Belfast, United Kingdom and Daejeon, Republic of Korea – 20 October 2016: The Centre for Secure Information Technologies (CSIT) and the Electronics and Telecommunications Research Institute (ETRI) have just embarked on the first phase of a ₩380M (£275K) collaboration as part of a larger multi-partner project (KeyHAS) to develop and test novel technologies for internet of things (IoT) security. CSIT is the UK’s national Innovation and Knowledge Centre (IKC) for cyber security research. ETRI is Korea's largest government-funded research institute.
The project will see CSIT design and build new Physical Unclonable Function (PUF) technology, build a new PUF testbed and carry out a threat analysis study on the security requirements for cryptography key protection using PUF. Furthermore, CSIT will use the new testbed to evaluate PUF technology which Korean partner, ICTK, develops. ICTK (ICTK Co., Ltd.) is a global Transaction & Security Solution Provider that serves more than 200 clients worldwide, including card/terminal manufacturers, card issuers, network operators, banks and government agencies.
Speaking from Korea, where he is attending the 1st annual Open Workshop for the KeyHAS project, Dr Godfrey Gaston, CSIT Director, said: “The 'Internet of Things' is opening up new attack vectors which are being exploited by criminals to launch attacks on networks and systems. Secure and robust trust anchors are required to ensure that future machine to machine communications are safe from interception and other forms of fraudulent and malicious activity.”
“CSIT and ETRI have developed a strong collaborative relationship over many years of engagement. This project cements that and opens up new global markets for our Physical Unclonable Function technology for IoT security applications.”
KeyHAS Partners are ETRI (Korea), ICTK (Korea), Secure IC (France) and Purdue University (United States). Funding for the project has been provided by IITP (Korean Government).
Sandra Scott-Hayward addresses SDN security concerns, in response to The Register.
We have billboard ads in the U.K. warning homeowners to take care of their property by locking windows and doors. The tagline goes something like “It’s not a break-in if it’s a walk-in!” This perfectly expresses the sentiment that arose in our ONF discussion around this recent article in The Register.
The article refers to an academic paper by researchers from the University of Padova and Sapienza University. I want to start by saying that I am thrilled to see this research work on Software-Defined Networking (SDN) security. The focus of my own research is exactly this and the more people contributing to this important topic, the better for the networking community! However, I have a few comments… the dreaded words in an academic paper review! In this case, my comments are to The Register. Let me expand.
To The Register: The title of your article is very catchy. I’ve tried to do the same with mine! However, I find the statement “Software-Defined Networking Is Dangerously Sniffable” somewhat suggestive and, I would argue, inaccurate. In the body of the article, the origin of the title statement is found, “an attacker could potentially sniff control traffic, because of inadequate protection (not using TLS, or not using certificates for authentication).” What we’re talking about here is the fact that with the separation of the data and control planes in SDN, control traffic is transmitted between network elements and the controller, and as such is vulnerable to “sniffing” or interception.
However, this is not a concept unique to SDN; the transmission of any data/control traffic on any open, unsecured communication path in any network is vulnerable. For this very reason, the use of TLS, certificates, IPSec, encryption, etc. is recommended in all network deployments, not just SDN.
This is the key – SDN doesn’t have to be any more dangerous than a traditional network. It’s down to how we design our devices, architect our networks, and deploy all of this in a secure fashion. I should highlight that in all the work of the ONF Security Working Group, we strongly recommend the use of TLS or a TLS equivalent protocol.
So I’ve just spent a few paragraphs disputing what is actually detailed in the “Know Your Enemy” paper as a possible method an attacker could leverage to gain a side-channel to the flow table. This potential to access a side-channel to the flow table is a fundamental assumption of the work, and details of the methods (and obviously means to defend against them) are out of scope of the work. This is where my title comes in – if we don’t design and deploy our networks (SDN or otherwise) securely with proper system management, then yes, of course, we can anticipate attacks.
Let’s say it is possible to gain this important side-channel to the flow table. In the article, we’re told that “the attacker can easily work out what conditions will make the controller push a flow rule…” Quite frankly, there doesn’t seem to be anything easy about this process. There are a volume of steps required over a long period of time. The authors, themselves, have identified this as a limitation.
There are some other aspects I would discuss in a conversation with the authors. For example, the proactive installation (rather than reactive as discussed in the work) of flow rules in practical, large networks; the aggregation and normalization of flow rules in hardware switches; the impact of distributed control on this scenario; etc. These could all potentially limit the effectiveness of the KYE attack.
Let’s also not forget that the flow rules under observation in the KYE attacks are the SDN-enabled dynamic defense to those same attacks. SDN brings benefits to network security, including increased awareness of potential threats to the network, that are not attendant to other means of control.
Anyway, my commentary is not to critique the work but to balance the media message it has generated. I thank Mauro, Fabio, and Luigi for their contribution to a growing body of work on SDN security. We can learn from these results to focus our attention in designing and deploying secure SDN.
To The Register, please be cautious with loose use of the word “dangerously.” SDN is no more vulnerable to attack than any other control system; in fact, network security can benefit from this innovation.
- Dr. Sandra Scott-Hayward, Vice Chair of the ONF Security Working Group
About Dr. Sandra Scott-Hayward
Dr. Sandra Scott-Hayward, CEng, is a Lecturer in the Network Security research group at the Centre for Secure Information Technologies (CSIT), Queen's University Belfast. She has experience in both research and industry, having worked as a Systems Engineer and Engineering Group Leader with Airbus before returning to complete her Ph.D. at Queen's University Belfast. At CSIT, Sandra leads research and development of network security architectures and security functions for SDN. Sandra is Vice-Chair of the Open Networking Foundation (ONF) Security Working Group and received an Outstanding Technical Contributor Award from the ONF in February 2015. Sandra's full research profile can be found here.
Cyber London and the Centre for Secure Information Technologies invite applications for joint programme to encourage entrepreneurship in cyber security
Cyber London (CyLon) and the Centre for Secure Information Technologies (CSIT) today launched HutZero, a cyber security early stage accelerator programme which will be run jointly by the two organisations following a competitive tender. HutZero is now accepting applications from individuals who want to turn their ideas into successful cyber businesses. Twenty candidates will be selected to join HutZero’s first cohort in September 2016.
HutZero is funded by the Department for Culture, Media and Sport (DCMS) as part of the Government’s National Cyber Security Programme, which aims to protect the UK in cyber space and promote growth and innovation in the UK cyber security industry. The accelerator programme will consist of two stages, starting with a week-long bootcamp held at CyLon’s London premises, and an autumn follow-up event. Participation is cost-free, as HutZero will cover successful applicants’ expenses.
HutZero aims to give participants the skills and network required to take the next step in starting their business. The programme’s two stages will be bridged by mentoring and advice from HutZero’s network of cyber security and business experts. The bootcamp will cover subjects including technical development and business fundamentals, with lectures conducted by noted cyber security practitioners and start-up gurus. Participants will benefit from one-to-one mentoring with individuals from a range of sectors, including academia, industry, government and the investment community. They will also benefit from co-working in a dynamic environment with likeminded innovators and potential co-founders.
“The Government is committed to investing in the UK's cyber security industry so I'm pleased we're supporting HutZero, a unique programme for talented individuals wanting to start a cyber security company in the UK. Working with Cyber London and CSIT who are developing this initiative, I hope HutZero will attract the most inquisitive minds from academia, industry, Government and further afield. This programme will help make sure we support the next generation of innovative UK cyber security companies”, said Digital Economy Minister Ed Vaizey.
“Public awareness of cyber threats and vulnerabilities is increasing fast. In parallel, a wealth of innovative cyber security solutions is being developed in response to the needs and opportunities arising in the sector. With analysts* forecasting that European businesses will spend over $35 billion on cyber security by 2019, the potential returns for successful cyber entrepreneurs are huge”, said Jonathan Luff, co-founder of Cyber London. “Cyber security is a highly-skilled field in which startups need specialist expertise and guidance to succeed. HutZero will offer this support.”
“The requirement for cyber security solutions and services is growing, but the industry doesn’t see the level of innovation that other areas of technology have benefited from in recent years”, said Dr. Godfrey Gaston, Director, the Centre for Secure Information Technologies. “At the moment, accelerator programmes tend to be generic and are focused on teams of people with fully fledged business ideas. There’s a mass of people out there with ideas, but nowhere to take them. This programme provides the first step.”
HutZero is a two stage, six month early stage accelerator programme that will help to transform early stage ideas into viable propositions and potential new businesses. Run by Cyber London and CSIT, HutZero will support individuals interested in starting their own cyber business, connecting them with a range of likeminded entrepreneurs and domain experts. The programme will comprise an intensive weeklong bootcamp and an Autumn follow-up event for progress-tracking and alumni networking, bridged with ongoing guidance from HutZero staff and mentors. For more information and to apply please visit www.hutzero.co.uk
About Cyber London
Cyber London is a hub for the cyber security companies of tomorrow. Our three month accelerator programme offers some of Europe’s most promising entrepreneurs the training necessary to build and grow a successful cyber security company. Alongside an intensive professional curriculum, Cyber London’s participants also receive personal guidance and support from an accomplished network of mentors. Our programme culminates with a Demo Day, allowing participants to present their products, progress and potential to a range of partners and investors. Our incubator space supports more advanced cyber security companies looking to take their businesses to the next level. For the duration of the programme, our incubator teams access the benefits of Cyber London’s unique network and expertise whilst they focus on business and product development. Both the accelerator and incubator are housed in fully-furnished, modern office space in London.
For more information, please visit https://cylonlab.com/
*Information taken from Global Cyber Security Market Research Report: 2014-2019, Europe Cyber Security, MicroMarketMonitor, http://www.micromarketmonitor.com/market-report/cyber-security-reports-7651948375.html
01/06/2016: Intelligent Environments partners with Queen's CSIT
The Centre for Secure Information Technologies (CSIT) at Queen’s is entering a new partnership with leading financial technology firm Intelligent Environments, in a world-first cybersecurity endeavour.
The collaboration is part of the Knowledge Transfer Partnership programme, which embeds the latest academic research within leading businesses. A graduate will be recruited to work in Intelligent Environments’ Belfast office as part of the development of the company’s security software proposition, Interact AppSensorFS.
The Partnership will further boost Intelligent Environment’s capability to develop secure and innovative digital financial solutions by benefiting from CSIT’s research into cybersecurity and Artificial Intelligence while CSIT will likewise gain new real-world experience in the fin-tech sector. The wider academic community investigating cyber-security will benefit from the resulting research into ever-changing attack trends on the banking sector.
The partnership is being developed against the backdrop of the financial industry facing an unprecedented volume of security incidents, despite high levels of spending on security measures. According to a PWC report, security breaches were at an all-time high in 2015, rising to 90 per cent from 81 per cent in 2014.
Despite the high threat level, no European retail bank has attack-aware security that automatically detects and responds to intrusions inside perimeter defences. While most banks have sensors inside the building as well as on the door, that’s not the standard for financial services technology.
CSIT and Intelligent Environments’ collaboration aims to put an end to this through its Interact AppSensorFS proposition, which uses a state of the art detection approach using machine learning and prior knowledge.
Machine learning, a form of Artificial Intelligence, will be used to model user behaviour, teaching Interact AppSensorFS to recognise when a hacker is entering or is in a bank’s system, alerting security officers and providing solutions to negate the threat. Interact AppSensorFS connects remote sensing detectors together into a common security console, helping to monitor the overall security risk and will activate alarms if defensive action is required.
Clayton Locke, chief technology officer, Intelligent Environments, said the development of Interact AppSensorFS is an important step towards solving what is becoming one of the biggest problems for the financial services sector today.
“By not being attack-aware, traditional security measures are like putting a lock on the door after the burglar is already inside the building. Now for the first time, banks can deploy security that responds from inside applications that are self-defending.
“We believe 2016 is the time for the financial services industry to evolve and start using technology that can anticipate and differentiate between typical user and criminal behaviour and have the capability to cope in real-time. Our partnership with CSIT to develop Interact AppSensorFS will be key to this evolution.”
Lorraine Marks, Queen’s University’s KTP Manager, said: “Our Knowledge Transfer Partnership collaboration with Intelligent Environments, aims to share expertise between our two organisations, whilst providing our students with a chance to undertake practical as well as theoretical experience. The recruitment process for the position of KTP Associate is now underway and we welcome applications from any suitably qualified graduate.
“This Partnership is a cybersecurity world-first, and it’s exciting that we are able to play a part in it. The learning and experience from this project will also feed back into the regular review of our new Masters in cyber security’s course content, and provide further real-world examples of technology application.”
The Queen’s academics supporting the partnership will be Dr Phillip O’Kane, a machine learning specialist and Professor Sekir Sezer who specialises in the acceleration of network processing and cyber security related functions.
This proposition is what Gartner refers to as a Runtime Application Self-Protection (RASP) solution designed to protect Intelligent Environments’ Interact digital banking solutions from cyber-security attacks. The initiative was originally based on ideas put forward by the Open Web Application Security Project (OWASP), a global not-for-profit charity focused on improving software security.
