REPORT
WORLD CYBER SECURITY TECHNOLOGY
RESEARCH SUMMIT
BELFAST 2012
Belfast 2012 - Report
1
About CSIT
The Centre for Secure Information Technologies (CSIT) is an Innovation and Knowledge Centre (IKC) based at Queen's University of
Belfast's, Institute of Electronics, Communications and Information Technology (ECIT) in the Northern Ireland Science Park, Belfast. The
Centre has been awarded “Academic Centre of Excellence in Cyber Security Research” status by the UK’s GCHQ in partnership with the
Research Councils’ Global Uncertainties Programme (RCUK) and the Department for Business Innovation and Skills (BIS).
With total funding of over £30M, CSIT brings together research specialists in complementary fields such as data encryption, network
security, wireless enabled security and video analytics. CSIT is looking at both information and people security and is focused on: securing
the hyper-connected world, secure transport corridors and privacy and trust for financial markets.
About Belfast 2012
Belfast 2012: World Cyber Security Technology Research Summit brought together experts in the field of cyber security from industry,
government and leading research institutes throughout the world to develop a collective research strategy.
Photograph of attendees at Belfast 2012
Belfast 2012 - Report
1
Executive
summary
The second World Cyber Security
Technology Research Summit (Belfast
2012) further developed research themes
identified during Belfast 2011.
Keynote presentations from government
and industry leaders gave perspective
and context to four break-out sessions.
The keynotes addressed; a partnership
approach to tackling cyber crime,
government policies and initiatives,
industry challenges/opportunities, ongoing strategic research and the future
cyber security landscape.
The main output of the Summit was four
group-edited strategic roadmap
documents, produced to inform collective
research within applied research
institutes. These were based on the
following core themes:
1. Adaptive Cyber Security
Technologies
To be able to normalise and protect
systems, researchers should look at
systems engineering approaches of
safety critical systems and subsumption
architectures in robotics. Researchers
should also develop adaptive techniques
that use Big Data to their advantage and
harness nature inspired mechanisms to
deliver faster response and provide HiFidelity detection. Adaptive systems need
to be cognitive to address a moving
target and be able to verify, prove, explain
and justify system actions. Systems need
to self-learn and be able contribute to
and learn from the community.
2. Protection of Smart Utility Grids
Research should focus on the
standardisation of Smart Meters, their
platforms, authentication protocols,
sensing technologies, the Smart Meter as
a Platform (SMaaP) and reverse
integration with other devices and
multiple utilities within the home and
enterprise. Research should also focus
on mitigation of realistic threat scenarios,
including the convergence of physical
and cyber security, as well as the
enablement of rapid recovery from
network outages caused by malicious
attacks. Furthermore, research into
SCADA attack vectors is required to
ensure first, that the system can be
recovered and second, that the attack
surface is closed to prevent future
attacks.
Belfast 2012: Report
3. Security of Mobile Platforms and
Applications
Research in the mobile space should look
first of all at holistic security models, and
investigate common policies and
technologies that can be applied to all
components and players in the mobile
architecture. From the consumer point of
view, research should focus on trust
models, authentication and application
certification in order that consumers can
manage sensitive data and carry out
secure transactions with confidence.
From an enterprise perspective, research
should examine problems such as data
segregation, filtering, configuration and
control in order to enable corporations to
implement a BYOD model which is both
secure and reliable.
4. Multifaceted Approach to Cyber
Security Research
Many opportunities for a multifaceted
approach to cyber security research exist
around ownership, identity, privacy,
measuring trust, valuing digital
interactions and evaluating public
persuasion factors, however the group
identified specific and practical steps that
research organisations should take to
address the cyber security opportunities.
Social norms and users should be
studied to assess how to deliver cyber
security information. A framework should
be developed to allow policy makers to
understand the implications of their
policies and research should be identified
that can be used to inform cyber security
policies. Finally, public sector cyber
security needs and solutions should be
centralised and aggregated.
Conclusion
Key to a successful research roadmap is
having access to and demonstrating
solutions on real-world data. Applied
researchers need to work with
government and industry partners to
realise this, connect with the various
cyber ranges and aspire to have a
standard dataset within the community.
2
Introduction
The second World Cyber Security
Technology Research Summit (Belfast
2012) reconnected experts in the field of
cyber security from leading research
institutes, government bodies and
industry throughout the world to consider
cyber space, particularly the Internet of
5-10 years time, envision potential
security threats and mitigation tactics,
and put forward a strategy for future
cyber security research.
Hosted by the Centre for Secure
Information Technology (CSIT) at Queen's
University Belfast, Belfast 2012
explored the four research themes
identified during Belfast 2011 and
produced group-edited roadmap
documents to inform collective
research within applied research
institutes.
