University, industry experts join forces in UK-wide digital security network

Cybersecurity experts from academia, industry and civil society in the UK are coming together in a major collaborative effort to tackle challenges to trust and security faced by businesses and wider society in the digital age.

The four-year nationwide initiative will see the formation of a consortium called the Security, Privacy, Identity and Trust Engagement NetworkPlus or SPRITE+, a public-funded network to be led by the University of Manchester.

With a GBP1.7 million grant from the Engineering and Physical Sciences Research Council (EPSRC), the UK’s main agency for funding research in engineering and the physical sciences, network members will undertake studies and pilot projects, as well as hold workshops and facilitate internships and staff exchanges.

“This is an exciting and ambitious venture,” said University of Manchester’s Professor Emma Barrett, the initiative’s research lead.

“SPRITE+ will harness outstanding UK research expertise in security, privacy, identity, and trust, to address priority challenges identified by and with stakeholders.

“Together, we will create new knowledge, deepen collaborations, and support the growth of interdisciplinary, stakeholder-focused research for the benefit of our society and economy,” she said.

Joining Barret will be academic researchers Dr Stacey Conchie (Lancaster University), Professor Bill Lee (Imperial College London), Professor Sakir Sezer (Queen’s University Belfast) and Professor Vladimiro Sassone (University of Southampton), who is also the director of Southampton’s Cyber Security Academy.

A total of 11 high-profile organisations have signed up as project partners so far – BT, Nasdaq, Arm, Titan IC, Tiani Spirit, National Grid, LORCA, the Open Data Institute, South Korea’s Hanyang University, Greater Manchester Police and the Office of HM Chief Scientific Advisor for National security – with more to follow soon.

Sassone said considering the accelerated pace of advancements in technology today, the initiative could not have come at a better time.

“This work has never been more vital, with implications for all aspects of our lives, especially with the huge and growing volume of data being shared daily and the proliferation of AI,” he said.

Cybersecurity is a major challenge facing even the world’s most advanced economies. In the UK, estimates from 2016 say cybercrime cost the UK economy between GBP11 billion and GBP30 billion each year. Recognising that cyberattacks were among the top threats to the country’s economic and national security, the UK in 2017 rolled out its National Cyber Security Strategy, a five-year programme that laid out a series of ambitious goals, actions and metrics to keep the country resilient to such attacks.

Among others, the strategy promised to work closely with industry to strengthen the government’s IT defenses, buttress law enforcement’s cybercrime capabilities and help grow the country’s cybersecurity industry to keep pace with global cyber threats. A total of £1.3 billion was committed to the programme.

In March 2019, however, the National Audit Office (NAO) said the programme lacked direction in key areas involving the protection of the country’s critical infrastructures. Among others, NAO said the government appeared uncertain about where it should concentrate efforts to “make the biggest impact or address the greatest need”, according to a BBC report.

Worryingly, the government also reportedly has no way of accurately gauging the effectiveness of their projects as methods to measure success are still under development. NAO said the Cabinet Office did not even produce a business case prior to launching the programme, leading to a mismatch of budget and strategy.

“It’s a bit like putting the cart before the horse,” Professor Alan Woodward, a computer security expert at the University of Surrey, said. “The overarching thing that comes out from the NAO is that [the government] decided on the budget and then they decided on the strategy.“

In such a climate, the SPRITE+ initiative will prove a necessary investment by the government to play a supporting role in the overall cybersecurity agenda.

“This SPRITE+ Network will be at the forefront of understanding the implications of how the many rapid advances in digital technologies and connectivity are affecting issues around privacy, confidentiality, transparency, accountability and public acceptability,” said Sassone, who holds the Roke/Royal Academy for Engineering Research Chair in Cyber Security at Southampton.

SPRITE+ is one of five “NetworkPlus” activities supported by the UK Research and Innovation’s Digital Economy (DE) Theme. All NetworkPluses aim to bring together interdisciplinary research communities and stakeholders to identify research opportunities and build collaborations that will bring national benefit.

SPRITE+ will launch this September.