About Intelligent Environments
Intelligent Environments is an international provider of innovative mobile and online solutions for financial services providers with offices in London and Belfast. Our mission is to enable our clients to always stay close to their own customers.
We do this through Interact®, our single software platform, which enables secure customer acquisition, engagement, transactions and servicing across any mobile and online channel and device. Today these are predominantly focused on smartphones, PCs and tablets. However Interact® will support other devices, if and when they become mainstream.
We provide a more viable option to internally developed technology, enabling our clients with a fast route to market whilst providing the expertise to manage the complexity of multiple channels, devices and operating systems. Interact® is a continuously evolving technology that ensures our clients keep pace with the fast moving digital landscape.
We are immensely proud of our achievements, in relation to our innovation, our thought leadership, our industrywide recognition, our demonstrable product differentiation, the diversity of our client base, and the calibre of our partners.
For many years we have been the digital heart of a diverse range of financial services providers including Atom Bank, Generali Wealth Management, HRG, Ikano Retail Finance, Lloyds Banking Group and Think Money Group.
15/03/2016: Justice Minister addresses international cyber summit
Justice Minister, David Ford has highlighted work ongoing through the Organised Crime Task Force to tackle cyber crime.
Speaking at the World Cyber Security Technology Research Summit, hosted by Queen’s University’s Centre for Secure Information Technology (CSIT), David Ford said:
“As chair of the Organised Crime Task Force (OCTF) I am very much aware that a growing concern for both businesses and individuals has been the rise in cyber crime.
“In 2014 the OCTF established a cyber crime sub group to help bring a unified law enforcement approach to the fight against this rapidly escalating, rapidly expanding problem. CSIT was a founder member of both the original group, and a later established industry based group, and have provided a valuable contribution to the work of both.”
Continuing the Minister said: “For the PSNI, National Crime Agency and other law enforcement agencies, cyber has become a significant and ever growing priority area. The PSNI e-crime centre has been taking forward valuable work in prevention as well as crime detection. This has included the introduction of a reporting portal for businesses as well as a range of awareness raising initiatives for the public in conjunction with Get Safe Online.
“The approaches from online criminals have unfortunately become more sophisticated in recent years and we need to respond to this. We all, as individuals, as consumers, as business owners, as those involved in law enforcement, need organisations such as CSIT, and all those experts represented here today, to be working, often behind the scenes, to help us to outflank would-be criminals and also to train those who will continue the fight.”
Professor John McCanny, Principal Investigator in the Centre for Secure Information Technologies at Queen’s University Belfast, said: “Queen’s University, as a UK leading centre for Cyber Security, was recently recognised at Buckingham Palace with a prestigious Queen’s Anniversary Prize. The annual Cyber Summit has now become an internationally renowned meeting of world leading experts in this field to come together to tackle the greatest challenges to our online safety. The UK has the most advanced digital economy in the world worth around 12.4% of GDP and growing fast. We are all now highly dependent on the internet whether at home, work, in our vehicles or in the control systems and things that carry out a multitude of autonomous tasks for us. Cyber security is now a core technology requirement for all of these. This, our 6th annual Summit, will help inform our research to develop the next generation of cyber security technologies.”
Queen’s Chancellor Mr Tom Moran and Vice-Chancellor Professor Patrick Johnston along with the Head of Cyber Security, Professor John McCanny are at Buckingham Palace today (25 February 2016) to receive a national honour from His Royal Highness, The Prince of Wales, for the University's work in protecting the online activity of billions of internet users around the world.
The Centre for Secure Information Technologies at Queen’s – a major hub for research and innovation in electronic engineering and cyber security – will receive a Queen’s Anniversary Prize for Higher and Further Education.
Based at the Northern Ireland Science Park in Belfast’s Titanic Quarter, the Centre for Secure Information Technologies, with 90 staff, is one of Europe’s largest university cyber security research centres. It has developed breakthrough innovations, including novel technology to be integrated into Apps to improve security for online financial transactions; anti-counterfeit technology to prevent internet fraud; and new processors to deliver filtered internet to homes and businesses, stripping out viruses, malware and malicious content. CSIT is funded by the UK Engineering and Physical Sciences Research Council (EPSRC), Innovate UK and Invest Northern Ireland.
Receiving the award at Buckingham Palace, Queen’s Vice-Chancellor Professor Patrick Johnston said: “The Queen’s Anniversary Prize is one of the most prestigious honours in higher education and recognition of CSIT which has put Northern Ireland firmly on the map as a lead player for cyber security.
“Cyber security is a major global challenge, with cyber crime increasing at an alarming rate. The need for strong and resilient cyber security technologies has never been greater. CSIT is home to some of the world’s foremost cyber security experts. It is at the forefront of efforts to protect the UK from cyber attacks and to maintain the public’s trust that their online privacy and data is kept safe.
"CSIT has also been a critical factor in securing almost 1,200 cyber security related jobs in Northern Ireland, injecting around £40 million per year into our economy. It is helping to meet the demand for well-qualified graduates to fill these jobs through its postgraduate courses. It’s Masters in Cyber Security which is underpinned by the Centre’s world-class research, and the CSIT Doctoral Training Centre, attracts PhD students from around the world.
"The Centre is a great example of the global impact of Queen’s world leading research.”
Professor John McCanny, Head of Cyber Security at CSIT, said: “CSIT’s unique strength lies in its approach to the innovation and commercialisation of ground-breaking research. It overlays an excellent academic research environment with an infrastructure that is more common in high-technology companies, creating a unique team of researchers, innovators and engineers that accelerates the translation of research into new business opportunities and the creation of new companies.
“CSIT prides itself on two pillars of excellence – in its world-leading research, and its unique model for commercialising that research. Links with global companies including IBM, Intel, Infosys, Allstate, BAE Systems, Thales, Euronext and Equiniti, provide valuable routes to market for CSIT’s technological innovations. Strong relationships with local companies also allow SMEs unrivalled access to engineering and research expertise, enabling them to grow their business internationally.
"Our strength in this area was recognised by the UK Government in January 2016 when it announced that CSIT, in partnership with Cyber London, will lead the Early Stage Accelerator Programme to support cyber security start-ups in developing innovative technical solutions to keep the UK safe from cyber attacks. This programme will offer start-ups advice on how to develop their products and services and bring them to market."
Employment and Learning Minister, Dr Stephen Farry said: “I congratulate Queen’s University Belfast on being honoured by Her Majesty the Queen for its work in strengthening global cyber security and protecting the online activity of billions of internet users around the world.
“CSIT has been a critical factor in establishing Northern Ireland as the UK’s leading cyber security cluster by promoting close to 1,200 new cyber security related jobs through spinout activity, indigenous business scale-up and Foreign Direct Investment. CSIT also plays a vital role in building the capacity and capability of local companies through the provision of high quality masters and PhD graduates.”
CSIT will host the World Cyber Security Summit in March – an annual event which brings together the international research community, industry leaders and government policy makers in Belfast to discuss cyber security challenges.
Media inquiries to Michelle Cassidy (Thursday-Friday) or Anne-Marie Clarke (Monday-Wednesday) at Queen’s University Communications Office. Tel: +44 (0)28 9097 5310 Email: firstname.lastname@example.org
Meet with CSIT, the UK’s National Innovation and Knowledge Centre for Cyber Security at RSA Conference 2016, Booth South Expo #S1745.
We are exhibiting at the RSA Conference this year (South Hall #1745) and Commercial Director Stephen Wray and Tech Marketing Manager David Crozier will be at the show.
CSIT is based at Queen's University Belfast. With over 90 people we are the largest university research lab in the UK in the field of cyber security. In the last 5 years we have spun out 6 new companies and supported a number of additional start-ups across the UK. We have a significant amount of collaborative research programmes (including Horizon 2020) and we have been the nucleating point for the emerging Belfast Cyber Security Cluster (now over 1,000 new jobs).
We are focussed on working with industry partners and responding to industry need and as such would very much welcome the opportunity to meet a relevant member of your team.
To schedule appointments throughout the duration of RSA Conference 2016 please contact Morgan Magee: email@example.com
Belfast, 24 November 2015: A new incubator programme, CSIT Labs, https://csitlabs.com, designed to support new cyber security ventures start, scale and engineer minimum viable product that has a clear market fit was launched today by Queen’s University Belfast’s Centre for Secure Information Technologies (CSIT), the UK’s national Innovation and Knowledge Centre for cyber security.
Recent high profile cyber security breaches show the significant costs to businesses associated with such events in terms of the remediation, loss of customer trust and shareholder value. On Tuesday 17th November 2015 Chancellor George Osborne announced that UK Government funding for cyber security is set to double to £1.9bn by 2020. This highlights the importance being placed on tackling the scourge of cybercrime and the scale of the economic and commercial opportunity available for innovative new technologies and companies in this area.
CSIT has established a reputation as a global innovation hub for cyber security. The CSIT Labs incubator programme formalises its successful innovation process and expands it to enable teams from wider UK academia, organisations and start-up/SMEs to benefit from its experience, ecosystem and world leading engineering capability. Teams will partake in a managed incubator programme which, uniquely, provides up to 6 months engineering development resource, to take ideas and promising research in the field of cyber security through to investment and market ready stage.
CSIT, a recipient of a The Queen’s Anniversary Prize for Higher and Further Education in 2015, was established as the UK’s national Innovation & Knowledge Centre (IKC) for cyber security in 2009 with funding from the Engineering and Physical Sciences Research Council (EPSRC) and InnovateUK with additional support from Invest Northern Ireland. In March 2015 CSIT announced phase 2 core funding, from EPSRC and InnovateUK, and with a focus on growth, CSIT will continue to produce ground breaking innovations and programmes aimed at scaling new UK cyber security ventures at the Centre, such as CSIT Labs.
Read more on the CSIT Labs website here.
Queen’s University Belfast is being honoured by Her Majesty the Queen for its work in strengthening global cyber security and protecting the online activity of billions of internet users around the world.
The Centre for Secure Information Technologies (CSIT) at Queen’s – a major hub for research and innovation in cyber security - is being awarded a Queen’s Anniversary Prize for Higher and Further Education. The award comes two days after the Chancellor, George Osborne, announced plans to double funding to fight cybercrime in the effort to protect the UK from online attacks.
Based at the Northern Ireland Science Park, in Belfast’s Titanic Quarter, CSIT, with 90 people, is one of the UK’s largest university cyber security research centres. It has developed breakthrough innovations, including novel technology which will be integrated into Apps to improve security for online financial transactions; anti-counterfeit technology to prevent internet fraud; and new processors to deliver filtered internet to homes and businesses, stripping out viruses, malware and malicious content.
Welcoming the announcement, Queen’s Vice-Chancellor Professor Patrick Johnston said: “Cyber security is now a major global challenge, with cyber crime increasing at an alarming rate. Earlier this week, the UK Government warned of the threat of cyber attacks on vital online infrastructure, such as that which supports hospitals, banks and air traffic control systems. The need for strong and resilient cyber security technologies has never been greater. CSIT is home to some of the world’s foremost cyber security experts. It is, and will continue to be, at the forefront of efforts to protect the UK from cyber attacks and to maintain the public’s trust that their online privacy and data is kept safe.
“Since its inception five years ago, CSIT has pioneered research, development and collaboration to protect people and business and drive economic development. The Centre has had a positive impact on the security of billions of internet users around the globe and we are delighted that has been recognised by the Queen’s Anniversary Prize. I congratulate all those involved.”
Professor John McCanny, Principal Investigator at CSIT, said: “CSIT’s unique strength lies in its approach to the innovation and commercialisation of Queen’s ground breaking research. It overlays an excellent academic research environment with an infrastructure that is more common in high-technology companies, creating a unique team of researchers, innovators and engineers that accelerates the translation of research into business. As a result, CSIT and Northern Ireland are fast becoming a global innovation hub for cyber security.”
Cyber security is the biggest risk facing public and private sector organisations over the next decade and should be a priority for investment, leading business technology provider Equiniti said today
The company believes large organisations have the potential to save millions of pounds every year by successfully defending attacks from hackers and reducing fraud, if they can harness the leading-edge research and apply it to their business.
Equiniti made the statement as it announced an official partnership with the Centre for Secure Information Technologies (CSIT) in Belfast - the UK’s lead university centre for cyber security technology research.
“Equiniti handles huge volumes of highly sensitive data, our clients trust us with over 1PB of data - the equivalent of almost 250,000 DVDs - and they need to know their data is secure and safe. We also deliver managed IT services to some of the most highly regulated organisations in the UK, such as Land and Property Services NI and Her Majesty’s Passport Office, and their exacting and evolving security demands must be met,” Equiniti’s managing director, Owen Lamont, said.
Owen continued: “CSIT is the UK’s centre of excellence for research into cyber security and one of the top cyber security clusters in Europe, so it makes perfect sense for Equiniti to support the Centre and to benefit from its ground-breaking work.
“Belfast has a strong reputation as a growing IT and cyber security hub and Equiniti is well positioned to feed into this expertise through our Northern Ireland operation.”
Government figures released last week suggest that 90 per cent of organisations have suffered a security breach in the past year.
Equiniti is particularly interested in testing some of the innovative biometric technologies being developed at CSIT, which it believes could have a number of applications across its business services, increasing efficiency and reducing the chance of fraud.