CSIT recognise that cyber security
research needs to be coordinated to
address envisaged future security threats,
and research should be influenced by
government policy and industry
capability. Belfast 2012 continued to
develop a 'Davos' style event for cyber
security, enabling sharing of information
on future cyber security matters, and
bringing cyber security experts together
to meet the challenge of safeguarding the
internet of tomorrow.
Professor Sir Peter Gregson,
President and Vice Chancellor,
Queen’s University Belfast
1.1 Opening Addresses
This year's Summit was again opened by
Professor SIr Peter Gregson, President
and Vice Chancellor of Queen's
University Belfast. He welcomed the
delegates to the second World Cyber
Security Technology Research Summit
and to the Centre for Secure Information
Technology at Queen's. He indicated the
importance of CSIT as part of the
University and as part of the NI Science
Park, providing not just a cyber security
research centre, but also a place to bring
together business, academia and
government in cyber security, reducing
the gap between research and
commercialisation. He then went on to
outline the scale of risks in cyber security
and discuss the topic of cyber security
health, linking this with world health and
challenging the Summit to look at cyber
security health in addition to the risks.
Dr Godfrey Gaston, Director of
CSIT, Queen’s University Belfast
Dr Godfrey Gaston, CSIT Director
thanked Professor Gregson and the
keynote speakers, welcomed delegates
to CSIT and discussed the agenda,
hopes and aspirations of the event.
Belfast 2012: Report
3
Keynotes
2.1 Keynote addresses
2.1.1 Prof B Silverman, UK Home
Office Chief Scientific Advisor
In these sessions government officials,
security analysts and industry leaders
delivered keynote addresses giving an
international perspective on emerging
cyber security issues and the vision of
tomorrow.
The presentation focussed on a
partnership approach to tackling cyber
security and crime. It was noted that
cyber security is a top government
priority and that one particular remit of
the Home Office is cyber crime. Fighting
general crime is a cooperative activity,
requiring the participation of everybody.
The same is true for cyber crime, fighting
this needs involvement from the
community, government, academia, and
individuals.
Various sources of cyber crime were
identified - rogue states, terrorists,
malicious individuals, organised crime. IT
provides new opportunities for
committing old crimes, e.g. the Internet
makes the exploitation of children easier,
the increase of e-commerce gives
increased opportunities for forgery, fraud
and theft, the ability to download music
from websites has enabled copyright
infringement from unauthorised sites. IT
also provides new opportunities for
committing new crimes, e.g. attacks by
groups such as Anonymous, and denial
of service attacks.
Police e-crime units are faced with a
huge volume of digital evidence, e.g. from
seized phones etc., and this has led to
the need for effective tools for assessing
the value of evidence. The role of Home
Office science is to act as the primary
interface between Home Office Ministers
policy formulation, the S&T supply base,
and frontline operational decision makers.
The Home Office Centre for Applied
Belfast 2012: Report
Science and Technology (CAST) aims to
reduce crime with the deployment of new
techniques, working with frontline
partners to ensure effective use of
science and technology, and setting
challenges and standards for industry. In
the cyber crime area, CAST is able to
provide real life challenges and tests for
industry and academia for the
assessment of new tools and
technologies. Future cyber crime targets
are many and include the cloud,
encryption, and face recognition. The
Government must be joined up
internationally and across sectors to
tackle cyber security and cyber crime
effectively.
2.1.2 Ms V Andrianavaly, European
Commission, Internet, Network and
Information Security Unit
This presentation described EU policies
for Network and Information Security
(NIS) and Critical Information
Infrastructure Protection (CIIP). The main
policy initiatives and milestones being:
• 2004: Establishment of European
Network and Information Security
Agency (ENISA),
• 2006: EC proposal - Strategy for a
Secure Information Society,
• 2009: EC Action Plan on CIIP,
• 2009: Adoption of revised Regulatory
Framework for e communications new security provisions,
• 2010: Digital Agenda for Europe - Trust
and Security chapter,
4
• 2011: Review of Action Plan for CIIP.
The Strategy for a Secure Information
Society encouraged the reinforcement of
ENISA's role in implementing NIS policy.
The Action Plan on CIIP for protecting
Europe from large scale cyber attacks
promoted resilience as a first line of
defence and enhanced CIIP
preparedness, and the need to work at
an international level as well as a national
level. The Review of the Action Plan for
CIIP revealed very positive results
achieved so far, with further efforts
needed to establish a network of
national/government CERTS, a European
cyber incident contingency plan, and
further global interaction.
