million by the European Regional Development Fund. Lancaster University is contributing an additional £3 million to the programme.
Businesses with a clearly defined project already can register online in minutes at http://www.lancaster.ac.uk/engage/business. For more information or help scoping a project, email email@example.com and one of the Centre's team will be in touch.
More details are available by visiting http://www.globalecoinnovation.org/
Hybrid cyber defences could be answer to protect critical infrastructure
25 October 2016
Security research paves the way towards new hybrid cyber defences for nationally critical buildings. Power stations, water supplies, oil refineries, large transport hubs and telecommunication networks are all defined as critical infrastructure needed for a country to function normally. However, the importance of these assets mean they are also likely targets of malicious cyber attacks – particularly from terrorist or state actors.
Modern large-scale infrastructure is increasingly operated by bespoke computer systems known as Industrial Control Systems (ICS). There have been several high profile examples of Industrial Control Systems being attacked – these include nuclear research facilities, a German steel mill and the Ukrainian power grid. Control systems are typically defended by passive Intrusion Detection Systems. Passive systems are traditional Network Intrusion Detection Systems, which generate no new network traffic.
Passive systems offer a low cost solution and are effective against simplistic threats. However, when deployed on their own, passive defences can be exploited by more determined and sophisticated attacks, producing a detection rate as low as 53 per cent in testbed environments.Active defence systems are more effective against sophisticated attacks, however their use is undesirable because they are costly, resource-intensive and risk overloading old hardware systems. These solutions involve directly interrogating the system’s controlling device for information.Research by Lancaster University’s Security Lancaster research centre has identified a hybrid approach to Intrusion Detection for ICS that provides the best of both worlds. The system, called ‘Selective Non-invasive Active Monitoring for ICS Intrusion Detection’ (SENAMI), is a new method of active monitoring that is used very selectively.
SENAMI works by first passively establishing baseline patterns of information – such as traffic quantity, IP addresses, timings and type of data. SENAMI then performs checks every 30 seconds and alerts if the level of traffic is suspicious. It also actively assesses a select small number of values of information from the system’s controlling device, which could give away an intrusion. The low quantity of values ensures SENAMI is able to request values frequently without putting strain on the system it is monitoring, while still being able to detect highly-targeted attacks. This provides the benefits of active detection without the associated risks.
Through experiments conducted on Siemens S7 ICS equipment (the same type used in ICS environments all over the UK today), using Lancaster University’s comprehensive ICS testbed, researchers found SENAMI was able to detect almost all passive attacks and a significant amount of the active attacks modelled by the researchers, with very few false negatives.Professor Awais Rashid, Director of Security Lancaster and co-author of the paper, said: “SENAMI’s combination of active and passive monitoring allows the detection of a range of attacks, including combined attacks using decoys – such as denial of service attacks.“This work is a first step towards developing more robust and practical defences that can ensure industrial control systems for national critical infrastructure are secure from sophisticated and determined attack.”The work, which is detailed in the paper ‘SENAMI: Selective Non-Invasion Active Monitoring for ICS Intrusion Detection’, is due to be presented at the second ACM workshop on Cyber-Physical Systems Security and Privacy (CPS-SPC) by William Jardine, who co-authored the paper while studying at Lancaster University and is now at MWR InfoSecurity.He said: “SENAMI is a very specific solution for Siemens S7 Industrial Control Systems Environments; it addresses particular issues that could be exploited against those systems.“The main takeaway we hope people have from this work is the benefit truly bespoke ICS security can have, as compared to more generic solutions.
CREST Security Review highlights the best research from around the world
31 August 2016
Just why are people so trusting online? How will our smart watches know us better then we know ouselves? And exactly what are the latest techniques for detecting deception? These questions and many more are answered in a new quarterly magazine published by a UK-wide research centre based at Lancaster University.
The Centre for Research and Evidence on Security Threats (CREST) has just launched the publication entitled ‘CREST Security Review’ (CSR).
Articles translate academic jargon to ‘so what’ answers and illustrate how behavioural and social science can be used effectively in everyday scenarios.
Since its launch last year, CREST, which develops and uses economic and social science research to understand, mitigate and counter security threats, has established a growing international network of more than 80 researchers.
It has commissioned research in priority areas and begun to tackle some of the field’s most pressing questions.
The new magazine communicates research from CREST’s work and from other leading research centres and academics around the globe.
“There really is some impressive work going on,” says CREST Director Professor Paul Taylor. “Yet, all that effort is irrelevant if practitioners, policy-makers, and other stakeholders do not get to hear about it.
“CREST Security Review is one way we will keep stakeholders informed not only on what CREST is doing but also on the best research from around the world.”
Each issue will include articles on a particular focus.
The first issue addresses information elicitation including interrogation and interviewing and other contexts where people are encouraged to provide information. It will look at evidence-based techniques for detecting deception – from the polygraph to better questioning strategies; on the power of simple friendly questions in information elicitation; and on human memory.
Other articles examine why people are so trusting when online, reveal how our smart watches will soon know us better than ourselves and summarise the differences and similarities between Sunni and Shi’a Muslims.
- CREST Security Review is available from the CREST website.
- It is available free of charge, under a Creative Commons 4.0 BY-NC-SA licence.
- CREST encourages the sharing and use of its material – for more information on how please visit https://crestresearch.ac.uk/copyright/
CREST is funded by the UK’s security and intelligence agencies to identify and produce social science that enhances their understanding of security threats and capacity to counter them.
CREST also receives funding from its six founding partners (the universities of Bath, Birmingham, Cranfield, Lancaster, Portsmouth and West of England).