Stephen Wray, Commercial Director at CSIT said: “Having Equiniti as a member and collaborative partner helps to apply our cyber security expertise into an even wider range of applications in business. Cyber security is an important element in maintaining trust in business, so we look forward to developing solutions that can be used to limit fraud and protect extremely sensitive data from malicious cyber-attacks.
Sabrina Feng, Equiniti’s Group Chief Information Security Officer, added: “Queen’s University and CSIT are at the forefront of cyber-defence research, their aim is to combat and defend against any likely security threats that may arise in the future. As a successful business Equiniti are able to give something back by bringing our real-world experience to CSIT. The opportunities are very exciting for both of us.”
PicoPUF, a CSIT spinout new venture, has been awarded NISPConnect's prestigious INVENT Award grand prize. The INVENT competition, in partnership with Bank of Ireland UK, is an opportunity for anyone with an innovative concept to be recognized as Northern Ireland’s next big thing. The competition has long been considered the foremost Night of Invention in the region.
The PicoPUF team have invented a tiny semiconductor IP core that provides strong, unique authentication for even the cheapest microchip. As well as winning the Electronics category the concept was also awarded the overall grand prize. PicoPUF was deemed by judges to have the most innovative product with the biggest global commercial potential. They faced stiff competition from 11 other finalists in categories including Agri-Food, Life and Health, and Enterprise Software. The award was presented to the trio of CSIT researchers who invented PicoPuf, Neil Hanley, Maire O’Neill, and Chongyan Gu. Their invention means that any grade of device can have the highest grade of security. They took home a prize package of £13,000, a fast-track to NISP’s Springboard programme, and a space on the NI TechMission to California in January 2016.
“There is a perfect storm happening in IT security right now.“ said PicoPUF founder Neil Hanley. “The huge number of devices on the market, combined with the low-cost nature of these devices, makes it impossible to use heavily-computationally-resourced security solutions. Lightweight security will be a game-changer and we are set to capitalize on that. This INVENT competition has been a massive step towards that goal, and we thank the Science Park for the chance to get involved. We can’t believe we won.”
PicoPUF is focused on the area of FPGA chips – used widely in aerospace and by the military – as their initial target market. They are currently raising £250k to fund staffing and development (with plans to hire additional engineers). After FPGA chips are tackled the group can look at other subsets of chips – for instance, those used in mobile phones and machine to machine authentication.
Rounding off a successful night for the Centre was Cognition Video, a processing framework that enables the effective understanding of media content using intelligent automated algorithms, which also won the Enterprise Software category. Cognition Video's novel processing framework analysis video gathered by CCTV cameras, and uses intelligent automated algorithms to: (i) detect motion, such as a moving vehicles (ii) recognise faces (iii) identify gender, and even (iv) profile people by age.
“We are delighted to win the Enterprise Software category at the 2015 INVENT Awards against a particularly strong field. We know that Cognition Video has a market-leading solution for things like people tracking and motion detection, because we’ve tested it against competitors.” said founder Fabian Campbell-West, a Senior Engineer at CSIT. “Our real strength lies in our ability to cover everything a customer would need in video analytics. Our solution has a wide breadth of capabilities.“
At the moment, Fabian and his co-founder Bhargav Mitra are creating a roadmap and prioritizing development areas. The retail industry of the UK and Ireland is one of their first stopping off points because take-up is faster within retail as compared to dealing with councils or law enforcement agencies.
Belfast, Northern Ireland – 10 August 2015:
The Centre for Secure Information Technologies (CSIT), the UK’s lead university centre for cyber security research has today announced that Euronext, the primary exchange in the Euro zone with more than 1,300 listed issuers worth €3.1 trillion in market capitalisation, has become a Full Member and official partner. CSIT is an Innovation and Knowledge Centre (IKC) based at Queen's University of Belfast's, Institute of Electronics, Communications and Information Technology (ECIT) in the Northern Ireland Science Park.
Through its novel 'Open Innovation' model, CSIT recognises the importance of having appropriate partners shape and direct its research agenda so that it has strong commercial and societal impact.
CSIT membership will allow Euronext to leverage top tier cyber security research, ensuring its security posture is forward looking, dynamic, and cutting edge. Further, it will provide Euronext with the opportunity to test new security defence ideas and approaches, anticipate unique attack vectors, and work in a public-private partnership to quickly respond to future threats by leveraging some of the top academic minds in this field.
Robert Duncan, Chief Information Security Officer for Euronext, said: “We are pleased to announce a partnership with CSIT, one of the top cyber security clusters in the European Union. Ensuring we protect the exchange from any threat that could affect the orderly functioning of our markets is important to our customers, stakeholders, and regulator partners. Euronext deploys best of breed security technologies to support our Cyber Security strategy.”
Euronext has invested in a strong IT team based in Belfast, Northern Ireland. Belfast has a strong reputation as a growing IT and Cyber Security Hub, and Euronext is well positioned to leverage a deep pool of local talent and growing Cyber and Technology skillsets in Belfast.
“Having Euronext as a member and collaborative partner helps to apply our cyber security expertise into different market verticals. Belfast is fast becoming a leading centre for capital markets engineering. Cyber security is an important element in maintaining trust in global markets.” said Stephen Wray, Commercial Director for CSIT.
“We look forward to working with Euronext in the months and years ahead to develop innovative new solutions to protect the exchange from cybercrime, external attacks, and malicious activities as well as looking at how our existing knowledge and IP can be applied to this industry.”
Find out more about the benefits of collaborating with CSIT here: http://www.csit.qub.ac.uk/CollaboratewithCSIT/
For more information contact David Crozier, CSIT Technical Marketing Manager: +44 28 9097 1700
Notes to editors:
Euronext is the primary exchange in the Euro zone with more than 1,300 listed issuers worth €3.1 trillion in market capitalisation, an unmatched blue-chip franchise consisting of 24 issuers in the EURO STOXX 50® benchmark and a strong, diverse domestic and international client base.
Euronext operates regulated and transparent equity and derivatives markets. Its total product offering includes Equities, Exchange Traded Funds, Warrants & Certificates, Bonds, Derivatives, Commodities and Indices. Euronext also leverages its expertise in running markets by providing technology and managed services to third parties. Euronext operates regulated markets, Alternext and the Free Market; in addition it offers EnterNext, which facilitates SMEs’ access to capital markets. https://www.euronext.com/en
The Centre for Secure Information Technologies (CSIT), the UK’s lead university centre for cyber security research, is a UK innovation and knowledge centre (IKC) based at Queen's University of Belfast's, Institute of Electronics, Communications and Information Technology (ECIT) in the Northern Ireland Science Park. CSIT has been awarded “Academic Centre of Excellence in Cyber Security Research” status by the UK’s GCHQ in partnership with the Research Councils’ Global Uncertainties Programme (RCUK) and the Department for Business Innovation and Skills (BIS). CSIT’s vision is to be a global innovation hub for cyber security, accelerating new value creation, driving new venture creation and building capacity for the cyber security industry. http://www.csit.qub.ac.uk
Protecting SMEs - Advanced Cyber Security
Seven Technologies Group, Lisburn, and the Centre for Secure Information Technologies (CSIT), Queens University Belfast, are pleased to announce a joint collaboration designing a cloud-based security service specifically designed to enable SMEs to achieve a high level of cyber security.
Project iMES (Intelligent Multifactor Endpoint Security) officially commenced the research phase in Quarter 2 2015 with the pilot launch planned for Quarter 1 2017. It is co-funded by Innovate UK, the UK’s innovation agency, with the aim of providing cyber security solutions to support SMEs across the UK.
iMES is a planned secure and innovative cloud-based Security and VPN service designed to increase the resilience of remote services, provide stronger identity assurance and improve interoperability between platforms. Designed specifically to tackle potential security vulnerabilities of using personal devices, iMES will provide corporate grade security for both iOS and Android platforms plus devices using Window OS, securing connectivity to the internet from any location.
The collaboration draws on the strength of two cyber-focussed enterprises whose aim is to be best in class for innovative Cyber Security. CSIT is renowned for global innovation in Cyber Security and are currently focussing on the next generation of disruptive secure information technologies. Seven is a UK Government approved supplier for its Cyber Security software, an area the company has invested in heavily over the last few years, supporting its full range of security solutions for businesses.
Marc Lade, Seven Technologies Group Cyber Business Development Manager, commented:
“We are delighted to be working with CSIT on this project. Project iMES is focussed on integrating cutting-edge technology into an easy to use solution to protect small and medium size businesses from the threat of cyber-attacks. The high costs associated with reliable security often mean that small businesses, without dedicated IT support, do not have secure ‘last-mile’ connectivity for remote workers using home or public Wi-Fi. iMES users will belong to a UK wide security group as part of a managed service.”
Gavin McWilliams, Engineering Manager CSIT said:
"Translating top class research into commercial impact is central to the CSIT ethos. The iMES project gives us an opportunity to apply novel lip movement biometrics into a user-centric security solution designed for SMEs. We were delighted to support Seven Technologies in their tendering exercise and look forward to development and delivery of a highly innovative cyber-security product which will further prove the depth of engineering talent in Northern Ireland."
For more information on this story or any of Seven Technologies Group solutions please contact Sheila Harper, Marketing Executive – Sheila.Harper@7techgroup.com
Notes For The Editor
Seven Technologies Group
With over 30 years of commercial experience, and a pedigree of real-world operational experience to draw on, Seven prides itself in offering its customers the right solution for the right environment. Products, training, research and development, and integrated support are delivered with an operational focus from experienced practitioners and scientific experts and with a dedicated 24/7 support commitment.
For the commercial and industrial sectors, Seven specialise in the field of rugged electronic systems and provide a range of security solutions for Asset Management, Site Security, Cyber Security and Machine-to-Machine applications.
Seven's approach to everything starts with the customer and its dedicated team shares their unique technical expertise and practical experience to deliver cost-effective and enduring solutions for both simple and complex requirements. For further information please visit www.7techgroup.com
Centre for Secure Information Technologies
The Centre for Secure Information Technologies (CSIT) is the UK national Innovation and Knowledge transfer Centre for IT security. Established in 2009, CSIT is also recognised as an academic centre of excellence in cyber security research by the UK Research Council.
Queen’s University is one of the UK’s leading research-intensive universities, and has recently been placed in the Top Ten in the UK for research intensity in the Research Excellence Framework assessment. In this exercise, 93% of the research conducted by CSIT academics was adjudged to be ‘world-leading’ or ‘internationally excellent’.
For further information please visit www.csit.qub.ac.uk
Innovate UK is the new name for the Technology Strategy Board – the UK’s innovation agency. Taking a new idea to market is a challenge. Innovate UK funds, supports and connects innovative businesses through a unique mix of people and programmes to accelerate sustainable economic growth. For further information visit www.innovateuk.org
On Monday 6th August 2015, ECIT was pleased to welcome Professor Dame Ann Dowling, President of the Royal Academy of Engineering, to our facility.
Dame Ann was greeted by Professor John McCanny, ECIT Director, and given an overview of the work of the Institute and it's Centre for Secure Information Technologies (CSIT). This was rounded off with a tour of the building by Professor McCanny and Professor Vincent Fusco, of ECITs High Frequency Electronic Circuits cluster.
Professor Dame Dowling was particularly interested in ECIT's research, innovative commercialisation model and impact.
The author of the Dowling Review also recieved an Honory Graduate, DSCEng, for her services to engineering at Queen's University Belfast during her visit.
A technology spin-out from CSIT has completed an £850,000 investment round which will help drive international sales.
Titan IC Systems secured funding from Belfast-based investors Techstart NI and Co-FundNI, which is managed by Clarendon Fund Managers.
Based at the Innovation Centre in Titanic Quarter, the company provides cybersecurity systems and recently opened an office in San Francisco's famous Silicon Valley.
Godfrey Gaston, chief executive of Titan IC, said the investment will allow for an increase in product development and added that it is an "exciting time" in the company’s growth, especially in the target market of the US.
Dr Sandy McKinnon, partner with Techstart NI, added: "Securing the content of the internet is becoming harder and harder.
"Titan IC's core capability of being able to analyse digital content at rates that are orders of magnitude faster than any of its competition gives its security customers a huge competitive advantage in next generation firewalls and similar systems."
Queen’s University Belfast will be at the forefront of a major, new European push to combat increasingly sophisticated cyber-attacks.
The Queen’s-led SAFEcrypto project will draw together cryptographers and other IT experts from Germany, France, Switzerland, Britain and Ireland to devise urgent security solutions capable of withstanding attack from the next generation of hackers.
The project will focus on an acute threat from emerging technologies including ‘quantum computers’ – capable of processing information many times faster than the silicon-based computers we use today.
The project, which will run for four years at a cost of €3.8million, will concentrate on three main areas:
• Protecting information passed via satellites
• Protecting public-safety communications systems, eg those used by police, fire and ambulance services
• Safeguarding the privacy of data collected by municipal authorities
Project lead Professor Máire O’Neill from the Centre for Secure Information Technologies (CSIT) at Queen’s said: “CSIT was among the first centres in the UK to be recognised as a centre of academic excellence in cyber-security research in 2012, and it is a natural progression for us to start working on a larger, pan-European stage. Horizon 2020 has given us the opportunity to form a project consortium which is a true partnership between industry and academia. This is yet another example of how Queen’s is making a difference and having a global impact on society.”