The 7th European Research Framework
Programme was described, which
comprises IT and cyber security themes.
The Competition and Innovation
Framework Programme was discussed,
which has a Jan 2012 adoption date, and
will establish a European wide pilot
platform for detecting and mitigating
botnets.
A European strategy for Internet security
is to be adopted by Q3 2012. The
objectives of this will be fostering of
cooperation and early warning between
Member States to ensure adequate
capacities for cyber attack response,
stimulation of efforts to reinforce the
security of products, networks and
services to ensure better security at the
user side, ensuring a strong response to
cyber crime, continuing cyber security
research investment and ensuring that
results reach the market and users.
Preliminary ideas for legal measures are
establishing a network of national
competent bodies and government
CERTS at a European level, developing a
European cyber incident contingency
plan, extending security breach
notification obligations to other sectors,
and mandatory security audits.
Preliminary ideas for measures to improve
NIS include incentives for private sectors
to improve security of products and
services, e.g. by EU procurement, to
increase transparency for users, stop the
spread of malware, and secure the IT
product supply chain.
Belfast 2012: Report
2.1.3 Mr R Samani, VP & Chief
Technology Officer, EMEA, McAfee
ambulance services, using IT in
healthcare can improve the service but
there is a need for the integration and
security of data.
McAfee have produced several research
reports in the area of cyber security,
including Night Dragon discussing targets
on the oil and gas sector and Shady RAT
documenting a 5 year campaign of
attacks on 'unrelated' organisations.
This presentation discussed the changing
times of cyber security, how the cyber
industry and use of technology has
changed, and how this fuels other
change, e.g. the use of social media in
the Arab spring.
These are times of uncertainty and
opportunity. Some people realise this
through criminal intent - they consider
that they can carry on crimes behind a
computer with impunity and without faceto-face victims. It is possible to classify
cyber attackers according to the
sophistication of the threat they pose and
the capability for damage of the threat.
Using these criteria attackers can be
ordered from hacktivists/terrorists to
cyber criminals to cyber espionage to
nation state coordinated cyber
operations.
Some statistics gathered by McAfee are
2m malicious websites launched per
month and 100,000 malware samples
received by McAfee per day - some
very complex, and some using the
psychology of influence to make the
attacks more effective. Other sources of
increased vulnerability were highlighted.
Lines of code are increasing in all
applications, e.g. there are 10m lines of
code in an average automobile.
Network devices are increasingly
connected to the Internet, producing
security and privacy issues. Critical
infrastructures are vulnerable to targeted
attacks such as Stuxnet. The area of
healthcare and security is worrying previously disconnected devices are
coming online, virus attacks on hospitals,
high demand poses a stress to
The future of security in the cyber space
was discussed - no longer black and
white in security, lots of grey, no one size
security solution fits all, contextual and
flexible security is needed, quantifying
security needs is crucial, understanding
the context and value of data and its
security requirements is important.
2.1.4 Mr J Bumgarner, CTO, US
Cyber Consequences Unit
It was put forward in this presentation
that the problem is the 'abyss' of cyber
security, which we are creating ourselves.
There are many examples of cyber crime
problems which have been produced by
lack of attention to security.
In the e-commerce industry, e.g. in
developing the chip and pin system,
account was not taken of all possible
attacks. Card readers have been
developed that can clone cards because
it is possible for the reader to tell the
cards to default to their minimum security
setting.
In the automobile industry, cars have
been developed that have 60-70
computers, e.g. for brakes, wipers etc.,
without attending to the cyber security of
5
the computers. Upgrades to automobile
software have been allowed via USB
drives, without anti virus detection in cars
to check for malware. In car-home area
networks, vendors have not thought
through the security of hand offs between
the car and the home.
In the medical industry, devices have
been developed that can be subjected to
cyber attacks. Bluetooth teeth may be
tracked by satellite and may be attacked
e.g. using noise signals. Some current
pacemakers can be hacked. Signals to
wireless devices can be jammed or EM
pulses sent to such devices.
In the smart utilities industry, there has
been failure of meters due to engineering
problems. There are various examples of
other engineering situations, e.g.
generators on dams that are without
security.
2.1.5 Dr D Maughan, Department of
Homeland Security
in security; transition to practice of cyber
security R&D - transition of technology to
commerce, test and evaluation; focus on
new national priorities - health IT, smart
grid, trusted identity strategy, cyber
security education and recruitment.
Federal investment is also available in
other, related, disciplines - big data and
analytics, cloud computing, cyber
physical security, software design, etc.