Its funding is administered by the Economic and Social Research Council, one of seven UK Research Councils, which direct taxpayers’ money towards academic research and training. The ESRC ensures the academic independence and rigour of CREST’s work.
For more information on CREST and its work visit its website at www.crestresearch.ac.uk and follow it on twitter @crest_research
Data mining of Twitter posts can help identify when people become sympathetic to groups like ISIS
25 June 2016
Researchers have shown that data mining techniques can be used to understand when Twitter users start displaying supportive behaviour to radical terror groups such as ISIS. Analysis of 154,000 Europe-based Twitter accounts and more than 104 million tweets (in English and Arabic) relating to Syria show that users of the social media platform are more likely to adopt pro-ISIS language – and therefore display potential signs of radicalisation – when connected to other Twitter users who are linked to many of the same accounts and share and retweet similar information.
The research, which has been done in close collaboration between Lancaster University and the Open University, is explained in the paper ‘Mining pro-ISIS radicalisation signals from social media users’.
The research provides evidence that shows when users begin either sharing tweets from known pro-ISIS accounts, or using extremist language – such as anti-western or pro-ISIS statements – they quickly display a large change in the language they use, tweeting new words and terms, and indicating a clear shift in online behaviour.
Often before a user shows signals of having become radicalised they discuss topics such as politics, using words such as Syria, Israel and Egypt in a negative context and highly frequently. However, once they display signals of radicalisation their language changes to use religious words more frequently, such as Allah, Muslims and Quran, it was found.
Dr Matthew Rowe, Lecturer at Lancaster University’s School of Computing and Communications, said: “We found that social dynamics play a strong role where Twitter users are more likely to adopt pro-ISIS language from other users with whom they have a lot of shared connections.
“Prior to sharing or using radical content or language users go through a period where they display a significant increase in communicating with new users or adopting new terms. This clear change suggests that users are rejecting their prior behaviour and escalating their new behaviour until displaying radicalised signals.”
Researchers defined if a Twitter user was using pro-ISIS language by identifying a lexicon of pro-ISIS terms and seeing if they used these words more than five times. They also identified known pro-ISIS Twitter accounts, or accounts suspended for supporting ISIS, and used these to reference where a user shared incitement content from.
Analysis also shed light on the sentiment of each term within the context of Tweets. The word ISIS itself was discovered to be used in a negative and likely derogatory context by Twitter users. Researchers believe pro-ISIS users are more likely to use the term ‘Islamic State’.
However, the researchers recognise more work is needed to check the robustness of their data mining methods as only a relative small sample of 727 Twitter users of the 154,000 accounts analysed showed signs of pro-ISIS behaviour. Most of these displayed radical behaviour during the Summer of 2014 when there was significant media and social media attention given to the execution of ISIS hostages.
“There does appear to be an association between information, such as of executions, appearing in the public domain and the sharing of ISIS content or adopting pro-ISIS language,” said Dr Rowe.
The paper's authors are Dr Matthew Rowe, of Lancaster University’s School of Computing and Communications, and Dr Hassan Saif, of the Open University’s Knowledge Media Institute.
First awards announced by UK’s Centre for Research and Evidence on Security Threats
25 June 2016
Ten projects to address some of the security threats facing the UK have been announced by the Centre for Research and Evidence on Security Threats (CREST), which is led by Lancaster University. The call, offering £1.25m, was the first round of commissioning by CREST for programmes of syntheses and original research for understanding, mitigating and countering threats to national and international security.
The ten successful projects (subject to contract) were selected out of 136 applications following an independent selection process.
Speaking about the announcement the Director of CREST, Professor Paul Taylor, said: “We were delighted with the outstanding response to our call. Standing out against stiff competition, the successful projects promise innovation, rigour, and results that will make a difference to how we understand and counter security threats. I am looking forward to working with them.”
The successful projects are:
- Professor Laurence Alison at the University of Liverpool, ‘The Birkenhead Drill’: An Exploratory Study of Expertise and Inertia in Emergency Service Responses
- Dr Stephane Baele at the University of Exeter, How Does Isis’ Online Propaganda Demonstrate Mechanisms of Radicalisation? Assessing Cognitive Mechanisms of Radicalisation With A Quantitative Analysis Of Isis’ Online Propaganda
- Professor Nick Donnelly at the University of Southampton, Differences in the Ability to Spot Rare, Non-salient or Hidden Targets
- Professor Karen Douglas at the University of Kent, Why do people adopt conspiracy theories, how are they communicated, and what are their risks? Perspectives from psychology, information engineering, political science, and sociology
- Professor Neil Ferguson at Liverpool Hope University, Learning and unlearning terrorism: The transition from civilian life into paramilitarism and back again during the conflict and peace process in Northern Ireland
- Dr Paul Gill at UCL, Applying Criminological Paradigms to Terrorist Decision Making Regarding Security and Risk
- Professor Par Anders Granhag at the University of Gothenburg, Minimal Social Exclusion: A Means to Increased Information Gain in Human Intelligence Interviews?
