MSc Cyber Security
.jpg)
Certified by the NCSC – a part of GCHQ
The MSc Cyber Security (Infrastructures Security) degree has been awarded Provisional Certification by the NCSC
About
MSc Cyber Security (Infrastructures Security)
Digital technologies drive economic growth yet create new cyber risks demanding ever more sophisticated solutions. There is worldwide demand for new and innovative approaches to tackle global cyber-threats specific to large-scale infrastructures, from energy production to finance through to healthcare and smart transportation. The cyber security of such infrastructures is paramount – their disruption can have large-scale impacts on society as well as massive business losses. There is a major shortage of cyber security professionals globally, and the specialist nature of critical infrastructures makes the problem even more acute.
A strong ethos of rigorous experimental and empirical cyber security research underpins the MSc, facilitated by a state-of-the-art testbed for studying critical National Infrastructure (CNI) and Internet of Things (IoT) security, and bespoke teaching equipment. You’ll learn to apply foundational cyber security techniques to infrastructure and will develop the skills for engineering scalable solutions. You'll be exposed to real-world problems that are practical and challenge-oriented but underpinned by rigorous research.
This MSc aims to:
- Enable a deep understanding of fundamental concepts, design principles, building blocks and methods to understand and mitigate against cyber security threats;
- Give you hands-on experience of working with devices, systems and networks utilised in realistic infrastructure environments;
- Equip you with the ability to apply security principles and technical knowledge to analyse complex real-world infrastructures systems (including software systems, networks, control systems and IoT) to identify potential security issues and solutions;
- Provide you with the skills to reason critically about complex problems that require evaluation and analysis from a multi-dimensional perspective including technical, human and organisational aspects.
MSc Cyber Security (Software Security)
New approaches to building software, such as continuous delivery cloud-based scalability, and Open Source have accelerated technological innovation. Modern software now underpins vast, complex systems across society, from energy and finance to healthcare and smart transport. This new software ecosystem has also given rise to new forms of security threats, malware and system vulnerabilities. There is also now a heightened need from end-users, regulators and other stakeholders for accountability, privacy, and demonstrable and effective data protection measures from developers.
The consequence is an increased worldwide demand for software security experts who are able to understand the security challenges that modern software brings and offer strong solutions to mitigate harm to valuable software-enabled infrastructures. There is a major shortage of software security experts with the skills required to protect software-intensive businesses from disruption that can have large-scale impacts on society and massive business losses.
A strong ethos of rigorous experimental and empirical cybersecurity and privacy research underpins the MSc. Leveraging our bespoke teaching equipment, you'll learn to apply foundational software techniques necessary to protect often interdependent software systems and will develop the skills for engineering scalable solutions. You'll be exposed to real-world problems that are practical and challenge-oriented but underpinned by rigorous research.
This MSc aims to:
- Enable a deep understanding of fundamental concepts, design principles, building blocks and methods to understand and mitigate against cyber threats that impact critical and complex software systems.
- Give you hands-on experience in articulating software security issues by working with devices, systems and networks utilised in realistic environments such as state-of-the-art testbeds for inter-meshed systems, CNI and IoT.
- Equip you with the ability to apply these security principles in analysing cybersecurity problems and challenges from a variety of vantage points: networks, systems, human factors and risk, control systems and Internet of Things devices, reason about the security and privacy properties of underlying software and implications in large-scale and inter-meshed settings.
- Enable you to apply secure software engineering principles and lifecycle to design and implement software solutions that proactively and reactively address security and privacy issues by default.
- Provide you with the skills to reason critically about complex problems that require evaluation and analysis from a multi-dimensional perspective including technical, human and organisational aspects.
Why study MSc Cyber Security (Infrastructures Security)?
Find out what you’ll be studying in this hands-on innovative MSc from Programme Director, Awais Rashid.
The part-time programme provides the exact same coverage and depth as for full-time students albeit the course is taken over a period of 2 or 3 years.Students will have a recommended set of units to take as follows (see programme structure below):
- Year 1: TB1 units Foundations and Network Security; TB2 Unit: Security of Industrial Control Systems.
- Year 2: TB1 unit: Fundamentals of System Security; TB2 Unit: IoT & IIoT Security. Depending on whether the student aims to finish within 2 or 3 years, a dissertation project can be undertaken in Year 2 or 3.
- Other combinations can be allowed as long as the pre-requisites are respected and with the express permission of the Programme Director. For instance, a student may take all of TB1 units in Year 1, all of TB2 units in year 2 and the dissertation in year 3. This would be an acceptable combination.