In the Department of Homeland Security
(DHS) the R&D execution model
comprises pre R&D workshops and
solicitations, seeking to work on
requirements of real consumers, R&D
program support, and post R&D testing
and technology transfer. In the last 8
years, examples of commercialised
security products include: Ironkey secure USB; Komoku - rootkit detection
technology, bought by Microsoft;
Endeavor - malware analysis, acquired by
McAfee; Stanford - browser anti phishing
technologies.
The DHS cyber security programme
areas are:
1. Research Infrastructure to Support
Cyber Security - DETER experimental
research test bed, PREDICT research
data repository, SWAMP software
assurance market place.
2. Trustworthy Cyber Infrastructure DNS security, routing protocols security,
cyber security for process control
systems - oil and gas industries, Internet
measurement and attack modelling.
The Speaker presented the ongoing
cyber security situation in the USA,
referring to the Comprehensive National
Cyber Security Initiative, which has been
continued under President Obama. This
initiative works across several operations
and agencies, unclassified and classified,
offensive and defensive, and research.
A Federal Cyber Security R&D Strategic
Plan has been developed for the various
agencies in the US government that fund
research in cyber security. The Plan
includes: investigation of the science of
cyber security - basic research; research
themes - cyber economics, trusted
spaces, moving target defence, designed
Belfast 2012: Report
forensics, research to help law
enforcement, identity management and
data privacy technology.
The goals of the programme areas are to
develop new technologies, secure old
technologies and facilitate technology
transfer. Funding is available at research,
prototype and mature technology levels
and there is the ability to partner with
international research.
Mapping DHS R&D to CSIT themes:
adaptive cyber security technology,
moving target security and cyber health;
protection of smart grids; security of
mobile platform and applications; multi
faceted approach to cyber security, need
more non computer scientists in cyber
security research.
In summary, cyber security is a key area
of innovation which requires support,
more national and international
cooperation is essential to produce next
generation solutions, the DHS continues
an aggressive cyber security research
agenda working with academia, and a
continued strong emphasis on
technology transfer and deployment of
R&D is crucial.
2.1.6 Mr E Kaspersky, Chairman and
CEO, Kaspersky Labs
3. Cyber Technology Evaluation and
Transition - technology assessment and
evaluation, experiments and pilots,
transition to practice.
4. Foundational Elements of Cyber
Systems - HOST open source security
technology (open source can be as good
as commercial products especially when
commercial resources are decreased),
enterprise level security metrics, software
quality assurance, leap ahead
technologies, etc.
5. Cyber Security User Protection and
Education - user community education,
competitions, national initiative for cyber
security, national college competition,
high school challenges, cyber security
Five top questions in IT security were the
subject of this presentation.
1. Privacy: How much data is on the
Internet about you? Why are we forced to
post our data to obtain many computer
services? The provisions for privacy
which apply in the physical world should
be used in the digital world, e.g. when we
6
buy a CD with cash in a store, ID is not
needed, why can this not be the case for
iTunes? More government regulation is
needed for the protection of privacy in the
digital world.
2. Cyber crime: Cyber crime is changing
into different categories. There are
traditional criminals who attack random
computers - criminal to consumer or
'c2c'. With better resources for fighting
this, it could be under control in a few
years. There are also criminals who
attack specific targets - criminal to
business or 'c2b'. Military standards of
enterprise security are needed in these
types of targets, there is a lot of work to
do in this area.
3. Digital passports: Kids live in a digital
world, they are 'digital natives'. Their use
of the digital world is so great that, for
Belfast 2012: Report
example, if future digital voting is not
provided, they will not vote. There is
therefore a requirement for secure digital
passports. The current solutions, such as
cards or PINs, are not secure enough.
Biometrics are more secure, but the use
of these needs introduction to the
community.
4. Social networks/media: Digital and
social media is a very powerful tool for
the manipulation of people - not in all
countries, but in some. With increased
security in the social media field can
come the risk of decreased privacy.
5. Cyber war/weapons: Cyber space is
a very good tool/space to destroy or
damage your enemies. It is relatively
simple to develop cyber weapons
compared with conventional weapons.
Cyber war attacks can be against
communications, it is possible to infect
1m computers in a network, or enough
smart phones to disrupt a network, for a
relatively small amount of money. Cyber
war attacks can also be against critical
infrastructures. There is a need to
introduce secure operating systems to
these which will require a redesign of
operational software. In the next decade
we will live in a very insecure
environment, we need international
agreements for the control of cyber
weapons.
In closing “It is our responsibility to give
as secure as possible a digital world to
our digital successors.”
7
Collective
Research
Strategy
Following the keynote addresses a
facilitated group session to re-articulate
the themes developed at Belfast 2011
prepared the way for four breakout
sessions where a collective research
strategy for each was established.