- Dr Christopher McDowell at City University London, From the Diasporisation to the Transnationalisation of Exile Politics: Understanding When Extremism Gives Way to Moderate Politics – The Case of Sri Lanka, 1983-2016
- Dr Jasjit Singh at the University of Leeds, Ethno-national, religio-cultural or anti-Muslim? Investigating Sikh radicalisation in Britain
- Professor Paul Thomas at the University of Huddersfield and Professor Michele Grossman at Victoria University (Australia), Community Reporting Thresholds: Sharing information with authorities concerning violent extremist activity and involvement in foreign conflict: A UK Replication Study
For more information about the selection process and the successful projects please visit the CREST website at: https://crestresearch.ac.uk/news/commissioning-call-awards-announced
North West firms urged to tap into Lancaster's funded business-led R&D initiatives
29 April 2016
Lancaster University is providing a unique opportunity for ambitious North West small and medium sized enterprises (SMEs) to take advantage of funded three-year industry-led research and development initiatives with support worth up to £100,000. More than 80 aspiring companies will be matched with appropriately skilled graduate researchers with expertise in a range of science and technology disciplines including biological and environmental science, engineering, chemistry, computing, communications, geography, maths, physics or statistics
Companies are invited to submit a research idea or problem that they would like to overcome with the potential for graduate researchers, fully supervised and supported by Lancaster academics, to explore a problem extensively up to a three-year period.
Shorter-term funded projects, internships, product development, technology assessment and guidance, leadership development, consultancy, innovation workshops, and a wider range of other projects and facilities for SMEs are also available. Experienced business partnership staff will work to ensure businesses get the most appropriate support.
Dr Mark Rushforth, Head of Business Partnerships and Enterprise at Lancaster University’s Faculty of Science and Technology, said: “These Lancaster University initiatives offer North West businesses a real opportunity to scale-up their research and development capacity. As well as benefitting from the fresh thinking, talent and technical skills of Lancaster science and technology graduates, businesses can also tap into the expertise of our leading academics and cutting-edge facilities.”
Lancaster University facilities available for use by businesses through collaborative research projects include cyber-security laboratories, glasshouse spaces and controlled environment plant growth rooms, dilution refrigerators for some of the lowest temperature testing in the world, high-resolution mass spectroscopy, additive manufacturing facilities, new £4 million class 100 and class 1000 clean rooms and more than £7 million new chemistry facilities, including a dedicated building for industry access and a range of state of the art chemical and physical characterisation, analysis and synthesis equipment. .
There is a rolling call for three year projects from April to July 2016. The majority of longer term collaborative projects will start in October 2016. There will be a competitive process to select the projects with most potential for company growth. Businesses will be asked to contribute up to £5,500 per year towards the costs of their researcher.
Lancaster University, one of only four UK universities to achieve the Small Business Charter Gold Award, is ranked top ten for interactions with SMEs by Government and has more than £18 million of activity with business in Science and Technology disciplines alone.
Becky Gordon, Operations Manager for Business Partnershihps and Enterprise said "Companies that have a clearly defined project already can register online in minutes, and will be contacted by our business partnerships team. We would also like to hear from businesses that have an idea or challenge to talk through, or need us to help scope their project, or want to find out more about our other funded activities"
Businesses interested in applying for a Lancaster University funded research and development initiative can register online at www.lancaster.ac.uk/engage/business, visit www.lancaster.ac.uk/sci-tech/business/funded-research, or contact Becky Gordon,firstname.lastname@example.org, 01524 510188 / 07811 832770 for more information
New Lancaster University centre will research violence and society
14 March 2016
The Violence & Society UNESCO Centre launches at Lancaster University this month with a Public Lecture on trafficking in human beings. The Centre addresses the increasing centrality of violence to contemporary social relations, researching the causes of increases and decreases in different forms of violence, developing theory and improving forms of measurement. It will conduct high-quality research to build a coherent understanding and explanation of violence in its many forms, and provide evidence to develop new policy approaches.
The Violence & Society UNESCO Centre is a coalition of researchers based in eight departments across three faculties at Lancaster University, linked to collaborators in other UK, European and international universities, policy-makers and service providers.
Distinguished Professor Sylvia Walby, from the University’s Sociology Department, who is Director of the Violence & Society UNESCO Centre and holder of the UNESCO Chair in Gender Research said: “The launch of this new research centre represents a very significant and exciting opportunity to bring together colleagues from across the University and external partners to collaborate on pushing forward this very important global research agenda on violence.”
The Centre launches on 15 March 2016 with a Public Lecture by Kristiina Kangaspunta, Chief of the United Nations Office of Drugs and Crime (UNODC) Trafficking in Persons Unit on ‘Trafficking in Human Beings: Large, Medium, Small - The Size of Human Trafficking’.
Trafficking in human beings – one of the topics the new Centre is researching, has been described as the second largest source of illegal profits in the world, victimising millions of people and generating billions of dollars. The challenge of producing accurate estimates of something that is hidden is immense. This lecture challenges current orthodoxies and considers the ways forward.
Professor Andrew Atherton, the Deputy Vice-Chancellor of Lancaster University, will chair the event, which will take place in the Management School Lecture Theatre 6 from 4.15pm to 6pm. All are welcome.
New analysis method makes increasing rate of violent crime visible
18 January 2016
A new method of analysing crime statistics finds that violent crime in England and Wales is increasing, not decreasing. Distinguished Professor Sylvia Walby, Dr Jude Towers and Professor Brian Francis of Lancaster University developed the method and used it to analyse data from the Crime Survey for England and Wales over a 20 year period from 1994 to 2013/14.
They found the rate of domestic violence has been increasing since 2009. The rate of violence against women has also been increasing since 2009. But violent crime against men is still decreasing.
The rate of violent crime overall has started to increase since 2009, driven by the changes in domestic violent crime and in violent crime against women.
These findings contradict the official view that violent crime in England and Wales is continuing to fall.
This increase is concentrated among ‘high frequency’ victims - those who experience multiple attacks.
The research finds that domestic violent crime and violent crime against women have been increasing since 2009. Before this, these forms of violent crime had been falling since the mid-1990s. The change point, from decrease to increase, coincides with the start of the economic crisis.
