At the opening of the Surrey Centre for Cyber Security (SCCS), speakers from the government, industry and academia shared their views on tackling one of today’s greatest threats.
Launched on 1 July, the SCCS brings together core cyber security researchers from the University’s Departments of Computing and Electronic Engineering – along with interdisciplinary input from Mathematics, the Surrey Business School, Sociology, Psychology and Law – to further Surrey’s research on cyber security. The key focuses of the Centre will be privacy and data protection, secure communication, and human-centred security.
Speaking at the launch, the Centre’s Director Professor Steve Schneider said, “The Centre consolidates the wide range of security activity going on in Surrey, with a strong technical core and with emphasis on the associated interdisciplinary aspects – it’s the right time to bring it all together."
He welcomed three guest speakers, each of whom had a unique insight into the ever more complex world of cyber security.
One of the most renowned researchers in the field of usable security, Professor Angela Sasse of University College London used the example of passwords to illustrate a major problem in the way security systems are currently designed. Many are not workable, she explained, because users are not part of the design in the first place: for example password policies tend to force users to follow hard rules rather than allowing for how users actually behave, leading them to find ‘work-arounds’. The solution, Professor Sasse said, is for designers to take a more human-centred approach where humans are not considered simply as ‘the weakest link’.
Dr Henry Pearson, Ambassador for Academic Engagement at the National Technical Authority (the information security arm of GCHQ) spoke next about the serious threats cybercrime poses to national security and the steps the Government is taking to combat these. One of the UK’s most pressing problems, he said, is the lack of emerging talent to defend the country, its businesses and citizens online.
He commented, “We need to secure an on-going supply of talented recruits if we are to build economic prosperity, retain national security and give people freedom of choice as to how they live their lives.” As well as engaging with academia and research institutes to enhance the UK’s knowledge base through original research, the National Technical Authority has launched initiatives such as Cyber Security Challenge UK which runs competitions to attract and inspire new talent into the UK cyber security profession.
Finally Dr Alastair MacWillson, Chairman of the Institute of Information Security Professionals and former Global Managing Partner of Accenture’s global Security Practice, talked about ‘The inevitability of specialisation’. According to US data, ‘generalists’ (people with no specific information security qualifications) are becoming less common in the IT profession – down from 83 per cent in 2006 to 31 per cent in 2012. He argued that while professional specialisation seems like a good idea, it is not supported by evidence that security is improving.
As cyber security comes under challenges from new directions, he said, new skills will be needed. “Measurement will be essential to give us a framework to quantify the likelihood of danger, the extent of possible danger and whether the costs are worth it,” he said. “We will need predictive analytics that can understand the past, explain the present and predict the future, so professionals with quant maths skills will feature large in the security profession.”
The SCCS will be led by Professor Schneider and Deputy Directors Dr Mark Manulis and Dr Shujun Li. This September will see the opening of the Centre’s Applied Security Lab – a ‘safe space’ for the testing of cyber-attacks – along with the launch of a new Masters programme in Information Security.
Research projects in the Centre have been funded by the EPSRC (Engineering and Physical Sciences Research Council), the EU, TSB (Technology Strategy Board), the Home Office, Dstl (Defence Science and Technology Laboratory)/MOD (Ministry of Defence), industry and other public sector bodies.
Discover our programmes in Computing.