MSc Delivery Team
- Dr Inah OmoronyiaDr Inah Omoronyia is the MSc Director and has a portfolio of collaborative, entrepreneurship and innovative research in areas of engineering privacy and security in software systems. His work is driven by the view that better software design (inc. its process, requirements, implementation and testing) is a pathway to effective data-inspired technological innovation, regulatory compliance and privacy. His research is funded by the industry, Innovate UK, EPSRC and Scottish Enterprise. Omoronyia is a previous ERCIM Fellow and co-leads on training and student experience within the CDT.
- Dr Stanislav AbaimovDr Stanislav Abaimov is a Lecturer in Network Security in the School of Computer Science, University of Bristol. He received a PhD in Cyber Security and Electronic Engineering from the University of Rome, Tor Vergata; and earned a degree of MSc in Information Security at the Royal Holloway, University of London. Stanislav’s research area is related to cyber security of industrial control systems, including smart grid and cyber physical systems. Stanislav is a contributing member of the Pugwash Conferences on Science and World Affairs. He is also a supporter of innovations in renewable energy.
- Dr Sana BelguithDr Sana Belguith is a Lecturer in Cyber Security at the University of Bristol and a member of the Bristol Cyber Security Research Group. Prior to this, she was Lecturer in Cyber Security at the University of Salford. Previously, She was a Post-Doctoral Researcher in the Department of Computer Science at the University of Auckland, New Zealand. She has been a visiting researcher at Telecom SudParis, France. She holds a PhD in Computer Science from the Tunisia Polytechnic School and an Engineering Degree in Telecommunication from the National Engineering School of Tunisia. Dr. Belguith’s major research interests include, distributed systems security (such as Internet of Things, Cloud Computing, Publish and Subscribe Systems, etc.), applied cryptography, privacy enhancing techniques, access control, attribute-based encryption, searchable encryption, and Blockchain.
- Dr Barney CraggsDr Barney Craggs is a Lecturer in Cyber Security within the Bristol Cyber Security Group. As well as his role as the University of Bristol CSO, Barney leads a programme of research in securing UK universities. His own research looks at the role of humans in cyber physical systems with a focus on security ergonomics, cultural practice and decision making.
- Dr Matthew EdwardsDr Matthew Edwards’ research interests lie at the intersection of cybersecurity and data science, commonly crossing over into the application of machine learning techniques to cybercrime prevention. His work has focused around understanding security implications from online data in application domains such as child protection, social engineering, online fraud and technological cybercrime, whilst simultaneously attempting to improve the transparency and reliability of technologies used for cybersecurity purposes.
- Dr Joe GardinerDr Joe Gardiner is a Lecturer in the School of Computer Science, at the University of Bristol. His research interests include the security of cyber-physical systems, the design of robust controller architectures for software defined networks and the security of machine learning.
- Dr Joseph HallettDr Joseph Hallett is a Lecturer in Cyber Security at the University of Bristol. Their research explores how we can build security into operating systems and programming languages in a way that helps developers get it right and create secure software without making too many mistakes. Since 2018, he has been investigating how to develop an empirically grounded theory of secure software development by the masses. More recently, Joseph has been working on achieving greater awareness and sociotechnical understanding of the human barriers that stand in the way of next generation digital security success, to transform policy making, accelerate adoption and drive consistent use.
- Dr Mengxiang Liu
- Dr Ola MichalecDr Ola Michalec is a social scientist embedded in the University of Bristol Cyber Security Research Group. Since 2019, she has been investigating how diverse practitioners collaborate to implement the NIS Directive across critical infrastructure sectors through a project funded by RITICS . More recently, Ola has been working on anticipating security regulations for the emerging technologies in the decentralised energy systems. In terms of her plans for the future, Ola is about to start a Fellowship funded by RITICS and the National Cyber Security Centre, where she will continue her work on better Indicators of Good Practice and cyber maturity in NIS.
- Dr Alma Oracevic
- Dr Marvin RamokapaneDr Marvin Ramokapane is a Lecturer in the School of Computer Science, at the University of Bristol. As a researcher in cyber security and privacy and leveraging his technical and socio-technical research methods, he aims to understand how users perceive and use technology with regards to security and privacy. He is particularly interested in three areas, (1) usability, (2) privacy, and (3) trust. His research on usability focuses on understanding the usability practices and the challenges faced by users and operators alike when enforcing security and privacy measures. I aim to understand the challenges and propose viable solutions. Regarding privacy, he is interested in understanding users’ perceptions and norms around the use of smartphones and smart home devices. His research on trust focuses on understanding the factors that engender trust in various applications such as peer to peer electricity trading platforms.