The researchers compare trends based on the number of victims, capped crimes, and all reported crimes. This new analysis finds that ‘high frequency’ victims, rather than all victims, are key to the increasing rate of violent crime in England and Wales.
This new methodology rejects ‘capping’ and uses all reported crimes without increasing volatility. Official methods of estimating violent crime using this data cap the yearly number of violent crimes against any one individual at five, despite around 5% of respondents reporting a greater number than this. Capping is a widely used statistical technique designed to reduce year-to-year volatility when examining change over time, but this method can introduce significant bias.
The new method manages volatility through an alternative statistical technique of three year moving averages. This results in the same level of volatility but without introducing the bias caused by capping. The research analyses trends using segmented regression which allows the identification changepoints.
New “Internet of Things” research hub announced
6 January 2016
New research will ensure that the UK is a global leader in the privacy, ethics, trust, reliability, acceptability, and security (PETRAS) of the “Internet of Things” (IoT). And with this strong foundation the UK will become the world’s best place to develop and deploy new internet technologies. Lancaster University is part of a consortium that has received £9.8 million support from the Engineering and Physical Sciences Research Council (EPSRC), as part of a £40 million investment programme from UK Government.
This interdisciplinary work will concentrate on a number of key areas, including the security considerations for connected devices in critical infrastructure and industrial environments, the creation and use of ‘big data’ for ‘smart’ highways maintenance and ‘e-Campus’ (the world’s largest research testbed for ambient displays), as well as developing new design techniques that will be used to create visions of what the future for the internet of things may be to enable as many people as possible to engage with shaping those futures.
Rachel Cooper, Professor of Design Management and Policy at Lancaster University, said: “The Internet of Things is shaping up to be the next big digital revolution with billions of objects becoming connected to the internet. These devices will produce unprecedented volumes of data as well as posing significant security challenges and the need for innovative design solutions".
“Working alongside colleagues within the Hub, Lancaster’s expertise will cut across these areas to provide solutions that will help ensure that the IoT brings about its much promised economic and societal benefits to the UK in a way that is safe, secure and robust.”
Ed Vaizey, Digital Economy Minister announced the Government funding for the Hub on 6 January 2016, he said: “UK universities are renowned for their creativity, and pioneering research and development. We want the UK to be a world leader in the adoption of Internet of Things technologies, and I know that bringing these universities together with partners from the UK's thriving tech industry will be instrumental in making this a reality.”
An additional £9.7 million comes from partners including SMEs, industry, NGOs, and public bodies. With just over £4 million of additional support from the participating institutions, the total investment in the PETRAS IoT Hub comes to £24 million over three years.
The Hub is a consortium of nine leading universities have come together as the PETRAS IoT Hub, led by UCL with Imperial College London, Lancaster University, University of Oxford, University of Warwick, Cardiff University, University of Edinburgh, University of Southampton, and University of Surrey.
Initial IoT work carried out by Lancaster experts as part of the Hub includes:
• Studying the security and safety risks posed by the introduction of IoT in industrial infrastructures.
• Developing novel cyber security driven architectures based on the philosophy ‘If it is not cyber secure, it is not safe’.
• Contributing expertise in data and trust within IoT systems for smarter highways maintenance and ambient environments.
• Developing new design techniques that will enable people to shape the future of the Internet of Things.
PETRAS IoT Hub Director Professor Jeremy Watson said: “We will maximize the economic and societal opportunities of the Internet of Things by removing barriers to adoption.”
“Working with business, public, and third sectors will enable the PETRAS IoT Hub members to investigate questions of safety, security, privacy and trust within real life settings.
“The UK has the potential to be the world’s most supportive environment for the development and deployment of a safe and secure Internet of Things. We will raise the bar using innovative collaborative and interdisciplinary research methods.”
Lancaster academics involved in the PETRAS IoT Hub include Professor Rachel Cooper, Professor Paul Coulton, Professor Awais Rashid and Professor Nigel Davies.
Professor Philip Nelson, EPSRC’s Chief Executive, said: “In the not too distant future almost all of our daily lives will be connected, in one way or another, to the digital world. Physical objects and devices will be able to interact with each other, ourselves, and the wider virtual world. But, before this can happen, there must be trust and confidence in how the Internet of Things works, its security and its resilience. By harnessing our world-leading research excellence this PETRAS research Hub will accelerate IoT technology innovation and bring benefit to society and business.”
WiFi signals can be exploited to detect attackers
21 December 2015
Physical attacks on devices connected to the Internet can be detected by analysing WiFi signals, computer scientists have discovered. Wireless devices are increasingly used for critical roles, such as security systems or industrial plant automation.
Although wireless transmissions can be encrypted to protect transmitted data, it is hard to determine if a device – such as a wirelessly connected security camera protecting critical buildings in airports or power stations – has been tampered with. An attacker may simply rotate a camera’s view away from the area it is guarding without triggering an alert.
Researchers at Lancaster University, in their study ‘Using Channel State Information for Tamper Detection in the Internet of Things’ have created a method that analyses WiFi signals at multiple receivers to detect physical attacks. A change in the pattern of wireless signals – known as Channel State Information (CSI) – picked up by the receivers can indicate a tamper situation. The algorithm detects attacks despite signal noise caused by natural changes to the environment such as people walking through the communication paths.
Dr Utz Roedig, Reader in Lancaster University’s School of Computing and Communications and one of the report’s authors, said: “A large number of Internet of Things systems are using WiFi and many of these require a high level of security. This technique gives us a new way to introduce an additional layer of defence into our communication systems. Given that we use these systems around critically important infrastructure this additional protection is vital.”