Professor O’Neill, who was awarded a UK Royal Academy of Engineering Silver Medal in 2014 and who is a former British Female Inventor of the Year (2007), added: “Organisations are steadily increasing the level of spending on encryption products to protect their intellectual property and to maintain the privacy of customer details and personal information. It is estimated that 25% of enterprises globally operate an internal public key encryption infrastructure (PKI). We believe these present day PKI systems will become vulnerable to attack by a new form of very powerful quantum computers in the near future.”
SAFEcrypto represents the first major project to be co-ordinated in Northern Ireland using funding from Horizon 2020, the biggest EU research and innovation programme ever developed. The NI Assembly has set a target of winning €145 million from the Horizon programme between now and 2020.
Queen’s University is one of the UK’s leading research-intensive universities, and has recently been placed in the Top Ten in the UK for research intensity in the Research Excellence Framework assessment. In this exercise, 93% of the research conducted by CSIT academics was adjudged to be ‘world-leading’ or ‘internationally excellent’.
Update: Listen to CSIT Principal Engineer Gavin McWilliams being interviewed on U105FM talking about the SAFEcrypto project:
For further information, contact the Communications Office on 028 9097 5320 (Mon-Wed) or 028 9097 5310 (Thurs-Fri) or email firstname.lastname@example.org
Notes To Editors:
(1) Professor Máire O’Neill is available for interview. Bids to the Communications Office on 028 9097 5320 (Mon-Wed) or 028 9097 5310 (Thurs-Fri) or email email@example.com
(2) The SAFEcrypto project will enable CSIT to collaborate with leading researchers in Ruhr-Universität Bochum (Germany), Università Della Svizzera Italiana (Switzerland), and INRIA (France) as well as partners in industry EMC (Ireland), Thales Research and Technology Ltd (UK) and HWCommunications Ltd (UK)
(3) Horizon 2020 is the biggest EU Research and Innovation programme ever with nearly €80 billion of funding available over 7 years (2014 to 2020) – in addition to any private investment that the money will attract. It aims to deliver breakthroughs, discoveries and world-firsts by taking great ideas from the laboratory to the market
On Friday 20 March 2015, Queen's University Belfast's Centre for Secure Information Technologies (CSIT) and SRI International signed a memorandum of understanding (MOU) to establish a scientific and technical collaboration in cyber security.
CSIT is the UK’s National Centre for cyber security innovation and with over 80 people is the UK’s largest university research Centre for cyber security technologies. SRI International is one of the premier research institutes across the globe.
According to the MOU, CSIT and SRI plan to strategically pursue research and technology commercialisation opportunities, particularly for critical infrastructures.
Commenting on this significant international agreement, Stephen Wray, CSIT Commercial Director, said “Both CSIT and SRI are recognised leaders in cybersecurity research, and this strategic engagement will aggregate and strengthen international capability and capacity in this important threat landscape. We are proud to collaborate with SRI, a renowned research institute that has had an impact on so many technological innovations.”
Speaking about the proposed collaborative research engagement, Dr. Ulf Lindqvist, Program Director, Computer Science Laboratory, SRI International said, "The cyber security threat to critical national infrastructure respects no borders and is truly global in its reach. Collaboration and partnerships across organizations and nations are required to develop solutions that are both innovative and effective. SRI’s collaboration with CSIT is an important step in this direction”.
Please direct media enquiries to David Crozier, CSIT’s Marketing Manager on 028 9097 1700 or firstname.lastname@example.org
Notes to editors:
About The Centre for Secure Information Technologies
The Centre for Secure Information Technologies (CSIT) is based at Queen's Institute of Electronics, Communications and Information Technology (ECIT) in the Northern Ireland Science Park. CSIT’s mission is the creation of a global innovation hub for cyber security, accelerating new value creation, driving new venture creation and building capacity for the cyber security industry. Find out more at: http://www.csit.qub.ac.uk
About SRI International
SRI International creates world-changing solutions to make people safer, healthier, and more productive. SRI, a research center headquartered in Menlo Park, California, works primarily in advanced technology and systems, biosciences, computing, and education. SRI brings its innovations to the marketplace through technology licensing, spin-off ventures and new product solutions. Find out more at: http://www.sri.com/
This blog post was originally published by Leonie Tanczer on the Alexander von Humboldt Institute for Internet and Society website.
Leonie, a research fellow at the university, wrote this blog after attending CSIT's 5th World Cyber Security Technology Research Summit 2015.
To view the original post click here.
One week ago, the 5th Global Cybersecurity Technology Research Summit organised by the Centre for Secure Information Technologies (CSIT) at Queen’s University Belfast (QUB) took place. This year’s conference was underpinned by the theme »A Future Legacy” and was tied to Belfast’s heritage as a hub for industry and engineering. Among the more than hundred participants from academia, industry and governments, future technological developments and challenges were discussed. Specifically the societal element of cybersecurity was one of the core focuses of this year’s keynotes and break-out sessions, depicting a new as well as a necessary trend within the field.
Day 0: Let the hacking begin
One day prior to the official start of the main Summit, attendees had the change to engage in a capture the flag hackathon. Some Twitter-Posts display that the competitors took the task very seriously and – for once and officially – hacking was allowed and actually more than welcomed. Day 0 ended with a brief speaker’s session which involved Pizza and free drinks and hopefully comforted all the ones who lost or simply missed to eat throughout the day.
Security means Resilience
The main Summit started on Thursday the 19th of March and opened with the announcement that CSIT at QUB had secured funding further cyber security research focussing on Smart Cities and the Internet of Things.
With this pleasant news in mind the event was kicked off by Professor John McCann (CSIT), whereby in the course of the next days all speakers emphasised the importance of the capability to detect, prevent and defeat cyber threats and to generate a robust and resilient internet based on adequate software and hardware solutions. Certainly methods such as detecting anomalies, conducting malware or behavioural analysis or simply monitoring access controls – which have been discussed and displayed at the Summit – are ways of dealing with the issue. However, the presenters were aware that not addressing the root causes of threats and risks will not provide sufficient solutions for the future. It is therefore that the aspects of human security and collaboration were prominent ideas across the Summit.
The Human Element in Cybersecurity
The factor human in cybersecurity ranges from the handling of insider threats, ensuring privacy and data protection, to the notion of victimology, up to the general needs and requirements of customers. The Summit took in this regard a specific interest in emphasising the individual, which was reflected in all presentations but was specifically discussed in the context of two break-out sessions which dealt with the topic of political activism and psychological dynamics online. Besides, as it is difficult it is to guarantee technical security despite the fallibility caused by human errors, the human element is and should be part of any cybersecurity equation.
The inclusion of non-technical research areas at the Summit is therefore a positive development and should foster a debate on the progression of a multi- and transdisciplinary research field that touches upon both technical as well as societal factors. The just recently set up Leverhulme Interdisciplinary Network on Cybersecurity and Society (LINCS) at QUB will hopefully influence this trend further.
How to Influence People To Care?
Align with the idea to focus more on the human element in cybersecurity considerations, speakers such as Jon Browning (OCSIA) articulated the need to get more people demand appropriate security solutions. This sentiment on making people aware of the importance of cybersecurity and to evaluate and be cautions about potential security risk online was accompanied by the request to involve more people in cybersecurity education and was specifically addressed by Dr Douglas Maughan (US DHS). A quick survey among the Summit participants in the course of his presentation revealed the age gap among the audience; less than ten people were under thirty years of age. This outcome reflects the overall cybersecurity sector which is facing a significant recruitment problem across all nation states and was noted by Maughan.
Collaboration and Information Sharing
This idea of not being able to simply protect the internet and/or the human online was accompanied in the constant and reoccurring theme across the conference to engage in collaboration and information sharing. Zach Tudor (SRI International) and Suren Gupta (Allstate) articulated this issue as a prevalent topic in cyber protection and as an essential issue to proceed with future developments. This was echoed by Mark Schloesser (Rapid7) who in the course of his presentation referred to the Internet-Wide Scan Data Repository and Recog as positive examples of research data sharing and publicly archiving collected information. According to Schloesser the cybersecurity field has to embrace the community and reduce Intellectual Property while using Open Source Software where possible. This statement certainly set his presentation apart from the rest and highlights one of the first commitments and hopefully also future developments to the demand for collaboration expressed across the attendees.
My Personal Résumé
Overall, the 5th Global Cybersecurity Technology Research Summit 2015 encompassed far more than the here outlined issues. The topics stretched from the successful setup and support of start-ups up to the governmental steps taken to address cybersecurity in small and medium-sized enterprises. However, what I take away from these couple of days is certainly that companies seem to require and actually want users to demand security. It is therefore that we should not tolerate flawed and insufficiently debugged software and make our voice heard. Moreover, security should no longer be an opt-in option – neither for users nor the industry – but ensured and guaranteed by default.
This goes along with the need to shift the focus from a purely technical to an interdisciplinary research field that is able to address all factors which come into play when developing cybersecurity solutions. Social scientists and ethicists are needed to not let technology run ahead of itself, leaving major societal developments or problems aside. As we live in a digitalised society, but are most certainly not yet digitalised, the human has to be at the heart of all debates on and developments in cybersecurity. Treating the internet as a separate entity independent of society with all its different actors and their interests can simply not lead to favourable solutions. Thus, all sectors of the cybersecurity field – academia, industry and policy makers – need to be committed to interdisciplinary and knowledge exchange which underlines the importance of events such as the Cybersecurity Summit which brings all of them together in Belfast.
Prospective students interested in Interdisciplinary Cyber Security, view LINCS PhD opportunities here.
A major investment of up to £38 million is set to establish Queen’s University Belfast as a world-leading research and innovation hub for cyber security for Smart Cities and the Internet of Things.
The funding, which has been awarded as part of a major expansion of the Centre for Secure Information Technologies (CSIT) at Queen’s, was announced at the first day of the annual World Cyber Summit.
The £38 million expansion aims to enhance security in highly virtualised environments and connected devices, and to prevent personal information theft and fraud from laptops, smart phones and cloud storage.
Building on the many successes achieved by CSIT since it was established in 2009, the plans for expansion come as security experts and government policy makers from around the world gather for the 5th World Cyber Security Technology Research Summit.
The two-day event, held at CSIT in Belfast, is bringing together leading industry experts to discuss how to combat future threats to global cyber security. The select group of experts will share current trends in cyber security, look at security threats likely to emerge in the years ahead and agree on an international strategy for developing research that will safeguard the ‘Internet of tomorrow'.
Responding to the pioneering aims of the summit, CSIT has been awarded £5million funding from the Engineering and Physical Sciences Research Council (EPSRC) and Innovate UK, along with £9 million core funding from Queen’s, to continue its growth as a UK Innovation and Knowledge Centre - combining research with industry to achieve economic success.
The centre will build on its industry and academic partnerships worldwide, increasing the projected level of investment in its research to £38 million in the next five years.
CSIT will use this investment to drive forward its own research programmes, support the creation of more businesses and jobs, and provide skills and training for the UK cyber security industry, including the creation of a nine-month pre-accelerator program for cyber security entrepreneurs. The Centre plans to recruit 25 additional staff across engineering, research and commercial disciplines.
Speaking during the summit, Professor John McCanny, from the Centre for Secure Information Technologies at Queen’s University Belfast, said: “We are delighted to announce this investment at the World Cyber Security Technology Research Summit, an event which is helping to make the Internet of Tomorrow a safe and secure platform for the next phase of the human journey. This funding recognises how over the last five years we have successfully blended world class research and innovation to deliver economic impact nationally, internationally and regionally.
“In line with the goals of this global summit, the investment will allow us to further accelerate new value creation in this sector, drive business venture creation through our new pre-accelerator programme and build capacity for the industry by providing it with high calibre Masters and PhDs graduates.”
Professor Philip Nelson, EPSRC’s Chief Executive said: “Strong economies are science economies, they invest in the science and engineering research that is needed to drive innovation and growth. The potential benefits of the virtual world and the opportunities that interconnected devices offer, for instance in our abilities to monitoring health, energy and maintain security are vast. However, we need to be able to operate in a resilient and secure environment that can cope with challenge of criminal and external threats. This funding will help arm the UK with the skilled people and techniques it needs to prosper as a nation.”
Kevin Baughan, Innovate UK’s Director of Technology and Innovation said: “CSIT has delivered significant UK economic growth through our original joint investment with EPSRC, contributing to over 950 new jobs in the Belfast cyber security cluster. By extending funding for a further five years, we underline our support for their commitment to raise the commercialisation bar even higher. This will help companies of all sizes grow through leveraging the excellent UK science base in cyber security"
Queen’s University is one of the UK’s leading research-intensive universities, and has recently been placed in the top ten in the UK for research intensity in the Research Excellence Framework assessment exercise. In this exercise 93% of the research conducted by CSIT academics was adjudged to be world leading or internationally excellent.
