Closing date: 21 September 2021
This project aims to address the need for near-real-time risk assessment for safe and continuous operation of critical infrastructures, e.g., water, power, transportation, when faced with an ongoing cyber-attack. Such infrastructures were traditionally not connected to the Internet hence the protocols, devices, software, and platforms have not had security as a core design consideration. Increasingly, they are being connected to enterprise systems for improved business process monitoring and optimisation. This convergence has led to several cyber security issues, in turn leading to safety or operational interruptions as evidenced by various high-profile incidents. The critical nature of these systems means that the infrastructure cannot simply be shut down on the first sign of attack and one needs to understand – in near-real-time – the implications of an ongoing attack on safe and continued operation, take mitigating actions and ensure that the infrastructure can keep running (albeit at a reduced capacity) in a safe manner, e.g., through isolation of compromised elements.
This project will develop a near real-time dynamic risk assessment model that maintains an ongoing representation of the security state of an infrastructure system, showcasing the ongoing status of an attack event, its implications in terms of composition with other events, and potential for violation of a safety or operational goal. This will enable not only dynamic risk assessment of an unfolding attack (and effectiveness of countermeasures) but also enable foresight into the potential paths that an attack may take to compromise safety or operational goals and make informed decisions on when an attack has escalated to a point where whole system shutdown is essential.
Prior to any application, please contact Prof Awais Rashid (firstname.lastname@example.org) to discuss your research proposal to see if it aligns with his current research. No indication of an offer can be made until a completed application has been received.
Applicants must hold/achieve a minimum of a Master’s degree (or international equivalent) in Computer Science, Safety Critical Systems, Artificial Intelligence/Data Science. Applicants without a master’s qualification may be considered on an exceptional basis, provided they hold a first-class undergraduate degree. Please note, acceptance will also depend on evidence of readiness to pursue a research degree.
Basic skills and knowledge required:
This is a fully funded 4-year studentship covering a minimum £18,800 tax-free stipend per year, tuition fees at UK student rates, and equipment and travel allowance to support research related activities. For EPSRC funding, students must meet the EPSRC residency requirements.
Call for Events is now open! We're supporting Members and Expert Fellows to lead activities that explore aspects of TIPS in the Digital Economy. We will help to organise the activity with up to £5,000 to cover the associated costs.