The paper was presented by lead author Ibrahim Ethem Bagci at the 31st Annual Computer Applications Conference (ACSAC) in Los Angeles on Wednesday, December 9.
Other contributors to the research include Ivan Martinovic from the University of Oxford and Matthias Schulz and Matthias Hollick from the Technische Universitat Darmstadt.
More information about Lancaster University’s School of Computing and Communications
National Centre for Research and Evidence on Security Threats Launch
1 October 2015
Lancaster University is to lead the UK’s new centre for the development and use of economic and social science research to understand, mitigate and counter security threats. The Centre for Research and Evidence on Security Threats (CREST) brings together world leading researchers at the universities of Birmingham, Cranfield, Lancaster, Portsmouth and the West of England to deliver a national hub for independent research, training and knowledge synthesis.
The founding partners will oversee programmes of activity that attract the best social scientists from the UK and abroad to partner with industry and government and break new ground in our understanding of and capacity to counter contemporary threats.
Launching today (October 1), the Centre was commissioned by and will be administered by the Economic and Social Research Council (ESRC) with a focus on conducting independent research and knowledge synthesis to inform approaches to countering contemporary security threats to individuals, communities and institutions.
The centre is funded for three years with £4.35 million from the UK security and intelligence agencies and a further £2.2m invested by the founding institutions.
Director of CREST Professor Paul Taylor, from Lancaster University, said: “Bringing together the UK’s top economic, behavioural and social scientists with partners in industry and government will provide unprecedented opportunities to develop our understanding of security threats and how best to mitigate them. Today’s threats are challenging and diverse. The ambitious and innovative activities of CREST over the coming years will meet these challenges."
As well as conducting world-class, independent research, the Centre will stimulate public and professional debate, connect disciplinary communities, inform security policy and practice, and provide training to research leaders of the future.
Lancaster University will lead the research programme on ideas, beliefs and values in social contexts, examining how extremist ideologies are transmitted and countered.
The other founding partners will lead programmes looking at actors and narratives, online behaviour, eliciting information, and protective security and risk assessment.
The project will initially fund 13 PhD students working across all five universities.
Lancaster University and Nettitude agree strategic cyber security research partnership
24 September 2015
Lancaster University has agreed a strategic research partnership with Nettitude – a leading provider of cyber security services. The partnership will signal a range of collaborations, including joint research projects that will help to develop the knowledge and technologies needed to combat cybercrime.
Awais Rashid, Director of Security Lancaster, the University’s centre of excellence for cyber security research, said: “Lancaster University welcomes the opportunity to forge a close relationship with a dynamic high-growth strategic corporate partner in Nettitude.
“Nettitude has developed a strong reputation within the cyber security industry and our partnership will help to underpin our high-quality research and ensure that we are able to have a direct impact on ensuring businesses, and the UK economy, are protected from malicious attacks.”
Dr Jules Pagna Disso, Head of Research and Development from Nettitude, said: “It is very important for us to create partnerships with institutions such as Lancaster University, as they are attracting some of the brightest young minds to the discipline of cyber security. As an organisation, we recognise the importance of investing in research initiatives like this which will help to both make advancements in how we secure data and systems, as well as nurture new talent.”
Lancaster University has a long history of providing world-class research and training on issues relating to the safety and security of UK society. The University delivers a GCHQ-approved Masters degree in Cyber Security, and its Security Lancaster research centre has been awarded Centre of Excellence in Cyber Security Research by GCHQ and the EPSRC.
The partnership with Nettitude has already resulted in the creation of a joint project entitled ‘ICS/SCADA Risk Framework and Passive Network Appliance’. The project, which has been awarded funding by the UK’s innovation agency, Innovate UK, will involve the development of a framework and network based appliance that will provide end users within complex supply chains with the relevant knowledge and visibility of their key areas of risk. The creation of a common framework will provide consistency across the supply chain, helping organisations to identify the priorities and actions needed to ensure a robust security posture is maintained.
The project is expected to last 18 months and is due to begin in autumn 2015.
Could laptops torpedo navies of the future?
13 March 2015
Forget pirates in gunboats, criminals armed only with a laptop and an internet connection are predicted to become a serious threat to navies and the global shipping industry – a new report has revealed. As maritime logistics becomes increasingly reliant on information and technology sea-faring vessels, and associated infrastructure such as ports, are more vulnerable to malicious cyber-attacks.
Software obsolescence, increased automation of ship control systems, cloud computing, and the deception and bribery of key staff and crew through social media are just some of the emerging potential weaknesses that online criminals and agents could exploit.
The 'Cyber Operations in the Maritime Environment' report by academics at Lancaster University’s Security Lancaster – an Academic Centre of Excellence in Cyber Security Research – highlights that this heightened vulnerability will require navies and shipping companies to adopt new defensive measures to mitigate against cyber-attacks.
"In years gone by only those who had the capacity to build expensive ocean-going vessels had the ability to secure sea lanes and exploit the maritime landscape for profit," says Oliver Fitton of Security Lancaster and one of the report’s authors. "For the first time in maritime history the positive correlation between capital spent and power is undermined, cyber-attacks are low-cost alternatives to physical attacks, which have the ability to cripple maritime operations.
"The whole maritime industry must reassess its spending on long-term platforms (ships and other vessels).
"Ship builders especially must consider whether it is right to spend billions of pounds on platforms, and physical defensive systems, when they have the potential to be nullified by a single well-informed individual, thousands of miles away, with an internet connection and a few browser tabs open.