The 5thWorld Cyber Security Technology Research Summit, running from 19-20 March, will include speakers from the U.S. Department of Homeland Security, the UK Cabinet Office, PricewaterhouseCoopers, Allstate, Symantec, Citi, Paladin Capital Group, Chemring Technology Solutions, RSCI Cyberpsychology Research Centre, Cylab, BAE Systems, RSA and Rapid7. Find out more about the event at: http://www.csit.qub.ac.uk/Belfast2015
Please direct media enquiries to Andrew Kennedy, Queen’s Communications Office on 028 9097 5384 or email@example.com
Notes to editors:
Available for interview from the Centre for Secure Information Technologies (CSIT) at Queen’s University Belfast, are: Professor John McCanny, Dr Godfrey Gaston, Stephen Wray and David Crozier.
The Centre for Secure Information Technologies (CSIT) is based at Queen's Institute of Electronics, Communications and Information Technology (ECIT) in the Northern Ireland Science Park. CSIT’s vision has been the creation of a global innovation hub for cyber security, accelerating new value creation, driving new venture creation and building capacity for the cyber security industry. Find out more at: http://www.csit.qub.ac.uk
The CSIT leadership team consists of the Principal Investigator, Prof John McCanny CBE FRS FREng, CSIT Director, Dr Godfrey Gaston, Research Directors, Prof Sakir Sezer, Prof Maire O’Neill, Prof Weiru Liu, Dr Paul Miller and Commercial Director, Stephen Wray.
Innovate UK is the new name for the Technology Strategy Board - the UK’s innovation agency. We know that taking a new idea to market is a challenge. We fund, support and connect innovative businesses through a unique mix of people and programmes to accelerate sustainable economic growth. For further information visit our website at https://www.gov.uk/government/organisations/innovate-uk
The Engineering and Physical Sciences Research Council (EPSRC) is the UK's main agency for funding research in engineering and physical sciences. EPSRC invests around £800m a year in research and postgraduate training, to help the nation handle the next generation of technological change. The areas covered range from information technology to structural engineering, and mathematics to materials science. This research forms the basis for future economic development in the UK and improvements for everyone's health, lifestyle and culture. EPSRC works alongside other Research Councils with responsibility for other areas of research. The Research Councils work collectively on issues of common concern via Research Councils UK.
A pioneering cyber security business developed as a spin-out from Queen’s University Belfast's Centre for Secure Information Technology (CSIT) has been named as one of the UK’s 12 "most exciting" technology start-ups and has pitched their business at Number 10 Downing Street.
Titan IC Systems is a world leader in developing silicon technology for faster and safer internet data processing.
Titan was selected to take part in Pitch 10, which launched last year as an initiative “to shine a spotlight on the breadth of innovation in the UK” and to help connect early-stage growth businesses with prospective partners.
The companies chosen for this year’s Pitch 10, produced in association with Tech City UK and Tech Nation, were selected by a panel of industry experts including Eileen Burbidge of Passion Capital, Gerard Grech of Tech City UK, and Baroness Martha Lane-Fox, co-founder of Lastminute.com.
The pitches took place at Number 10 last Friday, 20 February, with businesses taking part in a roundtable session to discuss TechNation and the tech clusters hosted by Gerard Grech, TechCity UK CEO and Daniel Korski, Special Adviser to the Prime Minister. Each company gave a three-minute pitch to an audience of VCs, investors and corporate representatives.
Godfrey Gaston, CEO of Titan IC, said: "With the Pitch 10 invite, it is great to see that cyber security is being considered as exciting and innovative from a UK-wide perspective, and that Titan IC and the strength of the work being done in CSIT is being recognised”.
The company was formed in 2007 as a spin-out of cutting-edge research in silicon technology for faster and safer internet data processing in Queen’s University’s Institute of Electronics, Communications and Information Technology Centre (ECIT) by Dr Gaston and other members of the research team, Professor Sakir Sezer and Dr Dwayne Burns. Titan IC is supported by Invest NI through the European Regional Development Funds.
This blog post was originally published by Peter Maynard on The Conversation, 19 February 2015.
Peter, a PhD researcher in CSITs Network Security Systems, wrote the blog in light of the announcent of the arrival of HTTP/2; the first major update in 15 years.
To view the post click here.
Hypertext Transfer Protocol, HTTP, is a key component of the world wide web. It is the communications layer through which web browsers request web pages from web servers and with which web servers respond with the contents of the page. Like much of the internet it’s been around for decades, but a recent announcement reveals that HTTP/2, the first major update in 15 years, is about to arrive.
For example, Google handles 40,000 web searches per second every day. To handle the pressure of serving billions of internet users, the company’s technicians launched a project in 2009 called SPDY (pronounced “speedy”) to improve HTTP. Originally only for internal use, other sites fielding heavy traffic such as Twitter, Facebook, Wordpress and CloudFlare also implemented SPDY having seen its performance improvements.
This caught the attention of the Internet Engineering Task Force (IETF), which develops and promotes internet standards. IETF decided to use SPDY as the basis for HTTP/2 in 2012 – and the two protocols were developed in parallel. Even though Google spearheaded the protocol’s development, the work is continued by the IETF’s open working groups as it has done for other protocols for more than 30 years.
Google recently announced it was dropping SPDY in favour of the soon-to-arrive HTTP/2.
Web pages today can generate many requests for images, CSS style sheets, video and other embedded objects, off-site adverts, and so on – perhaps a hundred of these per page. This adds unnecessary strain to the web server and slows the web page loading time because HTTP 1.1 only supports one request per connection.
HTTP 1.1 is sensitive to high latency connections – those with a slow response time. This can be a big problem when working on a mobile device using cellular networks, where even a high-speed connection can feel slow. HTTP pipelining allows the browser to send another request while waiting for the response of a previous request. While this would go some way to tackling high latency, it is susceptible to problems of its own and is disabled by default in most browsers.
Rather than using clear text, HTTP/2 is now a binary protocol which is quicker to parse and more compact in transmission. While HTTP 1.1 had four different ways to handle a message, HTTP/2 reduces this to one. To tackle the multiple request issue HTTP/2 allows only one connection per site but using stream multiplexing fits many requests into a single connection. These streams are also bi-directional, which allows both the web server and browser to transmit within a single connection. Each stream can be prioritised, so browsers are able to determine which image is the most important, or prioritise a new set of streams when you change between browser tabs.
HTTP is a stateless protocol – every connection comprises a request-response pair unconnected to any connections before or after. This means every request must also include any relevant data about the connection – this is sent in HTTP headers. As HTTP 1.1 evolved, the headers have grown larger as they incorporate new features. HTTP/2 uses header compression to shrink this overhead and speed up the connection, while improving security.
A final addition is server push. When a web page is requested, the server sends back the page, but must wait for the web browser to parse the page’s HTML and issue further requests for things it find in the code, such as images. Server push allows the server to send all the resources associated with a page when the page is requested, without waiting. This will cut a lot of the latency associated with web connections.
Once web servers and web browsers start implementing HTTP/2 – which could be as soon as a few weeks from now – the web-browsing experience will feel quicker and more responsive. It will also make developers' lives easier by not having to work around the limitations of HTTP 1.1.
In fact, some of the latest versions of popular browsers (Firefox v36, Chrome v40 and Internet Explorer v11) already support HTTP/2. For Chrome and Firefox, HTTP/2 will be used only over encrypted connections (SSL) – this, along with the Let’s Encrypt initiative, will probably boost the adoption of encryption more widely.
Congratulations are in order for Dr Sandra Scott-Hayward from CSIT’s Network Security group, for her recent award from the Open Networking Foundation (ONF).
Dr Scott-Hayward, also an ONF Research Associate, was one of seven winners of the Outstanding Technical Awards at the ONF member workday on February 12th, 2015.
Since joining the Foundation’s security group at the beginning of 2014, Dr Scott-Hayward contributed a large amount of valuable ideas. At the award ceremony she was noted for her significant editorial work enhancing the quality of documents proposed by the security group; her deep understanding in the area, and her enthusiasm for the security standard work.
Speaking shortly after the award ceremony which recognised ONF’s top contributors, Dr Scott-Hayward said:
“I’m delighted to receive this award in recognition of my contribution to the Security Working Group of the ONF. The ONF is working to accelerate adoption of open Software-Defined Networking and security of SDNs is a key consideration for successful deployment. As a researcher, it’s extremely valuable for me to participate in ONF both to understand the real challenges facing SDN adopters and to contribute our research findings to help advance the security of SDN technology. The ONF is an excellent forum for this exchange”
Dr Scott-Hayward is an invited speaker at SDN&NFV 2015 in April in London (http://www.whitehallmedia.co.uk/sdn/). She will be discussing the topic of “Securing SDN/NFV in Real World Deployments”.
Find out more about Dr Scott-Hayward’s research into Software Defined Network Security here.
A step forward in further bilateral cooperation in cyber security research.
On Monday 9 February 2015, Queen's University Belfast's Centre for Secure Information Technologies (CSIT) signed a Memoranda of Understanding with the Network Security Laboratory of the Japanese National Institute of Communications and Technology (NICT).
Representatives of CSIT visited Japan along with representatives from Lancaster University and Imperial College London, two other UK Cyber Security Academic Centres of Excellence, for the signing ceremony hosted at the Ambassador’s Residence of the British Embassy, Tokyo. Following on from the ceremony, delegates from the three universities and the NICT participated in a workshop to discuss the framework and themes for research collaboration.
The UK Cyber Security Academic Centre of Excellence scheme is jointly accredited by the GCHQ and EPSRC. Queen’s University Belfast, Imperial College London and Lancaster University are among eleven of such Centres in the UK. The NICT is the sole Japanese national laboratory dedicated to ICT research – the Network Security Laboratory is highly regarded for its excellence in researching cyber security technology. The partnership between the NICT and the three universities was brokered through earlier engagements arranged by the Science and Innovation Network (SIN), including workshops in Japan and a visit by the NICT to the UK in 2014.
Commenting on this significant international agreement Dr Godfrey Gaston, CSIT Director, said
"The threat to our cyber security respects no borders and is truly global in its reach. This is an exciting opportunity for us to work with Japan’s premier Cybersecurity Research Institute and reflects CSIT's growing reputation as a global innovation hub for cyber security research."
Welcoming this signing of the Memoranda of Understanding, DG Toshiyuki Minami of the Ministry of Internal Affairs and Communication said
"With the growing degree of threats in cyberspace, now is the time to enhance cooperation together with industry, academia, government and also internationally. We would like to learn from the experience of the London Olympics and develop further resilient measures to enhance cyber security."
British Ambassador to Japan Tim Hitchens replied by stating
"Japan and the UK share values toward the governance of cyberspace. I look forward to seeing the partnership for cyber security become even stronger, including the cooperation in research and development."
A major initiative to explore the growing area of cyber security and to examine the knock-on effects on society - legal, ethical and cultural - is being lead by the Centre for Secure Information Technology.
CSIT and the Queen's University of Belfast's Institute for the Study of Conflict Transformation and Social Justice (ISCTSJ) will bring together researchers for The Leverhulme Interdisciplinary Network on Cybersecurity and Society (LINCS).
A grant of over £1 million from the Leverhume Doctoral Scholarship scheme, matched by funding from Queen's, will provide 30 doctoral students with three-year scholarships for LINCS, over the next eight years.
The first cohort of researchers will look at ten different areas of study; for example, how increasingly stringent border controls and information-sharing between different jurisdictions may impact on people’s mobility. Other areas of focus will include the use of surveillance such as drones and how it affects an individual’s right to privacy and the trust and authentication threats posed by the ‘internet of things’.
Secure Digital Systems Director at CSIT, Professor Sakir Sezer said: “Researchers in CSIT recognise the social, legal and ethical implications of the future technologies they are developing and of their likely impact on social relations. Researchers in ISCTSJ similarly appreciate that interdisciplinary collaboration with scientists is essential if they are to anticipate the ethical, legal, political and psychological challenges raised by emerging technologies. LINCS will provide an integrated academic network for the next generation of scholars working in this area.”
Director of ISCTSJ, Professor Hastings Donnan FBA said: “This project will offer a challenging, stimulating and integrated academic environment within which a new generation of scholars can pursue truly interdisciplinary research on pressing issues of global significance. It’s a precondition of Leverhulme that research must be groundbreaking and it’s a measure of its confidence in this project that Queen’s has matched the Leverhulme funding. This scheme will not only reinforce the interdisciplinary links that already exist between CSIT and ISCTSJ but will open up new avenues of inquiry, allowing researchers to develop new collaborations.”
The work of both CSIT and ISCTSJ is multi award-winning and was instrumental in Queen’s being placed in the top ten in the UK for research intensity in the 2014 Research Excellence Framework assessment exercise.
The first cohort of LINCS researchers will begin work in September.
This blog post post was originally published by David Crozier on LinkedIn Pulse on 2nd Dec 2014 and can be found here.
Why, I hear you ask, am I going back to basics to learn about a subject in which I am already pretty well versed?