3.1 Group Session
During this session the group facilitators
revisited the core themes identified during
Belfast 2011 which were as follows:
1. Adaptive Cyber Security
Technologies
Adaptive cyber security technologies are
necessary to address the 'moving target'
nature of cyber threats. Such
technologies need to be flexible, agile
and responsive, enabling them to cope
with the network bandwidth of 5-10 years
time and be more successful against
zero-day attacks. Research objectives in
this area would include the development
of cyber security technologies which have
self-learning capabilities; self-awareness
in cyber systems enabling early attack
detection and self-configuration to defend
against an attack; the establishment of
feedback in cyber systems providing the
capability of learning from cyber attacks.
2. Protection of Smart Utility Grids
Smart utility grids have, for a variety of
reasons such as their size and
accessibility, a raised susceptibility to
cyber attacks. Such attacks can destroy
national critical infrastructure and the
need for smart grid cyber security is
therefore imperative. Suggested research
aims in this field could comprise: smart
grid requirements gathering
methodology; protection technologies for
components of smart grids such as
smart meters; secure technologies for
communications in smart grids;
integration of smart grids with home area
networks (HAN) that provides for the
privacy and security of collected
information; development of smart grid
standards.
introduced by the configuration and use
of mobile networks. Such problems
include network availability as this can be
compromised, mobile web browsers as
these have limited security guarantees,
lost and stolen phones as current remote
wipe technologies are limited and caller
authentication as this is not strong.
4. Multi-faceted Approach to Cyber
Security Research
It is realised that technology alone will not
suffice in the defence against cyber
attacks - other facets of the cyber
security issue must be considered. Next
generation cyber security research must
take into account social, political, legal
and economic aspects of this space.
Social behavioural norms in cyber space
need to be investigated, societal desires
such as trust, safety, freedom and privacy
must be examined, and attitudes to cyber
security in source countries of cyber
attacks should be studied. Cyber space
policies, generated and set down by
governments, need to be incorporated
into cyber security research. Such
research should also be used to influence
the development of these policies and
cyber space use regulations. The impact
of cyber and other legislation should be
taken into account in researching cyber
security and again cyber security
research needs to influence the
development of such legislation. The
economics of cyber security is important,
development of effective security may
only take place if it is economical to do
so, this facet of cyber space needs to be
studied and solutions suggested.
3. Security of the Mobile Platform
and Applications
In mobile technology, security is a rapidly
increasing issue, due to convergence in
mobile architectures, mobile phones
becoming the dominant web platform
and the expanding number of mobile
users - 50 billion mobile devices in use by
2020. Research in this space should
target not only malicious applications, but
also mobile cyber security problems
Belfast 2012: Report
Session Moderator:
Mr Richard Stiennon, Chief Research Analyst, IT-Harvest
8
3.2 Adaptive Cyber
Security Technology
It was highlighted that a systems view
should be taken, considering People,
how they generate Data, which feed
Applications, running on Devices
connecting to the Cloud and Internet. A
process needs to be followed where an
Audit is taken, to inform techniques that
Protect, Detect and React to threats,
and then allows systems to Log and
Learn from events. There are multiple
control loops within this process on
multiple levels and they need to interact
sensibly. Consensus was reached that
Adaptive Technologies are a fundamental
area of future research and there are
opportunities to use Adaptive Techniques
within each phase of this process.
Humanity adapts and changes constantly
and systems need to be able to
recognise and deal with an adapting
society. Adaptive techniques will produce
some of the most effective methods of
threat detection/prevention. In fact, some
threats such as Insider Threat and
Identity Masquerading will potentially only
be caught by using adaptive techniques.
Adaptive techniques will also introduce
opportunity for efficiency in terms of
minimising the cost of security where,
depending on a given scenario and
resources available, the most effective
mix of techniques can be utilised for the
most efficient result. Adaptive techniques
can also provide simplified and efficient
reports to users and operators.
There are some risks from using adaptive
technologies and aspiring to have
autonomous systems. Adaptive
techniques could introduce a ‘digital judo’
phenomenon or introduce new
vulnerabilities. There is a risk of systems
learning the wrong thing and Swarm
Technologies and Herd Mentality theory
was highlighted. However, in general it
was felt that adaptive techniques were
not only useful but necessary. The group
identified three main areas of opportunity.