"Money may be better spent in cyber offence and defence. Another question that should be asked at the dawn of the age of cyber weaponry is – will you always need to be at sea to secure and exercise command in it?"
The report highlights how the ending of support for software such as Microsoft’s XP operating system – a user-friendly and robust system that could be adapted to a wide range of uses at sea – after 13 years means there will be no further official security updates. However, ships using the software are designed with much longer lifespans.
Due to short software lifespans like these, the report recommends that navies will have to 'fundamentally rethink' how they use technology on the commissioning of expensive vessels such as the Royal Navy’s new aircraft carriers that are currently under construction.
"It is impossible to imagine that these ships will maintain their effectiveness in 50 years' time if they continue to use their inaugural computer systems," says Mr Fitton. "Software will continue to have a dramatically shorter lifespan than hardware (ships). In the maritime environment hardware will continue to be designed and built to last for decades. Whereas software will only last until a vulnerability is developed to attack it, until the vendor (software company) decides not to support it or until the vendor goes out of business."
The report says the trend towards increased automation of shipping operating systems –enabling smaller crews, which reduces costs – also presents opportunities for malicious attackers.
"As the trend for greater automation continues new vectors of attack will be created," says Mr Fitton. "The trend to integrate technology makes sense when efficiency and economy are under consideration but not necessarily when security threats are taken into account."
The report predicts that off-the-shelf standard technology will become widespread – making it easily obtainable by criminals and leading to increased opportunities for attacks. Subcontractors maintaining these software systems could also be a potential threat vector.
As sea-faring vessels will be increasingly connected to the internet, another key vulnerability will be people on-board being targeted through their social media accounts and criminals or agents using methods such as social engineering, deception, identity theft, bribery and blackmail.
Mr Fitton said: "Friend and contact lists allow attackers to build up a picture of acquaintances, colleagues, friends and family members for use against the target maybe in the form of an identity theft attack or in the form of blackmail – which is especially effective when an individual is thousands of miles away from his or her loved ones. Each connection in a social network is a potential vector for social attack.
"For many years crews were isolated from the rest of the world while at sea but technology is changing that. Already US naval ships have their own wi-fi networks and private firms are attracting the best crew they can by offering comprehensive connectivity to employees.
"This means that new individuals who were once unreachable are now targets for remote attackers."
The report stresses the need for policies and procedures to be put in place to reduce the risk of employees coming under attack.
The 'Cyber Operations in the Maritime Environment' report was produced in response to an identification of a lack of understanding of the cyber threat within British Maritime Doctrine – the National Strategy for Maritime Security and commercial maritime operators. It was written by Mr Oliver Fitton, Dr Basil Germond, Dr Mark Lacey and Dr Daniel Prince.
More information about Security Lancaster is available by visiting Security Lancaster
Ethical hacking industry needs greater professional standards – report highlights
20 January 2015
The UK cyber security industry would benefit from increased standardisation of widespread ‘penetration testing’ techniques – a new report has highlighted. Penetration testing involves an authorised attack, carried out by experienced professionals, on an organisation’s IT internal and external infrastructure, to identify vulnerabilities that may be present.
William Knowles, from Lancaster University’s Security Lancaster, said: “Penetration testing has become widespread. Increased standardisation would serve to protect cyber security professionals by providing a level playing-field on which to compete.
“A lack of consumer clarity in a complex professional services market, coupled with increasing demand for companies to provide levels of security assurance in order to do business, leads to variable quality in the market place, which could put companies at risk.”
Currently, the inconsistent terminology and levels of service offered are holding back the industry, leading one security provider to describe the current situation as like a “Wild West.”
The report makes three recommendations for standardisation:
• Standardise terminology for different levels of testing – to enable clients to make more informed decisions and to compare like for like with providers. This would also help to offer the service to international markets.
• Guidelines for reporting structure and content – to offer clients greater consistency through the use of metrics and recommendations, as well as empowering clients to understand security threats facing their organisations.
• The creation of guidelines for auditors on using penetration test results as evidence within compliance assessments for security standards is also recommended.
The report’s authors interviewed 54 stakeholders including 32 penetration testing providers and their clients, as well as seven industry stakeholders, including technical bodies and government departments.
William Knowles said: “The threat of cyber attacks has led to an increase of simulated and controlled cyber security evaluations of IT infrastructures. Such evaluations are frequently referred to as penetration testing. However, in practice, the nomenclature encompasses a variety of other labels, including vulnerability assessments, IT health checks, ‘red team’ exercises, and ethical hacking.
“Both providers and clients were found to be dissatisfied by the lack of transparency and consistency in industry offerings. Given the importance and rapid growth of penetration testing, resolving these needs for best practice quickly would aid both providers and buyers.
“Standardisation of terminology would enable clients to compare like for like, and provide clarity and consistency, which would also aid the commoditisation of penetration testing, particularly when looking to international markets. It would also help to alleviate some of the frustrations revealed in the report, where providers see competitors offering vulnerability assessments badged as penetration tests.”
Dr Alistair Baron, of Security Lancaster and co-author, said: "Another concern highlighted during the interviews was the potential legal and ethical perils surrounding the use of social engineering as part of penetration testing exercises. This is an area that will be tackled in future research at Security Lancaster."
While pointing out existing issues within the industry, the report recognises the foundations laid by schemes such as CHECK, CREST and Tigerscheme.
Tim McGarr, Market Development Manager for ICT & Asset Management, Governance & Resilience at BSI, said: “Organisations are increasingly looking to the penetration testing industry to better understand and improve their cyber security. As this thought leadership report has shown, there are respected qualifications for individual penetration testers, but that there can be greater consistency of the service penetration testing firms provide.
