View all news

University of Bristol to lead the way in making future digital infrastructures cyber secure

Press release issued: 18 April 2024

A new University programme which will address the grand challenge of providing cyber security at societal scale has received £6.8 million funding from the Engineering and Physical Sciences Research Council (EPSRC).

The SCULI (Securing Convergent Ultra-large Scale Infrastructures) programme brings together researchers from the Universities of Bristol (lead), Oxford, and Lancaster, who will work with partners across industry, policy and beyond, as well as drawing on their own state-of-the-art lab facilities.

The UK is the third most targeted country in the world for cyber-attacks, after the US and Ukraine, according to the House of Commons inquiry into Cyber Resilience of UK’s Critical National Infrastructure. From smart buildings, connected cities, smart farming and our critical national infrastructure (power, water, transport), the pace of change in digital technologies is increasing and so too is our dependence on them. As this increases, so does the risk of cyber attacks and large scale disruptions to infrastructures on which we rely every day.

The SCULI programme will draw on a unique mix of expertise, spanning sociotechnical approaches, theoretical and applied computer science, to transform the way we conceptualise and deliver cyber security in a world with connectivity at unprecedented scale, prevalence of legacy and non-legacy systems, complex technology stacks, complicated supply chains and myriad intersections of humans and technologies.

Experts currently build and test cyber security approaches for components and systems at small scale and then attempt to scale these up to the infrastructures deployed to deliver services to citizens. The SCULI  programme is about transforming the way we secure such infrastructures – understanding what the problems are at scale and designing solutions to work at that scale. The complexity and uncertainty cannot be removed. Instead these issues are embraced as part of the problem and headway achieved through both defining ideas and concepts and designing and testing technical advances.

Professor Awais Rashid, head of Bristol Cyber Security Group in the School of Computer Science – SCULI Programme lead explained: "The reality is that at any point in time there will always be partially-trusted, untrusted or compromised elements in such large-scale infrastructures. So we must redefine how we deliver cyber security. This is what SCULI will do – developing new science to provide predictability about security in such extreme uncertainty when we can only partially trust elements of the infrastructure.”

"The scale and ambition of the SCULI programme has already enabled us to mobilise key industry, government and international partnerships to ensure that research advances are informed by real-world situations and flow through to real-world infrastructures."

Key developments will include:

  • A model that provides on-the-fly representation of cyber security goodness and new metrics to support cyber risk decision-making.
  • New ways to compose and orchestrate security provision across a variety of infrastructures with legacy and non-legacy elements.
  • Detection capabilities to assess with high accuracy, and at appropriate pace, the security state of such infrastructures throughout their operation to provide continuity of oversight and trust.
  • Incident response playbooks for such ultra-large-scale infrastructures and optimal ways to balance human-machine decision-making when infrastructures of such scale are under attack.

Sadie Creese, Professor of Cybersecurity at the Department of Computer Science, University of Oxford, said: “With the UK facing unprecedented risks to its critical services, the SCULI programme promises a crucial and timely shift in the scientific approach to the cybersecurity of large-scale infrastructure. We look forward to working alongside our colleagues at Bristol and Lancaster, industry and policy makers, to deliver new levels of reliability and security to major national and global projects of the future.”

Professor Neeraj Suri, Chair in Cyber Security at Lancaster University, added: “This is a grand challenge problem, that requires an exceptional research and impact collaboration. We are adding Lancaster's expertise in distributed security theory to the collective socio-technical competences of Bristol, Oxford and Lancaster towards tackling this challenge. It will involve applying blue sky research to real societal problems while also amplifying the UK’s Cybersecurity leadership.”



Edit this page