- Professor Awais RashidProfessor Awais Rashid is the Director of the Centre for Doctoral Training TIPS-at-scale and our CDT lead for socio-technical approaches to software and infrastructure security. Awais has 20 years of expertise leading large, multi-partner, interdisciplinary projects. He leads Bristol Cyber Security Group (with members from computer science, sociology, psychology, criminology) and is the director of the new UKRI Interdisciplinary Research Centre: REPHRAIN. Previously he was Associate Dean for PG studies and Director of the Science & Technology Graduate School (managing the EPSRC DTP) at Lancaster University (2010-2013). He is a member of the advisory boards for EPSRC’s Digital Economy programme and the UKRI Partnership for Conflict, Crime and Security Research; and also serves on two UK government cyber expert groups. He heads the National Cyber Security Programme CyBOK project.
Research Activities
Project topics are released to students during TB1:
- The aim of the project is to carry out an in-depth investigation into a specific area of cyber security relevant to the programme topic (Infrastructures Security or Software Security) and to make a valuable and original scientific or technical contribution.
- The focus is on discovery and demonstration of innovative cyber security ideas that will have the potential to generate real-world impact or otherwise have impact for some research community.
- Projects may involve the design of hardware, software, experiments, studies involving human users or organisations (within the scope of the programme topic). Topics may include threat hunting relating to critical infrastructures, developing new software security mechanisms or new types of vulnerability analysis or intrusion detection systems. Students may also conduct studies deploying a number of security mechanisms to experimentally evaluate their comparative strengths and weaknesses.
- Specialist teaching equipment for ICS and IoT security – custom-built equipment for Industrial Control Systems (ICS) teaching and projects; the Testbed is a state-of-the-art experimental research facility including 2 physical processes (water treatment plant, model factory); three station Security Operations Centre (SOC); dedicated workshop featuring a 3D printer, circuit board printer, soldering station and tools.
- Absolutely – Cyber Security is a long-standing research strength and a strategic priority for the University. The programmes are founded on the internationally recognised research expertise, team and unique facilities of Bristol Cyber Security Group - students will be taught by research experts in the field. The group also developed world-first teaching equipment and materials, not available elsewhere, which will be used in these Master’s programme.
- In the taught part of the programme students will acquire hands-on experience of applying their knowledge to real devices and systems by working on specialist equipment in the labs (drawing upon the state-of-the-art CNI and IoT testbed facilities developed by the research group) to hone their skills through supervised lab sessions. Group work, for example large case studies, will be utilised in order that students gain an understanding of leveraging and applying their knowledge. These group working skills are key in this sector as securing such infrastructures requires teamwork and collaborative effort and leveraging understanding from a diverse range of perspectives. Students will also develop their individual analytical and problem-solving skills by applying the knowledge gained in the programme to case studies or development of security applications or tools. Students will develop confidence in their abilities to solve problems unaided through extension exercises that will follow-on from the lab workbooks on a weekly basis.
- The MSc Dissertation Project represents the pinnacle of the MSc Cyber Security degree programme allowing students to independently (with a dedicated supervisor from the research group) carry out an in-depth investigation into a specific area of cyber security. In the run-up to this students will take courses on research methods, dissertation writing and responsible innovation (not part of a standard unit, or assessed) as well as a dedicated panel session with academic staff to discuss what makes good research questions depending on the nature of a project, e.g., technical, experimental or empirical.
- There will also be seminars which students will have the opportunity to attend. The Cyber Security Group participate in or lead several major initiatives, e.g., leading projects in national institutes and centres and hosting such centres too. There are many events related to the research in these centres and some events are open to graduate students. Our students will naturally be invited to such open events.
Facilities
The Bristol Cyber Security Group testbed provides a realistic environment for research into cyber-physical systems security. It has been built from the ground up, based on extensive past experience of building ICS security testbeds and input from industry partners.
Joe Gardiner, Lecturer, Department of Computer Science, outlines the Bristol Cyber Security Group Testbed Tour.
Multiple physical and virtual processes
Including a water treatment plant, model factory and building management system, each within distinct, centrally managed field sites.
Physical industrial control hardware
Sourced from a number of vendors including the latest devices with the newest protocols.
Fully-realised experimental network environment
Covering both the IT and OT network environments, with comprehensive data capture abilities.
Training and prototyping environment
Comprehensive fully simulated environments and small scale physical testbeds.
ICS training boxes
Designed and built in-house.
Remote field site with physical process
Mobile and self-contained.
Federated architecture
Allowing for granular integration of remote testbed/control structures to enable large scale and diverse experimentation.
Our own workshop
Including 3D-print capabilities for rapid prototyping.
Access to the electrical engineering workshop team
For design and building of testbed infrastructure.