“Greater standardisation in this area as identified in the report should allow customers to know they are getting a consistent comparable service. In addition, it will allow providers to better demonstrate and differentiate their capabilities. BSI will use the findings of the report to reach out to the stakeholders in the penetration testing market to determine the demand for new standards.”
BSI is currently in dialogue with various stakeholders in the penetration testing industry to take these standards recommendations forward. If you are interested in inputting to the approach please contact Tim.McGarr@bsigroup.com
To find out more about Security Lancaster and how it can help your organisation, seewww.lancaster.ac.uk/security-lancaster or contact Business Partnerships Manager and Associate Director for Security Lancaster, Dr Daniel Prince 07807 125 781 email@example.com
The full report can be viewed here.
BSI (British Standards Institution) is the business standards company that equips businesses with the necessary solutions to turn standards of best practice into habits of excellence. Formed in 1901, BSI was the world’s first National Standards Body and a founding member of the International Organization for Standardization (ISO). Over a century later it continues to facilitate business improvement across the globe by helping its clients drive performance, manage risk and grow sustainably through the adoption of international management systems standards, many of which BSI originated. Renowned for its marks of excellence including the consumer recognized BSI Kitemark™, BSI’s influence spans multiple sectors including aerospace, automotive, built environment, food, healthcare and ICT. With over 80,000 clients in 172 countries, BSI is an organization whose standards inspire excellence across the globe.
To learn more, please visit www.bsigroup.com
Researchers develop new form of lie-detector test
5 January 2015
Police and intelligence agencies around the world have for almost 100 years relied on lie-detectors to help convict criminals or unearth spies and traitors. The polygraph is beloved of the movies, with countless dramatic moments showing the guilty sweating profusely as they are hooked up, but the invention could soon be defunct.
Researchers in Britain and the Netherlands have made a breakthrough, developing a method with a success rate in tests of over 70% that could be in use in police stations around the world within a decade. Rather than relying on facial tics, talking too much or waving of arms – all seen as tell-tale signs of lying – the new method involves monitoring full-body motions to provide an indicator of signs of guilty feelings.
The polygraph is widely used in the US in criminal and other cases and for security clearance for the FBI and CIA, but is much less popular in Europe. There has been a lot of scepticism in the scientific and legal communities about its reliability. By contrast, the new method developed by the researchers has performed well in experiments.
The basic premise is that liars fidget more and so the use of an all-body motion suit – the kind used in films to create computer-generated characters – will pick this up. The suit contains 17 sensors that register movement up to 120 times per second in three dimensions for 23 joints. The findings are to be published at an international conference on system sciences opening at Kauai, Hawaii, on Monday.
One of the research team, Ross Anderson, professor of security engineering at Cambridge University, said: “Decades of deception research show that the interviewer will tell truth from lies only slightly better than random, about 55 out of 100.
“The polygraph has been around since the 1920s and by measuring physiological stress induced by anxiety you can get to 60. However, it can easily be abused as an interrogation prop and many people are anxious anyway facing a polygraph on which their job or liberty depends.”
He said the new method, by contrast, achieved a reliability rating of over 70% and he was confident they would be able to do better. In some tests, the team has already achieved more than 80%.
Anderson said: “The takeaway message is that guilty people fidget more and we can measure this robustly.”
Anderson added that the research had a special significance at this time, against the background of the US Senate report on torture by the CIA. Apart from the moral case against torture, Anderson pointed out that it was a very unreliable way of gathering accurate information. “We have known for a long time that torture does not work,” he said. The new method offers a pragmatic, scientifically backed alternative for conducting interviews.
The research paper was written by Dr Sophie van der Zee, of Cambridge University, Professor Ronald Poppe of Utrecht university, Professor Paul Taylor of Lancaster university, and Anderson.
The polygraph was created in 1921 by policeman John Larson, based on research by the psychologist William Marston, and records changes in pulse, blood pressure, sweating and breathing to ascertain whether a subject is lying. While cinema depictions suggest the device is near-infallible, the US supreme court ruled in 1998 that there was no consensus that the polygraph was reliable, a finding supported by the US National Academy of Scientists in 2003.
The experiment carried out by Anderson and his colleagues involved 180 students and employees at Lancaster University, of which half were told to tell the truth and half to lie. They were each paid £7.50 for their participation in the 70-minute experiment, involving two tests. Some were interviewed about a computer game ‘Never End’ that they played for seven minutes, while others lied about playing it having only been shown notes about it. The second test involved a lost wallet containing £5. Some were asked to bring the wallet to a lost-and-found box while others hid it and lied about it.
“Overall, we correctly classified 82.2% (truths: 88.9%, lies: 75.6%) of the interviewees as either being truthful or deceptive based on the combined movement in their individual limbs,” the report says.
Anderson said: “Our first attempt looked at the extent to which different body parts and body signals indicated deception. It turned out that liars wave their arms more, but again this is only at the 60% level that you can get from a conventional polygraph. The paydirt was when we considered total body motion. That turns out to tell truth from lies over 70% of the time, and we believe it can be improved still further by combining it with optimal questioning techniques.”
Another advantage is that the total body motion is relatively unaffected by cultural background, anxiety and cognitive load (how much you are thinking) that confound other lie-detection technologies, Anderson said. The use of all-body suits is expensive – they cost about £30,000 – and can be uncomfortable, and Anderson and his colleagues are now looking at low-cost alternatives. These include using motion-sensing technology from computer games, such as the Kinect devices developed by Microsoft for the Xbox console.
Anderson acknowledges that agencies such as the CIA could teach agents how to counter the full-body motion method by freezing their bodies but he said that in itself would be a giveaway.