1. Normalising/Protecting Systems
Systems need to be able to measure
within a closed loop; however the
potential dangers of in-band control
signalling were highlighted. Adaptive
security technologies need to carry out
behavioural analytics and behaviouralbased trust. In doing so, security
mechanisms should be designed to a)
Belfast 2012: Report
minimise interference with normal
operation b) control the degradation of
systems performance and c) maintain a
minimum Quality of Service. In
normalising / protecting systems
researchers should look at what can be
learned from safety critical systems and
their approach to architectures and
systems engineering. In decomposing
complicated intelligent behaviour,
researchers should look at Brooks’ work
on robotics and subsumption
architectures.
to have a standard dataset within the
community.
Group facilitators:
2. Hi-Fidelity Detection
Adaptive systems are needed to reduce
false positives and false negatives in
current detection techniques.
Researchers should use big data to their
advantage, separate the data from the
system, isolate what can change and
what is static, and carry out content level
analysis. Researchers should look to
apply adaptive cyber security
technologies to reduce the cognitive
burden on humans and harness natureinspired mechanisms that can deliver
faster-than-human response.
Mr Ulf Lindqvist, Program Director,
SRI International
3. Intelligence Gathering/Learning/
Information Sharing
Adaptive systems will need to be
cognitive and have some level of selfawareness, self-learning and selfexplanation to be able to address a
moving target. There will need to be
some predictability based on past data
that essentially allows the database to be
able to reason about the future, run ‘what
if scenarios’ and learn from wrong
decisions. Adaptive systems will need to
be able to verify, prove, explain and justify
system actions. Researchers should look
to employ out-of-band management
communications, look at new techniques
of visualisation, and develop systems that
can not only self-learn but will contribute
to and learn from the community.
Autonomous systems should be
developed that automatically learn from
attacks and share this learning to a
network for all. In turn, this open source
information will allow the autonomous
systems to profile and mitigate potential
attackers and deliver early warnings of
hostile reconnaissance.
!Mr Igor Muttik, Senior Architect,
McAfee
Contributors:
Chris Meenan - IBM, Tim Parsons Selex, Michael McVeigh - Seven
Technologies, Tim Watson - De
Montfort University, Stig Bang Napatech, Richard Choi – ETRI, Paul
Kearney - BT, John Bumgarner – US
Cyber Consequences Unit, Duncan
Curry - Qosmos, Tony Dyhouse - ICT
KTN, Colin Kerry - BAE Systems, Brian
Honan - BH Consulting, Michael
Loughlin - CSIT, Phil O’Kane - CSIT,
Colin Burgess - CSIT, John Hurley CSIT, Stephen Wray - CSIT
Key to a research roadmap is having
access to and demonstrating solutions
on real-world data. Applied researchers
need to work with government and
industry partners to realise this, connect
with the various cyber ranges and aspire
9
3.3 Protection of Smart
Utility Grids
The group discussion focused on where
opportunities exist to provide solutions to
security challenges faced by Smart Utility
Grids and Smart Metering with respect to
emerging and expected future security
threats. Threats discussed included both
cyber and physical security threats and
potential for technological threat
mitigation and rapid recovery from
attacks. These threats could be malicious
or innocuous in origin but still have the
potential for major impact up to and
including ‘black out’.
Group members discussed how future
applied research might include new forms
of converged security technology,
policies, standardisation, retrofitting and
sun setting regimes for such technologies
in an environment where components are
expected to last up to 30 or 50 years.
Other opportunities and research drivers
highlighted included the integration of
dispersed generation sources,
consolidation of utility providers (energy,
water, gas), management of the ‘last
mile’, the European target of 2022 for
complete smart metering household
coverage and the move from closed
SCADA systems to those which are more
integrated. Current firewall technology
generally assumes an active regime of
end point updating/patching which is not
necessarily the case with smart meters
and smart grid components.
The group recognised that there are
many areas that should have a place on
this applied research roadmap. Three of
these practical steps are:
1. Smart Meter as a Platform
Solutions in the area of smart grids, smart
metering and the protection of such
technologies from cyber-attacks are in
the first phase of uptake. Research
needs to focus on the next generation of
smart meters, the standardisation of such
devices and platforms, authentication
protocols, sensing technologies, Smart
Meter as a Platform (SMaaP) and reverse
integration with other devices and
multiple utilities within the home and
enterprise.
problem for utility companies in addition
to emerging cyber threats. Smart grid
protection requires further research into
the mitigation of realistic threat scenarios,
including the convergence of physical
and cyber security, as well as the
enablement of rapid recovery from
network outages caused by malicious
attacks. Research around intelligent
surveillance systems and a different class
of intrusion protection systems should
also be taken forward.