It is true that I have been exposed to cyber security principles and practice for almost 20 years by virtue of my primary degree in Computer Science, internship and subsequent career in both technical and non-technical roles. Heck I've even spent the last three years as Technical Marketing Manager of QUB's Centre for Secure Information Technologies (CSIT), the UK's Innovation & Knowledge Centre for Cyber Security, a role which sees me regularly speak to businesses, students and contributing to TV, radio and print media on the subject of technology vulnerabilities, threats and breaches. The role also involves bringing new cyber security technology, the output of much of our ground-breaking research, to market.
I participated in the 8 week long online course for three reasons:
In a word - yes.
The course surpassed my expectations to be honest. It wasn't patronising, while it assumed no prior knowledge it explored more complex aspects of cyber security explaining them in an engaging way.
Those charged with information and cyber security in organisations and the wider world can often be seen as bad guys and girls in their own right. Blocking access to fun stuff on the internet and not allowing the latest whizzy consumer devices onto corporate networks without a satisfactory reason from an end-user stand-point. The first week explored the threat landscape in depth, explaining why cyber security matters to everyone and laid a solid foundation for the remaining seven weeks.
Over the last number of years many of the times I have been invited by the media to provide analysis on cyber security events has been due to password breaches.
It's one of the reasons I'm so passionate about bringing our LIOPA lip biometric technology to market. Week two covers the whole gambit of authentication even going so far as covering salting, hashing as well as multi-factor which is thankfully becoming the norm for most online services.
One area where I disagree with the course is its highlighting of password manager applications as a solution to remembering multiple usernames and passwords. Personally I see them as a significant risk and prime target for cyber criminals. Hack those and you have the master key for an individual's whole online life.
Weeks 3 and 4 cover Malware and Networking & Communications adequately but it was Week 5's focus on Cryptography which drew my attention. It's an area which we at CSIT carry out significant research in areas such as Post-Quantum Cryptography,Physical Uncloneable Functions (PUF)-PKI and Fully Homomorphic Encryption.
As the family IT go to guy weeks 7 and 8 coverage of what to do when things go wrong and managing risks is welcome. Its also a timely reminder for everyone to fully consider their own vast stores of digital information, prioritising which bits are most important and putting in place a regular backup routine to protect against loss.
Absolutely. Will I tell you the changes I have implemented as a result? Absolutely not. Why make it easier for the cyber criminals? Individuals and organisations are under constant attack. It is a case of when and not if your cyber security defences will be probed and breached - why make it easy for them.
Sometimes subject matter experts can be a little reluctant to admit that they may not be across all the basics in terms of their field. Instead they baffle the uninitiated with the more advanced aspects of their product or service. Looking once again from an amateur’s perspective can be enlightening.
Participating in this course has also opened my eyes to interesting use cases for some of CSIT's innovations.
While this course may close off opportunities for us as an organisation to deliver similar training ultimately it educates a greater number of people in respect of cyber security who will demand greater security from service providers and technology providers. If it encourages more students to consider applying for our MSc Cyber Security or consider carrying out PhD research with us then even better.
Ultimately this will stimulate further the burgeoning global cyber security market benefiting CSIT and the wider industry in which we operate.
The HANDHOLD project, funded by the European Commission FP7 Programme, was mentioned by Enterprise Trade and Development Minister, Arlene Foster, in her opening speech at the eChallenges conference in Belfast on Wednesday as carrying out globally important research, with a North-South dimension, to ensure security at border crossings.
The conference, which provides a networking opportunity for SMEs and others, included a presentation by HANDHOLD co-ordinator, Dr Charles J Gillan, on leveraging cross border collaboration and expertise to deliver a prototype handheld and reconfigurable platform for CBRNe detection.
The Handhold project links European academic expertise in sensors, data analytics, embedded systems design and software engineering with innovation at the three partner SMEs to address the unique challenges of frontier operations. Among the challenges faced, out of the lab, is that of operating equipment at outdoor temperatures below -30C on Eastern European land borders.
The HANDHOLD consortium is a response to the FP7 Security Theme challenge 2011-3.4.2 which sought new technological capabilities for achieving better parallel identification of the elemental, molecular, or biological composition of materials crossing the borders.
Data from Polish authorities reports (EurActiv web site) that in 2010 they seized over 700 million illegal cigarettes, among the largest of any member state. However smuggling is a dynamic business, and smugglers rapidly turn their attention rapidly to other substances and other operational modes. This is where the reconfigurability of Handhold can offer a rapid response.
Congratulations are due to five CSIT staff who have recently passed the Certified Information Systems Security Professional (CISSP®) exam and are well on their way to completing the endoresment process. They are Gavin McWilliams (Senior Engineering Manager), Dr. Suleiman Yerima (Research Fellow), Dr. Sandra Scott-Hayward (Senior Engineer), Ivor Bradley (Senior Engineer), Philip Mills (Business Development Manager). This followed a period of intensive study and a week long CISSP course facilitated by CSIT. All staff had the pre-requestite five years of industry experience required before sitting the exam.
The staff are drawn from a number of disciplines across CSIT including research, engineering and business development representing the Centre's unique position as the UK's Innovation and Knowledge Centre (IKC) in secure information technologies.
CISSP certification is a globally recognised standard of achievement that confirms an individual's knowledge in the field of information security. CISSPs are information assurance professionals who define the architecture, design, management and/or controls that assure the security of business environments. It was the first certification in the field of information security to meet the stringent requirements of ISO/IEC Standard 17024.
While CSIT as an IKC has a responsibility to act as a nucleating point for the nascent cyber security industry which is rooted in science and research excellence it also helps to build and nurture capability for the industry. To accelerate business access to our cutting edge research and maximise the potential for exploitation the Centre continually invests in staff development to ensure they are furnsished with the right skills and experience to make that interface as seemless as poosible.
CISSP certification is just one example of that and shows our commitment to developing our engineering and commercial staff as well as our research and academic staff. If you would like to work for CSIT we are currently recruiting. Find out about our vacant positions here: http://www.csit.qub.ac.uk/about/Careers/
A new cybercrime attack in Eastern Europe and India has been discovered that turns ATMs into ‘free vend’ mode. Security firm Kaspersky Labs discovered the hack, which is enabled by entering a series of digits on the keypad. This latest example of malware, Backdoor.MSIL.Tyupkin, is a category known as a backdoor, an unauthorised control channel used for nefarious activities. Backdoor malware is well known throughout the cyber security industry and is infamous for hijacking and controlling devices from network routers to database servers and home computers.
They are typically controlled by criminal gangs who are using increasingly sophisticated techniques which draw on the security industry’s best practices and even corporate business models. This is just another step in the evolution of crime from the physical world into the cyber arena. A report by the BBC claimed a 90% drop in physical bank robberies in both the USA and UK is correlated with a correspondingly dramatic increase in crime targeting ATMs and on-line services.
Attacks on ATMs started with skimming technology a little over a decade ago. These attacks were facilitated with the miniaturisation of card swipe technology that enabled criminals to attach card reading devices to ATMs to record both the card details and the user’s PIN. This is an attack on a user’s bank account, as the money withdrawn from the ATM during the attack is debited from that users account, whereas Tyupkin is an attack against the ATM dispensary control mechanism.
Early ATM attacks required physical access to the ATM to attach the skimmers, and the latest attacks still require physical access to the ATMs to install the malware on to the computer that controls the ATM dispenser. But unlike attacks based on attaching a skimmer mechanism to the facade of an ATM, the Tyupkin attack requires access to the computer that controls the dispensing of cash from a physically secure vault.
There is no physical indication that the ATM has been compromised and the latest versions of Tyupkin take steps to disable some versions of anti-virus software that may be already running on the ATM's computer. This round of non-skimmer based attacks started with malware called Ploutus that used mobile phone technology to control the ATM.
Tyupkin also requires knowledge of password protection, if any, on the BIOS of the ATM computer. Physical access may have been achieved by using master keys for unalarmed ATM chassis, or it could have been facilitated by a bank insider. INTERPOL are currently investigating. The actual extraction of the cash is in all likelihood not carried out by the malware installer - ironically, an example of the 'separation of duties' security principle in which no single person should be responsible for carrying out a series of critical tasks from beginning to end.
The cash collectors, or mules, visit the ATM to withdraw cash at pre-arranged times. The malware uses another trick from the security industry's handbook, namely time-based access controls. In the intervening period the malware hides itself and evades discovery by bank staff, ATM users and any mules trying to top up their earnings. The illicit withdrawal of cash is tightly controlled by the crime gang using a sophisticated method of randomly generated keys to control the extraction of cash using a mechanism similar to the 2-factor authentication used by some email services. This ensures that the mule does not go freelance and withdraw extra funds. The division of labour and approach to risk management shows the increasing sophistication and business-like approach of the crime gangs.
Advice for ATM safety
Bank customers are increasingly aware of the importance of protecting their PIN and are alert to ATM tampering. This has forced the cyber criminals to search for the next weakest link in the chain. It becomes even more important for the banks to tackle the core problem which appears to be the physical security of the computer inside the ATM and the security of its operating system. Many older ATMs are based on Windows XP technology, which is no longer supported by Microsoft.
Steps that banks can take to prevent these attacks include –
Funding of almost £400,000 has been awarded to CSIT researchers in a bid to reduce cyber-attack threats to the UK’s National Grid.
The Converged Approach towards Resilient Industrial control systems and Cyber Assurance (CAPRICA) project will investigate vulnerabilities within the national grid as wind or solar generated electricity comes on stream. Where the grid operates over the telecoms network it could be vulnerable.
It is one of four new projects made up of a £2.5 million initiative, co-funded by the Engineering and Physical Sciences Research Council (EPSRC) and UK’s National Cyber Security Programme. The initiative will focus on cyber-security of the UK’s critical infrastructure including power stations, the electricity grid and the rail network.
Professor Sakir Sezer of CSIT commented:
“Presently, Ireland frequently operates with over 50 per cent of electricity supplied by wind generation. Operating the system with such high levels of renewable generation is a challenge, and requires complex wide area monitoring and control."
“Should the telecoms systems that support the control system be compromised, the impact of the resultant loss of electricity supply would have far-reaching consequences for society. This would involve loss of consumer supply, supply to hospitals, industry, and would even affect the gas, water and sewage networks."
“The researchers will demonstrate assured and improved operational decision making and lay the groundwork for a new, cyber-threat resilient, control architecture for the grid.”
The CSIT research team will work closely with researchers in QUB's Energy, Power and Intelligent Control (EPIC) reserach cluster as well as industry partners to understand and analyse the risks of cyber-attacks, and how they are communicated to businesses, along with providing involvement to counter these risks. Project industry partners are Scottish and Southern Energy, Statnett and Thales Ltd.
The CSIT research is being coordinated by The Research Institute in Trustworthy Industrial Control Systems (RITICS). RITICS, based at Imperial College London, is co-ordinating the research with a £2.5 million investment into new projects at Queen's University of Belfast, the University of Birmingham, City University London and Lancaster University.
On Tuesday 2nd September Queen’s University Belfast, Centre for Secure Information Technologies (CSIT) lead a three hour workshop on ethical hacking. This event was run in partnership with IBMs Ethical Hacking Team, The Irish Honeynet Project and OWASP Ireland. On the day, over 60 representatives from companies in the emerging Northern Ireland cyber security cluster attended the workshop.
Companies included Rapid 7, Allstate, Kana, Liberty, Automated Intelligence, ShopKeep, PWC, Citi, PSNI, Olenick & Associates, Velocity42, Intel, Kybeire, CME Group and Oracle. These companies were joined by a large number of CSIT researchers, engineers and students.
Although hacking conjures up negative connotations, the only way for users to make sure their web applications are safe and secure is to perform ethical hacking. This is done through using a combination of manual and automated penetration testing techniques. The event was run to bring the attendees attention to the latest security testing techniques that are a concern in the market today.
On the day, the attendees split into 20 teams of three to compete against peers to solve increasingly complex security puzzles derived from real world security threats. After a quick introduction from Stephen Wray, CSIT commercial director, and a demonstration on how to perform ethical hacking from IBM’s team, the tournament got off to a high-paced start. The session helped attendees to write and audit secure code through a ‘Capture the Flag’ tournament. The aim was to ethically hack the site to build up levels, with the fastest team to do so winning the competition.
The workshop helped attendees leave with a familiarity of security testing best practice, terminology, workflow’s and commonly used toolkits. An enjoyable, learning day was had by all who attended. Attendees were not only given the opportunity to learn new ethical hacking techniques, but also network with fellow representatives and on a one-on-one basis with the delivery team.
CSIT have received extremely positive feedback from external participants for the event. The day was a huge success and has opened up several opportunities to make the workshop more of a regular occurrence.
A huge congratulations are in order for the winning team. The team made up of PhD students from CSIT’s Secure Digital Systems cluster, David Beckett, Emma McLarnon and Richard Gilmore, completed levels quickest by the end of the session. The two company teams in joint second place were from Kana Software and ShopKeep.
This opinion piece was originally published in the Belfast Telegraph and can be found on their webiste here.
Online fantasy games have revenues of over £5bn and pose a huge target for criminals, writes David Crozier
Cyber criminals could face real-world jail time if convicted of stealing virtual items such as swords and gold during online games.
That's the proposal from Mike Weatherly, Conservative MP for Hove and Portslade, who is currently 'Intellectual Property Adviser' to the Prime Minister as well as a player of the highly successful 'World of Warcraft' game.
