Tackling cybercrime

As both our personal networks grow and national infrastructure become ever more connected, the need for cybersecurity research, education and training has never been stronger, argues Ged Powell, Business Manager at Southampton’s recently launched Cyber Security Academy.

Cybersecurity is becoming a substantive issue for humanity. The Talk-Talk and Ashley Maddison hacks in 2015 gained much media attention, but serious though these attacks were, they demonstrate only a small percentage of the potential for cybercrime and cyberterrorism. Cybercrime is estimated to cost the global economy £266bn every year. The protection of critical infrastructure, of industrial and economic processes, of government, businesses and users’ data, privacy and interests has emerged as a major national concern. As early as 2010, the National Security Strategy rated cyberattacks as a ‘Tier 1’ threat.

Institutions such as the University of Southampton have a full time, professional IT staff that is well trained and vigilant in the fight against cyberattack. The latest tools are deployed on the University’s networks and all users are advised in the basics of Cyber Essentials – the government’s cybersecurity advice scheme. It has been shown that 80 per cent of known, successful cyberattacks would have failed if simple Cyber Essentials practice had been followed. This illustrates an important point – technical security is usually only as effective as the users’ awareness and good practice will allow. The vast majority of successful hacks exploit human vulnerability or failure to a large degree. Cybersecurity awareness is not a natural instinct for most people and this needs to change.

There is a clear and pressing demand for cybersecurity training, education and research. Research is required to provide tools and technologies in the arms race with ever more well-educated criminals launching increasingly sophisticated attacks. It is said that in the next 20 years cyber research will have the same kind of momentous social and economic impact as medical research had in the 20th century.

The Cyber Security Academy, recently launched at the University of Southampton, is helping meet the demand for greater training and research. Working in partnership with government and industry, it will provide a national focal point of expertise, research and teaching for cybersecurity. The Academy will harness the research excellence, industrial expertise and training capacity that exist within the University and throughout the region into a coherent, University-centered technopole. The Academy will be the hub of this community, drawing talented individuals to study and work in the region by stimulating, fueling and promoting a wide range of opportunities in cybersecurity and related sectors.

The Academy is based at the Centre for Cyber Security at the University. The Centre was awarded Academic Centre of Excellence status by GCHQ in 2013. This award recognises the University’s multidisciplinary capability in the area of cybersecurity, acknowledging the excellent research contribution across a range of disciplines from computer science, electronics, criminology, law, business and psychology. The Academy will draw on the world-class expertise available from the University’s top researchers to deliver a genuinely multidisciplinary research capability with national importance and global reach in the field of cybersecurity.

The first companies have joined the Academy and more will be brought onboard so that all relevant industry sectors will be represented. The Cyber Security Academy is currently recruiting a high-profile, Royal Academy of Engineering-sponsored chair and several academic staff members. Postdoctoral researchers will also be hired to sustain the consultancy and research efforts. In addition to this, a doctoral training centre will be bootstrapped with a substantial annual intake of PhD students. It is envisioned that the partnership will be enlarged by involving other higher educational establishments in the geographical area and major companies as core members on a national and eventually international basis.

Education at all levels is required to produce a stream of cybersecurity operatives and professionals, who can ensure that security becomes part of the DNA of future systems and networks. High-quality training such as that provided by the Academy, will deliver a cybersecurity dimension to the expertise of the existing professional workforce – supporting efforts to manage the threats and attacks that are being experienced right now.