Group facilitators:
3. Open SCADA
Opportunities exist to research threats
enabled by a move from closed SCADA
systems to those which are more
integrated and open to access from less
secure environments. Furthermore,
research into SCADA attack vectors is
required to ensure first, that the system
can be recovered and second, that the
attack surface is closed to prevent future
attacks. When SCADA systems are
taken down many utilities still depend on
human intervention to physically man
nodes. Research into autonomous
recovery systems should be undertaken.
Key to the progression of this research
roadmap is the commitment of all
players; academic, solution providers and
utilities, to participate in an open
exchange of real world data and threat
scenarios as well as granting access to
testing facilities and proving grounds and
technology to ensure the application and
commercialisation of findings quickly and
to the benefit of all.
Professor Sakir Sezer, Research
Director, CSIT
Ms Barbara Fraser, Director,
Innovation, Connected Energy
Networks, Cisco
Contributors:
Alasdair Rose - EPSRC, Graeme Bell PSNI, Kurt Neumann - Qosmos, Iain
Rankin - Seven Technologies, Fabian
Campbell-West - CSIT, Gorman Hagan
- Northern Ireland Electricity, Michael
Baume - Risk Management
International, Eul Gyu Im - Hanyang
University, Maire O’Neill -CSIT, You
Sung Kang - ETRI, Kerry Norton British Consulate-General - Atlanta,
Shane O’Neill - CSIT, Paul Miller - CSIT,
Kieran McLaughlin - CSIT, Liang LuCSIT, David Crozier - CSIT
2. Intelligent smart grid protection
Breach of physical access security,
especially theft, continues to be a major
Belfast 2012: Report
10
3.4 Security of the Mobile
1. Holistic Mobile Security Models
Platform and Applications
Security breaches in the mobile
ecosystem can have many sources,
including handset vulnerabilities,
operating system flaws, malicious
applications and even network availability.
As a result, no single player in the
ecosystem can have sole responsibility
for security. Research in the mobile space
should look first of all at holistic security
models, and investigate common policies
and technologies that can be applied to
all components and players in the mobile
architecture.
The group discussion began with a
discussion about the scope of the brief,
and the acknowledgement by all the
delegates that the mobile ecosystem is a
very broad one, with many players
including, at the very least, the consumer,
handset manufacturer, OS vendor,
application vendor and mobile operator. It
was agreed that in such a diverse
environment, there was no one group
who could, or should, take responsibility
for security. Each player had a valuable
contribution to make, and the security
must be dealt with in a holistic manner.
Some discussion then followed on how it
might be possible to incentivise the
various stakeholders to take security
seriously. Discussions included the
possibility of legislation to enforce good
security practice, but conceded that the
borderless nature of the mobile internet
might give rise to questions of
jurisdiction. The introduction of some
form of ‘health check’ to assess a
consumer’s behaviour and security
practices, and the concept of some form
of ‘security insurance policy’ were also
discussed. This latter suggestion
recognised that the ability to assess and
quantify risk was a potentially difficult
area.
On the consumer front, there was a
broad discussion around location-based
services, m-wallet services and mobile
banking. Of particular concern was the
handling of sensitive data and privacy.
The issue of cross-application use of data
was discussed, as was the concept of
multiple, throw-away ‘personas’, where a
consumer could create a ‘persona’ with a
data profile for use by a specific
application, or for a restricted period of
time.
There followed some discussion in the
area of enterprise mobility, centred on the
Bring Your Own Device (BYOD)
philosophy. While acknowledging that this
approach might be essential to help
organisations attract young talent, there
were a number of serious issues raised
including question over the control of
device features, the cross-contamination
of personal and business data, and
methods of addressing the physical
security of the device.
Group facilitators:
2. Trust models for the consumer
The issue of trust has a significant impact
on consumer confidence regarding the
management of their confidential data
and the uptake of applications like secure
mobile banking. From the consumer point
of view, there are still dangers inherent in
the transmission of private transactions
and the storing of sensitive data by
service providers. Research should focus
on trust models, authentication and
application certification in order that
consumers can manage sensitive data
and carry out secure transactions with
confidence.
Dr Frank Stajano, Senior Lecturer,
University of Cambridge
3. Enterprise Mobile Security
For businesses, the distribution of data
across the mobile ecosystem and into the
enterprise also creates questions of
ownership, responsibility and control.
This is compounded by the complexity of
a Bring Your Own Device (BYOD)
environment, where such issues extend
to both the data and the device. From an
enterprise perspective, research should
examine problems such as data
segregation, filtering, configuration and
control in order to enable corporations to
implement a BYOD model which is both
secure and reliable.
The key to success in this area is that any
research must consider the views and
needs of all stakeholders in the
ecosystem, as well as the input of
consumers, businesses, legislators and
regulators.