He raised the issue in Parliament last week, asking Mike Penning, Minister of State for Justice if he would "bring forward legislative proposals to ensure that cyber criminals who steal online items in video games with a real-world monetary value received the same sentences as criminals who steal real-world items of the same monetary value".
Theft within virtual worlds and gaming environments is a serious problem, with gamers spending considerable sums of money in addition to dedicating many hours of gameplay amassing virtual gold and in-game goods.
Stealing these virtual goods can produce real-world benefit to criminals, as they can be resold and the proceeds cashed out into virtual currencies such as Bitcoin via illicit online market places.
Bitcoins, when used with virtual currency laundry services, are virtually untraceable and can be used to buy real-world goods and services online or can be exchanged for hard cash through numerous exchanges.
'Massively multiplayer online role-playing games', or MMORPGs are hugely popular around the globe with hundreds of millions of players and predicted revenues for 2014 in excess of $8bn (£5bn). This represents a huge financial target for cyber criminals.
To date there have been isolated cases of individuals being convicted of in-game theft around the world using existing laws.
In 2012 the Dutch Supreme Court upheld the theft conviction of a youth who stole another players possessions in popular online fantasy game RuneScape. In that case the court ordered the offender to perform 144 hours of community service.
Last year a group of Chinese hackers who illegally obtained World of Warcraft accounts for the purposes of virtual gold mining where sentenced to two years in jail for their crimes.
It is now time for the Government to issue new guidance regarding the application of existing laws to this type of criminality rather than rush to draft new legislation.
Individuals who are found in possession of exploit kits which are used to compromise victim's machines through the deployment of malware could be deemed to be "going equipped for stealing" under the Theft Act (Northern Ireland) 1969 and sentenced for up to three years.
Any new law will have to take account of player versus player (PvP), a type of legitimate multiplayer interactive conflict within games between two or more live participants where theft of virtual goods is accepted practice.
Furthermore, this type of online theft is truly global, so legislating in the UK alone will do little to reduce the instances and impact of this type of theft.
Multi-jurisdictional collaborative investigations by law enforcement agencies are required to bring offenders to justice.
This type of crime is particularly under-reported to law enforcement so it is very hard to get a full understanding of the scale and cost to individuals globally.
Until the victims start speaking up in greater numbers it is unlikely that the substantial resources required to catch and jail these criminals will be invested by Governments.
David Crozier is from Queen's University Belfast's Centre for Secure Information Technologies (CSIT).
CSIT announces 2nd Summer Webinar Series
In 2013 we introduced a new Summer Webinar Series which provided bite-sized overviews of our research findings and technology innovations delivered to you right at your desk. Recordings of these are still available to view on our website here.
We had a great level of interest in these online events and have received positive feedback from those who dialled in. As a result we now plan to run this summer webinar series each year and have brought together a programme of four research areas which we plan to cover each Tuesday throughout August 2014.
The webinars will be introduced by a member of our commercial team and delivered by a mix of engineers, researchers and academics who are teaching on our new MSc Cyber Security. Topics have been chosen to reflect the bread of research carried out at CSIT as well as innovations at various stages of maturity.
To register please click on the corresponding link to be taken through to our GoToWebinar registration pages for each webiner below:
Who should attend?
The webinars are open to all companies and organisations who are interested in adopting or licensing this technology for use within their own solutions. Much of the technology and engineering expertise is transferable to numerous alternative applications. We are happy to discuss contract R&D engagements to explore alternative applications.
Two of the webinars will be delivered by new lecturers on our MSc Cyber Security so potential students or those who have already applied for this course of study might be particularly interested in registering.
Anton McCormick is currently studying for a BEng Computer Science at Queen’s University Belfast. He has spent that past 12 months working as a placement student within CSIT’s Commercial Team. As his tenure at CSIT comes to an end he blogs about the CSIT World Cup of Cyber Crime.
We are huge World Cup fans here in the CSIT Commercial Team and in common with many workplaces we are running an office sweepstake on the outcome. When McAfee, a CSIT Member company, recently published their ‘Estimating the Global Cost of Cybercrime’ report it got us thinking about who would win a World Cup of Cyber Crime if such a tournament existed.
As this is my last week working at CSIT my manager David Crozier encouraged me to do some research and compile our very own CSIT World Cup of Cyber Crime 2014 wall chart. I have to advise right from the start that this is just a bit of fun. I’ll leave the academic rigour and formal research methods to our Research Directors and their teams of RF’s, RA’s and PhDs. Notwithstanding, I hope it gets you thinking a little more about the global nature and impact of cybercrime and sparks a debate regarding which countries are winning, and losing, the battle against cybercriminals.
To start with the McAfee report has figures for the cost of cybercrime as a percentage of GDP for thirteen out of the thirty two countries currently competing in Brazil. Two others, Argentina and Korea, did not have publicly available data. This was an excellent foundation to build on. For the remaining 19 countries without figures I used various reports and news stories to determine their cost of cybercrime as a percentage of GDP. Along with the reports and news stories I was able to use the figures provided by the McAfee report to help come to assumptions about neighbouring countries or countries from the same region.
We debated different ways of determining how to generate scoring data for each team. Now that I had the cost of cybercrime as a percentage of GDP for all 32 countries I was able to develop a simple 1 to 5 scoring method. If a country’s percentage of GDP was between 0.00 and 0.09 they received a score of 1, if it was between 0.1 and 0.29 they received a score of 2, if it was between 0.3 and 0.59 they received a score of 3, if it was between 0.6 and 0.99 they received a score of 4 and then if it was above 1 they received a score of 5.
McAfee’s report also provided a confidence rating of low, medium and high for the thirteen countries. Again through the reports and news stories I was able to give the other nineteen countries an estimate confidence rating. The scoring method for this was simple - low rating was scored as 0, medium rating scored as 1 and high rating scored as 2. This scoring method only came into use when two countries competing against one and other had the same cost of cybercrime as a percentage of GDP score.
The countries remained in the same groups as those drawn for the actual World Cup with eight groups and four countries competing in each. Countries in the same group played each other once, with the points system working thus, 3 points were awarded for a win, 1 point for a draw and nothing for a loss. The top two teams in each group then proceeded to the knockout stage, again using the format of the actual World Cup to determine where they were placed in the draw.
In the knockout stages if two countries with a similar cost of cybercrime as a percentage of GDP score met the game was decided by penalties using the confidence rating score. Companies with the highest cost of cybercrime as a percentage of GDP score progressed through the knockout stages until there was only two countries left, the Dutch and the Germans.
Both these countries had the highest cost of cybercrime as a percentage of GDP on McAfee’s initial report and were worthy finalists. Germany and the Netherlands had the same cost of cybercrime as a percentage of GDP score and the same confidence rating score meaning they were tied in both areas. However, Germany edged the contest on the basis that their cost of cybercrime as a percentage of GDP was 0.2 greater than that of the Netherlands in a tight penalty shootout.
So the German’s are the champions of the World once again, albeit in cybercrime but maybe this win will provided inspiration and motivation on the pitch for success in the actual World Cup.
The next step after a great 14 months placement at CSIT with the commercial team is an eleven week summer internship with PwC’s Forensic Technology Solutions group. After which I will be returning to Queen’s University Belfast at the end of September to complete the final year of my BEng Computer Science degree before graduating in summer 2015.
I’d just like to say I have thoroughly enjoyed my time at CSIT and would like to thank everyone who has made my time here a real pleasure. I have been able to experience so many new things and develop a vast amount of new skills which will not only help me when I go back to university but also in my career. I have made friendships for life and will always keep in contact.
Thanks for everything,
On 2nd June 2014 numerous news outlets globally ran a story about a Russian man being charged with being behind a major cybercrime operation that affected individuals and businesses worldwide and added to the FBI’s most wanted list. Evgeniy Bogachev, also known as "lucky12345" and "slavik", is wanted for his alleged involvement in a wide-ranging racketeering enterprise and scheme that installed, without authorization, malicious software known as “Zeus” and a variant called “GameOver Zeus” on victims’ computers.
Zeus is a type of malware known as a bot which makes up part a network of hijacked home computers, typically controlled by a criminal gang called a botnet. The software was used to capture bank account numbers, passwords, personal identification numbers, and other information necessary to log into online banking accounts.
In a non-descript glass fronted building in the heart of the Northern Ireland Science Park the news came as no surprise to a crack team of cyber security researchers who barely raised an eyebrow. The team, based in Queen’s University Belfast’s (QUB) Centre for Secure Information Technologies (CSIT), is at the forefront of researching and developing new technologies to detect bots, botnets, malware and Advanced Persistent Threats (APTs) since it was established as the UK’s Information and Knowledge Centre (IKC) in 2009. The Zeus botnet, and the plethora of variants it has spawned, has been of particular interest to the team who work as part of the Secure Digital Systems research cluster headed by Professor Sakir Sezer.
Professor Sezer says “As the internet has evolved into a multi-trillion pound business, the threats have evolved as well. To date members of the gang who operate the Zeus botnet have stolen an estimated $500 million. This represents a huge loss to citizens and businesses alike. Our research is helping minimise the fraud and theft enabled by this pernicious software through the development of hardware and software tools and technologies which have been proven to detect and prevent this type of malicious activity.”
In a secure laboratory within the facility Professor Sezer’s team of researchers and engineers have installed a complete botnet for the purposes of determining how it replicates, evolves over time and communicates with command and control systems. The team are reluctant to say too much about their findings in an effort to stay one step ahead of the criminals in this cat and mouse game. What they will say, however, is that the solution they have developed has the ability to analyse gigabytes of network traffic, in real-time, pinpointing botnet activity on corporate, mobile operator or Internet Service Provider (ISP) networks. This malicious activity can be traced to a specific machine, laptop or mobile device which has been infected with the malware.
Notwithstanding, the research isn’t a purely academic endeavour. Through its unique ‘Open Innovation’ model CSIT works to exploit and transfer knowledge to industry through member companies such as global giants McAfee and IBM, as well as via commercial R&D and consultancy engagements with local SME’s such as RepKnight and AirPOS. This ensures the research is both industrially relevant and that findings can be put to work as quickly as possible to limit the impact of malware and botnets on society as well as bringing new cyber security technologies to market.
Highlighting ISP and mobile network operator’s failure to adopt technology to limit the damage wreaked by malware and botnets Professor Sezer says: “We have the proven technology to detect and stop these malicious applications at the ISP and operator level but many are reluctant to take on responsibility for providing this service to their customers. Common Carrier status means the ISP is not responsible for anything illegal taking place over the network. For example, Warner Brothers can’t sue BT because their digital content (films) are being illegally streamed to BT broadband subscribers. The ISPs use this legal provision to see no evil. Hence they make no attempt to protect subscribers from malware. However, they are quite happy to detect and block Skype traffic when it effect’s their bottom line. The legislative framework needs to change to enable broader use of this technology to protect internet consumers.”
New technology is only one part of the CSIT story. Currently, the demand for cyber security experts is growing at twelve times the rate of the overall job market. The Centre has listened to the needs of industry and is complementing its technology research by developing a new Master’s degree in Cyber Security to skill up the next generation of cyber security professionals. The course is open for application now and will begin in September 2014.
Professor Maire O’Neill, Co-Ordinator of the new MSc in Cyber Security, says: “The emphasis of the MSc is to provide graduates with a comprehensive understanding of the cyber security challenges facing industry and society, today and in the future, and equipping them with the skills necessary to address those challenges.”
Finally, the Centre recognises its wider responsibilities to society in terms of supporting citizens, industry and government to tackle the scourge of cyber-crime as well as capitalising on the huge global demand for technologies in this area. CSIT staff are involved in a variety of prominent advisory bodies such as the Organised Crime Task Force’s Cyber Crime Sub Group, the UK Cyber Growth Partnership and chairing the Royal Society’s Cyber Security Research policy committee.
Hi-tech crime terms
Advice from Get Safe Online
Blog post by David Crozier - Technical Marketing Manager
A professor from Queen’s University Belfast, who invented a high-speed silicon security chip that is used in more than 100 million TV set-top boxes, has received the coveted Royal Academy of Engineering Silver Medal for 2014.
Professor Máire O’Neill, from Glenties, Co. Donegal, is one of only five engineers who have received the medal in national recognition for their contribution to society.
The former British Female Inventor of the Year is one of Europe’s leading experts on digital security, and is currently Professor of Information Security at Queen’s Centre for Secure Information Technologies (CSIT).
A Queen’s graduate, she is one of Europe’s leading cryptography experts, helping enhance global data security.
Her research involves designing security solutions for communications applications, including email, cloud and mobile technologies. Contributing to the future vision for digital security in Europe, Professor O’Neill was invited by the European Commission to become a member of the Young Advisors Group, which is shaping the future by lending expertise on how to achieve Europe’s Digital Agenda.
Speaking about her Silver Medal award, Professor O’Neill said: “It is an honour to receive this recognition from the Royal Academy of Engineering. Cyber security presents huge challenges for the future. The development of resilient, secure information systems is crucial for everyone - from how we carry out our daily work, to the delivery of public services, to issues of national and international security. It is a hugely exciting and important field in which to work, and I am delighted that my research has been recognised for its impact on wider society.”
