CS2 | Centre for Sustainable Cyber Security

Centre of Excellence

Our Vision

With digital systems, and the data they store, now integral to the everyday functioning of modern societies, the need to protect them from attack has never been greater. In the UK alone, the cyber security market is likely to exceed £18 billion by 2028. Yet traditional solutions to digital threats are monodisciplinary in their focus, causing them to fail as technology, business or the human context evolves. The Centre for Sustainable Cyber Security (CS2) takes a fundamentally different approach by drawing on multidisciplinary expertise to build effective, efficient and evidence-based solutions that work now and long into the future. These will lead us to sustainable cyber security.

We aim to:

• Conduct collaborative research and knowledge exchange on sustainable cyber security.
• Create societal and commercial impact through adoption of sustainable cyber security practices and technologies.
• Prepare PhD students and postdocs who will become internationally recognised for their contribution to cyber security science or industry.
• Continue being a vibrant research environment that attracts and keeps global talent in cyber security.

Learn more

Our impact on the world

Almost every aspect of modern life, from energy, transport and business networks to the provision of healthcare, food and education, depends on well-functioning and reliable digital systems. Emerging technologies such as artificial intelligence, robotics and Internet of Things, are also critically important as we seek to address the myriad urgent challenges now facing us in the 21st century, including climate change, sustainable development, transnational organized crime, pandemics and conflict.

The Centre for Sustainable Cyber Security (CS2) exists to ensure that current and future digital technologies remain protected and trustworthy, so that the digital transformation can enable positive change in the world.

Our primary objectives, aligned with the UN Sustainable Development Goals (SDGs) are to:

• Ensure reliability, resilience and sustainability of current and emerging industries, innovation and infrastructure (SDG9).
• Contribute to decent work and economic growth (SDG8) by ensuring sustainable entrepreneurship and high technology innovation through protection against cyber and data risks.
• Develop technologies for cost-efficient prevention of cyber crime and online harms in the context of sustainable cities and communities (SDG11).
• Develop digital forensics technologies and innovative practice in the context of peace, justice and strong institutions (SDG16).

Who we are

An interdisciplinary approach

We believe that multiple expert perspectives are needed to develop cyber security solutions which are effective over the long term. CS2 is therefore fundamentally interdisciplinary and holistic in its approach to research.

We bring together experts in computer science (e.g., cyber risk, verification, forensics, network security), engineering (e.g., Internet of Things security), law (e.g., privacy, data protection and cyber crime), psychology (e.g., online harms, face and voice recognition), and business (e.g., cryptocurrencies, cyber security economics).

Examples of recent, highly interdisciplinary projects include:

• COCOON and CHAI, which link psychology and education with cyber security;
• CUREX and MERIT, which combine cyber security and economics;
• TRILLION, which combines law with social media and cyber security; and,
• EUNOMIA, in which AI and cyber security are informed by ethics and political science.

Partners

In addition to our knowledge exchange and steering board, the Centre for Sustainable Cyber Security has worked with over 100 companies, universities and public sector organisations across the world in research, innovation and consultancy projects. Examples include IBM, Fujitsu, HP, Atos, Thales, Fiat, SONAE, G4S, Infineon and the UK National Cyber Security Centre (NCSC).

Funding

The work of the Centre for Sustainable Cyber Security is largely supported by the UK’s Engineering and Physical Sciences Research Council (EPSRC) and the European Commission (e.g., Horizon Europe). We are also seeking funding for further impact-related research from Innovate-UK and the Defense Advanced Research Projects Agency (DARPA) in the United States, among others.

Our research

Focus on impact from day one

From day one, all research conducted at CS2 is designed to deliver real-world positive impact. We ensure this by co-developing all projects in close partnership with the end-users, prioritising cost and process efficiency, and involving multiple disciplines. To maximise the industrial relevance of our work, its medium to long-term targets are also validated by our steering board for knowledge exchange and impact.

Our current research is grouped into three themes:

• Secure Cyber-Physical Systems, led by Prof. Loukas, focuses on practical and long-term security solutions for industrial control systems, Internet of Things and extended reality systems.
• Cyber Risk Mitigation, led by Prof. Panaousis, covers cost and energy-efficient risk mitigation, user acceptance, forensics and law.
• Certified Security and Privacy, led Dr T Khan, covers formal methods, verification and cryptography.

Secure Cyber-Physical Systems

This work addresses the sustainable cyber security of modern and future critical digital and industrial infrastructures, as exemplified currently by the Internet of Things (IoT) paradigm. Topics covered include helping people protect themselves and their communities against cyber-physical attacks in XR by providing them with machine learning-derived information and context; sharing information efficiently in complex IoT environments with forecasting and optimisation techniques; and defending Industrial Control Systems from cyber threats and human errors through applied cryptography.

Among recent activities relevant to this strand of research is the C4IIoT project (Cyber security 4.0 - Protecting the Industrial Internet of Things), which builds and demonstrates a novel and unified Industrial IoT cyber security framework for malicious and anomalous behaviour anticipation, detection, mitigation and end-user informing.

Cyber Risk Mitigation

Identifying the best way to mitigate cyber security risks has been a long-term objective of CS2 including the work in the H2020 CUREX project as well as the NCSC MERIT project. Naturally, mitigating cyber risks encompasses threat modelling, vulnerability assessment and finally optimisation of cyber security countermeasures that exhibit different levels of risk mitigation efficiency. Expanding to the protection of individuals’ privacy, CS2 is currently working on the Horizon Europe TANGO project aiming to assess and optimise privacy risks in large-scale data sharing scenarios.

Additionally, with AI fast becoming a part of daily domestic life, this work conducted at CS2 focuses on protecting users automatically, as well as ensuring they themselves can tell when their AI is misbehaving or has been maliciously manipulated. Topics covered include protecting AI and machine learning (ML) applications through adversarial modelling, anomaly detection and prevention; studying different humans’ ability to recognise malicious AI through personal profile context and experimental evaluation of brain activity; and assessing legal and ethical challenges of AI from an international law perspective. A current example of our work on trustworthy AI is the CHAI project (Cyber Hygiene in AI-enabled Domestic Life), which seeks to guard non-expert users against AI security breaches. Funded by the EPSRC, CHAI improves the transparency of AI design empowering users to protect themselves and develop new training programmes to enhance their “defending” skills.

Certified Sustainable Security and Privacy

This important strand of research looks at safeguarding the security and privacy of those using digital technologies in a manner that is verifiable. Topics covered include sustainable protection of software through inductive and deductive verification; legal challenges to assure fairness and digital rights in modern software; studying resilient personalised healthcare services; and threat modelling and strategic decision support through cyber security modelling and game theory. A recent example of our work on certified sustainable security and privacy is ENSURESEC. Funded by the European Commission, we developed a sociotechnical solution for safeguarding the EU’s Digital Single Market’s e-commerce operations against cyber and physical threats.

Teaching and training

As well as supporting postgraduate students exploring a range of cyber security topics, the CS2 offers continuing professional development. A recent example is a CPD course on digital forensics for law enforcement agencies.

Contact Us

Professor George Loukas (g.loukas@gre.ac.uk), CS2 Head

Professor Manos Panaousis (e.panaousis@gre.ac.uk), CS2 Deputy Head