Mr Mark Crosbie, Security Architect,
IBM
Contributors:
Andrew Tyrer - TSB, Brendan Smyth Cybersource, Ian Bryant - MOD, Chris
Ramptom - Home Office, Gavin
McWilliams - CSIT, Dong Kyue Kim Hanyang University, Jeff Peel Quadriga, Rob Heathman - EPSRC,
Graham Florence - Motorola, Jim Clark
- Waterford IT, Ben Green - SAP, Philip
Mills - CSIT, Benoit Duspaquier - CSIT,
Suleiman Yerima - CSIT
The broad group discussion can be
summarised under the following topics:
Belfast 2012: Report
11
3.5 Multi-faceted
Approach to Cyber Security
Research
Top opportunities in cyber security , i.e.
things that would be good to do even if
difficult, were identified and included:
1. Ownership and Responsibility for
Security - these concepts are different in
cyber security space and physical space,
they vary with differences in cultures and
social norms, how much people believe
they can protect themselves is important,
a key challenge is how can people be
encouraged to take responsibility for their
own security and do current cyber
technologies allow us to exercise
responsibility.
2. Identity and Privacy - the former
concept is key as a great deal of
behaviour in cyber space depends on
who we think we are interacting with,
trust in online identity is very important.
Mechanisms for providing identity need to
be publicly acceptable and need to
consider privacy. For example, is
identification necessary for identity and is
it possible to have pseudo private
identities i.e. a trusted identity online
which is different from that in the physical
domain?
3. Measurement of Trust - trust in
cyber space is very important but how
can trust be measured? Is it possible to
develop acceptable trust metrics and
cyber security features that increase
trust? Trust and assurance sources are
key, e.g. assurance from the source of
friends is much more likely to influence
people to take-up security features.
4. Valuation of Digital Interactions can different levels of security be
developed for different interactions
involving differently-valued assets, e.g.
different personal information assets, it
would be necessary to identify the
importance of and the value of assets
and classify the security required for an
asset based on its value, development of
an asset currency e.g. personal
information currency.
be developed for different levels of asset
value.
Group facilitators:
6. Useable and Useful Security
Solutions - evaluation of public
persuasion factors is important, are there
public information strategies that will
allow people to learn about cyber
security?
Future technologies required to tackle the
opportunities in cyber security included
various machine learning techniques for
cyber space to build trust, model attacks,
isolate attacks and attack recovery.
Practical steps that research
organisations can take to address the
cyber security opportunities were
discussed and included:
Professor Virgil Gligor, Director, Cylab
1. Studies of social norms particularly
internationally and studies with users to
assess how to deliver cyber security
information.
2. Development of requirement/problem
definitions that allow them to be solved.
3. Identification of policies based on
results, identification of research that can
be used to inform cyber security policies,
development of a framework for allowing
policy makers to understand the
implications of their policies.
4. Bringing together of public sector that
have cyber security needs and research
and commercial players that have
developed security solutions, emulate the
health sector in looking at areas where
behaviour is restricting cyber security
improvement.
Dr. David Callaghan, Technical
Director - Radio Communications
Products, Thales
Contributors:
Brian Arlow - Brian Arlow PR, Dwayne
Burns - CSIT, Gareth Douglas - CSIT,
Graeme Bell - Police Service of
Northern Ireland, Grainne Kirwan Institute of Art, Design & Technology,
Dun Laoghaire, James Firth - Open
Digital, Gerald McQuaid - Vodafone,
Jennifer Betts - CSIT, John Skipper - PA
Consulting, Jon Browning - Cabinet
Office, Office of Cyber Security &
Information Assurance, Josh Davis GTRI, Mark Wiley - Espion Group,
Tristram Riley-Smith - Centre for
Science, Knowledge & Innovation,
Volkmar Lotz - SAP, Rosi Armstrong CSIT
5. Policy Development - there is a need
to create policies or rules for various
aspects of cyber security, a policy that
underpins trust in cyber space could
deliver a security safety net which allows
autonomy within it to be creative and
innovative, different privacy policies could
Belfast 2012: Report
12
Notes
Belfast 2012 - Report
13
Notes
Belfast 2012: Report
14
Normalising Protecting Systems Hi-Fidelity Detection Intelligence Gathering Learning Information Sharing Smart Meter as a Platform Intelligent Smart Grid Protection Open SCADA
Holistic Mobile Security Models Trust Models
for the Consumer Enterprise Mobile Security
Ownership and Responsibility for Security
Identity and Privacy Measurement of Trust
Valuation of Digital Interactions Policy Development Useable and Useful Security Solutions