Professor O’Neill was the youngest ever professor to be appointed at Queen’s at the age of 32 and was also the University’s first female professor in electrical and electronic engineering. She was instrumental in the creation of CSIT at Queen’s which has established strong links with global security organisations.
Congratulating Professor O’Neill, Queen’s Vice-Chancellor Professor Patrick Johnston, said: “This well-deserved recognition of Professor O’Neill’s work serves to illustrate how the research ongoing at Queen’s is often translated into products and systems which have a significant impact on the lives of many people both locally and globally. As a Queen’s graduate, Máire is an excellent role model for any young or aspiring engineer and on behalf of the University, I would like to congratulate her on receiving this prestigious award.”
Alongside her cutting-edge research, Professor O’Neill co-ordinates Queen’s newly-launched Masters in Cyber Security. With its first intake of students in September, Queen’s has created this course to cater for the needs of the IT industry in Northern Ireland and beyond, where demand for highly-skilled cyber security professionals is increasing.
Dervilla Mitchell FREng, Chair of the Academy’s Awards Committee, said, “The Silver Medals recognise individual excellence, not only technically, but also in the ability to turn knowledge and ideas into useful, wealth-creating products and services. This is essential to UK economic prosperity, and this year’s winners are all excellent examples of the kind of world-class entrepreneurs that the Academy is championing through its Engineering for Growth campaign and supporting through its Enterprise Hub.
“The UK boasts world-leading expertise in digital security, computer programming, aerospace, and manufacturing, and our 2014 medallists demonstrate the strength of knowledge and skill in these areas that will enable us to maintain this position for years to come. They are outstanding role models for the next generation.”
Royal Academy of Engineering Silver Medallists were selected from a long list of nominations, drawn from all areas of contemporary engineering. They were chosen by a panel of Academy Fellows who have expertise across the range of engineering disciplines, as well as personal entrepreneurial experience.
For more information on the Royal Academy of Engineering visit www.raeng.org.uk
CSIT is attending, exhibiting and taking meetings at Infosecurity Europe 2014 which is taking place in Earls Court, London from 29th April until 1 May.
You can find us at Stand B52.
We will be showcasing breakthrough cyber security technology research, it's new MSc in Cyber Security programme, and seeking to engage with new commercial partners.
If you wish to request a meeting with CSIT at Infosecurity Europe please provide your details below and we will get back to you to confirm.
International experts in cyber security are at the Centre for Secure Information Technologies (CSIT), at Queen’s University today for the fourth annual cyber security summit.
The two-day summit brings together the world’s leading cyber security experts and government policy makers for a meeting of minds to combat future threats to global cyber security.
At the Summit Queen’s will announce a new Masters in Cyber Security.
Professor John McCanny, CSIT Principal Investigator, said: “The success of the annual World Cyber Security Technology Research Summit is reflected by the fact that the biggest names in global cyber security are attending so together we can produce a roadmap for the technology needed to secure our digital tomorrow.
“At Queen’s, we listen to the needs of industry and with an increasing demand for cyber security professionals, we are complementing our technology research centre by developing a Masters degree in Cyber Security to cater for that need. Queen’s graduates have gone on to be industry leaders and we expect through this new Masters that the number of our graduates gaining significant roles in the world of cyber security will increase.”
The new Masters, which will begin in September 2014, aims to develop the next generation of industry leaders and address the shortage of cyber security professionals globally. Currently, the demand for cyber security experts is growing at twelve times the rate of the overall job market.
Minister of Finance and Personnel, Mr Simon Hamilton MLA, said: “Today’s conference at Queen’s is an excellent opportunity to bring together top academic, industry and government cyber security experts, from over a dozen countries, to share their knowledge and to consider the cyber security challenges in the future.
“My Department is responsible for the information technology security for the whole of the Northern Ireland Civil Service and some other public sector bodies. It is vital that we are fully aware of and take the most appropriate steps to mitigate against the known risks, which are increasing in prevalence and scale across the globe. We use the best available technologies to provide resilient, secure systems, which enable us to carry out our daily work and to deliver public sector services more effectively.”
Professor Maire O’Neill, who will deliver a keynote address at the Summit Cryptography in a post quantum computing world and is Co-Ordinator of the MSc in Cyber Security, said: “The emphasis of the MSc is to provide graduates with a comprehensive understanding of the cyber security challenges facing industry and society, today and in the future, and equipping them with the skills necessary to address those challenges. The Summit is illustration of the need to identify, map out and ultimately combat the biggest threats to our online security.”
PwC in Belfast operates a global forensics centre of excellence, advising organisations, multinational corporations and national governments on financial and non-financial investigations. Director for Forensic Technology at PwC, Craig McKeown, said: “The industry needs more qualified forensics professionals. Nearly half of CEOs worldwide say they are concerned about cybercrime and data fraud, with the UK’s largest companies experiencing an almost daily attack on their computer systems. Tackling cybercrime needs more professionals and this new Masters at Queen’s will help deliver them.”
Attendees at this year’s Summit include representatives from Facebook, Intel, Sophos, IBM, US Department of Homeland Security, Korea Information and Security Agency, Estonian Information System’s Authority and McAfee.
Media inquiries to Claire O’Callaghan, Queen’s University Communications Office, Tel: +44 (0)28 9097 5391 email: firstname.lastname@example.org
Notes to Editors:
Professor Maire O’Neill and Stephen Wray from CSIT are available for interview. Interview bids to Claire O’Callaghan, Queen’s Communications Office, on email@example.com or 44 (0)28 9097 5391
The Summit takes place on 13 and 14 March 2014. For further information visit: http://www.csit.qub.ac.uk/Belfast2014/
For further information on the MSC in Cyber Security visit: http://www.csit.qub.ac.uk/msc
Liopa, a novel mobile biometric technology developed at the Centre for Secure Information Technologies (CSIT), has been recognised as one of the five most original apps at Mobile World Congress 2014 by El País, the highest-circulation daily newspaper in Spain. The article, available translated into English here, written by Stefania Gozzer Arias follows a very successful Mobile World Congress for CSIT which generated significant interest in the technology produced at the Centre. Development of the Liopa solution is continuing and an announcement on its first field trials with a commercial partner will be made in April 2014.
Further information on Liopa is available at www.liopa.co.uk.
Intercede CEO Richard Parris addresses Cyber Growth Partnership at RSA Conference
SAN FRANCISCO February 27th, 2014 – Much greater collaboration between governments, industry and academics will be needed to counter the next generation of cyber security threats, Intercede’s CEO Richard Parris told a gathering of some of the world’s foremost security experts at RSA Conference.
Parris’s comments came in his welcome address to a reception hosted for the Cyber Growth Partnership (CGP), the cross-sector group tasked by the British Government with increasing the cyber export market. The packed event which took place on the 26th February at the British Consulate-General was attended by senior representatives from government, the technology and security industries and academia, including reception co-hosts BT, Sophos, CSIT at Queen’s University Belfast and BAE Systems, as well as CGP members ARM, Microsoft and Thales e-Security.
“The growing onslaught of threats from both within and without is both complex and resource-demanding,” said Parris. “These threats far exceed the capability of any one company or country to counter them. It requires cooperation and collaboration between nation states and between companies. The good news is that, collectively, our companies and agencies have a critical mass of global cyber security expertise that we can bring to bear on the most important questions of our time.
“Right now, the most pressing questions include how we close the cyber skills gap, improve international collaboration, and establish a common threat picture. In striving to answer these questions, I believe that we will also increase the global market for all those involved in the endeavour.”
The event, which was organised and hosted by Intercede, also featured a keynote address from James Quinault, Director of the Office of Cyber Security and Information Assurance at the UK Cabinet Office.
The reception followed a highly successful show for Intercede, where its unique MyID® identity and credential management software was exhibited on Microsoft’s stand. In the last month, Intercede announced the implementation of its technology at major Canadian telecoms firm TELUS, as well as joining the FIDO Alliance consortium.
- Ends -
Intercede is a software company specialising in identity and credential management with a global team of experts located in the US and UK.
Intercede’s MyID software enables organisations to create and use trusted digital identities for employees, citizens and machines. This allows secure access to services, facilities, information and networks.
MyID meets the highest government standards yet is simple enough to be deployed onto consumer devices such as smart phones and tablets. Critically, MyID provides an easy, convenient and secure alternative to passwords.
Millions of identities are managed using MyID and Intercede has provided identity verification and management services to global customers for more than 20 years. MyID is a commercial off the shelf software product, designed and developed to be configurable so it can be embedded as the cornerstone of cyber security infrastructure for governments and corporations.
Customers trusting Intercede for secure digital identity include the US and UK governments and some of the world’s largest corporations, telecommunications providers and information technology partners.
For more information, please contact:
+44 (0)1455 558111
+44 (0)20 7434 5550
The Job purpose is as follows:
To play a key role within QUB’s £30M strategic Centre for Secure Information Technology (CSIT) researching emerging security issues for information and communications technology systems supporting Critical Infrastructure. To actively research cyber-security threats relating to SCADA and Industrial Control Systems networks. To research vulnerabilities in SCADA control protocols (IEC, IEEE, etc) supporting essential electricity (smart-grid), water, and energy production facilities and infrastructure. The post requires the research and development of tools for real-time IP traffic analysis, packet filtering, stateful SCADA protocol inspection, intrusion detection, network behaviour profiling, and the investigation of security vulnerability assessment frameworks, suitable for SCADA/ Industrial Control System environments. Research will be conducted as part of a number of on-going European research programmes in collaboration with leading equipment manufacturers, infrastructure operators and research institutes.
For more information and details of how to apply click here.
Key elements from this years report include:
|20/10/2016||:||CSIT partners with ETRI on ₩380M IoT security project|
|26/08/2016||:||Break-in Vs Walk-in. A Blog post by Dr. Sandra Scott-Hayward|
|08/06/2016||:||Cylon Preaccelerator Partnership|
|:||01/06/2016: Intelligent Environments partners with Queen's CSIT|
|:||15/03/2016: Justice Minister addresses international cyber summit|
|25/02/2016||:||Queen's University receives Royal award for strengthening cyber security|
|23/02/2016||:||CSIT at RSA|
|24/11/2015||:||CSIT Labs cyber security incubator programme launched|
|19/11/2015||:||Royal recognition for Queen’s University in its fight to strengthen cyber security|
|16/11/2015||:||Cyber Security the Top Priority for Business in Next 10 Years|
|09/10/2015||:||CSIT's PicoPUF triumphs at 2015 INVENT Awards|
|11/08/2015||:||Euronext and CSIT collaborate to secure exchanges|
|06/08/2015||:||Protecting SMEs - Project iMES officially commences|
|08/07/2015||:||Professor Dame Ann Dowling visits ECIT|
|09/06/2015||:||£850k funding boost for CSIT spin-out|
|30/04/2015||:||Queen’s University leading the way in pioneering, European cyber-security initiative|
|26/03/2015||:||Queen’s University signs agreement on cyber security research with SRI International|
|24/03/2015||:||Blog - Berlin meets Belfast: A Recap of the 5th Global Cybersecurity Technology Research Summit 2015|
|19/03/2015||:||Queen’s University in £38m bid to secure Smart Cities and the Internet of Things|
|25/02/2015||:||CSITs spin-out Titan IC named among UK’s most exciting start-ups|
|23/02/2015||:||Blog - Upgrade to core HTTP protocol promises speedier, easier web|
|19/02/2015||:||CSIT Senior Engineer wins ONF Outstanding Technical Contribution Awa|
|12/02/2015||:||QUB signs agreement with NICT (Japan) on cyber security research|
|22/01/2015||:||CSIT leads pioneering research into Cyber Security|
|03/12/2014||:||Blog - Cyber Security - Back to Basics|
|30/10/2014||:||Sniffing out new opportunities|
|30/10/2014||:||Exam successes first step to CISSP Certification at CSIT|
|14/10/2014||:||Blog - Cash machine malware hacks highlight cyber-crime separation of duties|
|01/10/2014||:||CSIT in £400,000 bid to reduce cyber-attacks to national grid|
|05/09/2014||:||60 compete at CSIT Ethical Hacking Workshop|
|29/07/2014||:||Opinion - Gaming cyber thieves facing real prison time for 'virtual treasure' raids|
|24/07/2014||:||CSIT announces 2nd Summer Webinar Series|
|19/06/2014||:||Germany triumph in CSIT World Cup of Cyber Crime 2014|
|06/06/2014||:||Blog - CSIT researchers on the front line against cyber crime|
|29/04/2014||:||Prof. Maire O'Neill secures place among UK's top engineers|
|23/04/2014||:||Request a meeting with CSIT at Infosecurity Europe 2014|
|13/03/2014||:||Queen’s to plug cyber security gap|
|03/03/2014||:||Liopa one of five most original apps at MWC - El País|
|27/02/2014||:||Public-private collaboration “vital to defeat future cyber threats”|
|30/01/2014||:||We're Recruiting- Research Fellow (Secure Digital Systems)|
|03/01/2014||:||CSIT Annual Report 2013 published|