Skip to main content

SCULI programme set to transform cybersecurity for large-scale infrastructure

Posted:

A major new research programme from the Universities of Bristol, Oxford, and Lancaster is set to address the grand challenge of providing cybersecurity at societal scale, following £6.8 million in funding from the Engineering and Physical Sciences Research Council (EPSRC).  

The SCULI (Securing Convergent Ultra-large Scale Infrastructures) programme will bring together experts from the Department of Computer Science, alongside counterparts at Bristol and Lancaster, who will work across industry, policy and beyond, to forge a pioneering new approach to delivering cybersecurity. 

A blue image of a computer board with a dark blue speech bubble over it with text reading “‘With the UK facing unprecedented risks to its critical services, the SCULI programme promises a crucial and timely shift in the scientific approach to the cybersecurity of large-scale infrastructure.’ Sadie Creese, Professor of Cybersecurity” and a smaller blue box with text reading @compscioxford #compscioxford. On the bottom left of the image, there is a circular photograph of Professor Sadie Creese.

The UK is the third most targeted country in the world for cyber-attacks, after the US and Ukraine, according to the House of Commons inquiry into Cyber Resilience of UK’s Critical National Infrastructure. From smart buildings, connected cities, smart farming and critical national infrastructure, the pace of change in digital technologies is increasing and so too is society’s dependence on them. As this increases, so does the risk of cyber-attacks and large-scale disruptions to essential infrastructure. 

The SCULI programme, which will be led by the University of Bristol, will draw on a unique mix of expertise - spanning sociotechnical approaches, and theoretical and applied computer science - and state-of-the-art lab facilities. It aims to transform the conceptualisation and delivery of cybersecurity in a world where connectivity has reached an unprecedented scale, with a prevalence of legacy and non-legacy systems, complex technology stacks and supply chains, and myriad intersections of humans and technologies.  

Experts currently build and test cybersecurity approaches for components and systems at small scale and then attempt to upscale these to the infrastructures deployed to deliver services to society. The SCULI programme aims to transform this approach to securing such infrastructures, by instead understanding what the problems are at scale and designing solutions to work at that scale. The complexity and uncertainty cannot be removed. Instead, the programme will embrace these issues as part of the problem and deliver solutions by both defining ideas and concepts, and designing and testing technical advances.  

Sadie Creese, Professor of Cybersecurity, is the departmental lead on the SCULI programme, and will be supported by Senior Research Fellow Michael Goldsmith and Associate Professor Ivan Flechais. 

With the UK facing unprecedented risks to its critical services, the SCULI programme promises a crucial and timely shift in the scientific approach to the cybersecurity of large-scale infrastructure. We look forward to working with our colleagues at Bristol and Lancaster, industry and policy makers to deliver new levels of reliability and security to major national and global projects of the future. Sadie Creese, Professor of Cybersecurity

Key elements of the programme will include:  

  • A model that provides on-the-fly representation of cybersecurity goodness and new metrics to support cyber risk decision-making.  
  • New ways to compose and orchestrate security provision across variety of infrastructures with legacy and non-legacy elements. 
  • Detection capabilities to assess with high accuracy, and at appropriate pace, the security state of such infrastructures throughout their operation to provide continuity of oversight and trust.
  • Incident response playbooks for such ultra-large-scale infrastructures and optimal ways to balance human-machine decision-making when infrastructures of such scale are under attack. 

The reality is that at any point in time there will always be partially trusted, untrusted or compromised elements in such large-scale infrastructures. So, we must redefine how we deliver cyber security. This is what SCULI will do – developing new science to provide predictability about security in such extreme uncertainty when we can only partially trust elements of the infrastructure. The scale and ambition of the SCULI programme has already enabled us to mobilise key industry, government and international partnerships to ensure that research advances are informed by real-world situations and flow through to real-world infrastructures. Professor Awais Rashid, University of Bristol

This is a grand challenge problem, that requires an exceptional research and impact collaboration. We are adding Lancaster's expertise in distributed security theory to the collective socio-technical competences of Bristol, Oxford and Lancaster towards tackling this challenge. It will involve applying blue sky research to real societal problems while also amplifying the UK’s Cybersecurity leadership. Professor Neeraj Suri, Lancaster University