Lancaster research to help business decision-makers protect against cyber attack
9 October 2014
Lancaster University research will enable business leaders to take more informed decisions about protecting critical infrastructure from cyber attack. Working with industrial partners Airbus, Raytheon and Thales, experts from Lancaster University’s Security Lancaster Research Centre are researching how to provide business decision-makers with smarter information about cyber risk. This will enable bosses and workers to mitigate against potential attacks.
The ‘MUMBA’ project is specifically focused on threats to ‘industrial control systems’, which manage key infrastructure such as manufacturing plants, power stations, electricity grids, and transport networks. These systems are increasingly connected to the internet, which makes them potentially more vulnerable to cyber-attack from those with hostile intent.
Professor Awais Rashid, lead scientist on MUMBA and director of Lancaster University’s Security Lancaster research centre, said: “This research is about understanding the cyber security risks at the intersection of people and technology. If you give people lots of technical metrics that they don’t understand you get poor decision-making.
“Risk decisions are made not only at board and management level but also by those working with industrial control systems on a day-to-day basis. Our project will produce a software tool that will allow professionals to more effectively understand and visualise risks to industrial control systems.”
The research project, which has received £393,867 funding by the Engineering and Physical Sciences Research Council (EPSRC), will also study the implications of particular security decisions in 20 - 30 years’ time given long operational life of such systems. This will provide information to ensure much needed future-proofing of critical connected infrastructure.
The project aims to become a cornerstone for future research into articulating and translating cyber risk into metrics that can be understood by leaders as business risks.
The project builds on and extends an already extensive programme of research at Lancaster on understanding and mitigating cyber risks to industrial control systems.
The Lancaster University research forms part of a wider £2.5million research programme that is led by Imperial College London and also includes Queen’s University of Belfast, the University of Birmingham, and City University London.
More information about Lancaster University’s Security Lancaster research centre can be found at www.security-centre.lancs.ac.uk.
Lancaster University Cyber Security course is certified by UK's national intelligence agency
7 August 2014
A Lancaster University course that is helping to produce the crime fighters of the digital age has received a seal of approval by the UK's national security and intelligence agency - GCHQ. Lancaster University's MSc in Cyber Security, which is delivered by experts from the Security Lancaster research centre, is one of only four Masters degree courses delivered by UK universities to receive a newly launched 'Full Certification' status by GCHQ.
Announced by Francis Maude, Minister for the Cabinet Office, the certification reflects the agency's approval of the high standards and abilities with which Lancaster University is equipping its graduates as they help to plug the large skills gap in the ongoing battle against cyber criminals that are costing the economy billions.
Professor Awais Rashid, director of Security Lancaster, said: "Government recognises that robust cyber security is essential for the UK to prosper in the digital age.
"At the moment there is a significant skills gap with demand for talented people equipped with the necessary cyber security skills being outstripped by supply. Centres of excellence like Security Lancaster are working hard to help equip our students with those sought-after and increasingly important skills to help meet the cyber security needs of business, industry and the society-at-large.
"We are happy our Masters in Cyber Security has received this certification as part of a rigorous national assessment and we are sure this measure will also help employers to identify the best graduates with the necessary skills."
The GCHQ certification reflects the aims of the National Cyber Security Programme, UK Government and its delivery partners, to increase the UK's academic capability in all fields of cyber security.
Lancaster University's Security Lancaster is an EPSRC-GCHQ Academic Centre of Excellence in Cyber Security Research. GCHQ, which has identified establishing a network of cyber security centres of excellence as a strategic priority, has indicated that delivering certified Masters qualifications is likely to be a prerequisite for future centre of excellence status in cyber security education for universities.
Francis Maude, Minister for the Cabinet Office, said: "Cyber security is a crucial part of this government's long term plan for the British economy. We want to make the UK one of the safest places in the world to do business online. Through the excellent work of GCHQ, in partnership with other government departments, the private sector and academia, we are able to counter threats and ensure together we are stronger and more aware."
Chris Ensor, Deputy Director for the National Technical Authority for Information Assurance at GCHQ, said: "As the National Technical Authority for Information Assurance, GCHQ recognises the critical role academia plays in developing the UK's skill and knowledge base.
"I'd like to congratulate the universities which have been recognised as offering a Master's degree which covers the broad range of subjects that underpin a good understanding of Cyber Security."
According to a report from security company McAfee cybercrime costs the global economy £266 billion annually. A 2011 Government report estimated the cost to the UK economy to be around £27 billion a year.
An independent report commissioned by Lancaster University estimated that cybercrime costs key sector businesses in North West England almost Â£107 million a year.
Emphasising the importance the certification brings to industry Mark Hughes, President of BT Security, said: "At BT we are acutely aware of the impact of the UK cyber skills gap and recruiting the right people with the right knowledge and skills is a big deal for us.
"As a leading Internet service provider we want to employ the very best. That is why we welcome GCHQ's certification of Master's degrees in Cyber Security. The fact that GCHQ recognises these courses as high calibre gives us, at BT, the confidence that those graduating with a Master's from one of these universities will have the sound knowledge base in cyber security that we would be looking for. This is a great step forward in developing the cyber specialist of tomorrow."
Other universities to have received full certification from GCHQ are Edinburgh Napier University, University of Oxford and Royal Holloway, University of London.
Cranfield University and University of Surrey received provisional certification.
More information about Security Lancaster is available by visiting www.security-centre.lancs.ac.uk
Information about Lancaster University's MSc in Cyber Security is available by visiting www.scc.lancs.ac.uk/masters/CyberSecurity