Security school: academics take on cyberterrorists

6 Oct 2011
security blue

Davey Winder wonders if academics can succeed where governments and commercial vendors have not in the security battle

The fight against cybercrime has some new ammunition: academics at City University London.

That university's new £450,000 Centre for Cyber and Security Sciences is bringing together experts in cryptography, systems science, software reliability and information, network, and physical security to bring an academic approach to tackling the threats posed by cyberterrorism and cybercrime.

But is this the best way to battle cybersecurity in the real world, or does the industry need to be involved? Professor David Stupples is the Royal Academy of Engineering Visiting Professor in Integrated System Design at City University London, and believes such a research centre could have positive results.

"Cybercrime and its more serious cousin cyberterrorism is the most sophisticated threat facing the law-abiding world today,” Professor Stupples told PC Pro. “The cost of cybercrime alone is approaching $500 billion (£320 billion) per annum and it would not be possible to put a figure on terrorism.”

Educated security battle

As the perpetrators of such crime are intelligent and well versed in the technical details of computer systems and the internet, fighting them successfully requires more than just computer scientists, he argues.

Cybercrime and its more serious cousin cyberterrorism is the most sophisticated threat facing the law-abiding world today

“It also needs information scientists, communications engineers, social scientists, lawyers and business professionals,” the professor explained, concluding that the most effective way to bring such a diverse group together is within a single centre that can facilitate discourse and let experts work as a team.

It can also help create the experts of the future. Dr Muttukrishnan Rajarajan, leader of the Information Security Group at City University London, told PC Pro that with security being a relatively new science it was important for centres such as this to train graduates with the key skills required to be able to solve current and future threats.

“These types of centres of excellence can also run specialised certification and training programmes for industry to fill the gap in security skills,” Dr Rajarajan insists, saying more and more security experts are needed as large corporations and governments create dedicated departments to address the issue.

At school or on the job

However, there’s a difference between using universities to train future experts and focusing research at academic institutions. Would efforts - and Government funding - be better placed with the security professionals working within both private and public sectors already, or with the law enforcement specialists out there at the coal face of cybercrime?

“Centres of this nature can take a 360-degree approach to the problem of cybercrime and can hence identify solutions which cannot be solved by an individual organisation or government,” argues Dr Rajarajan.

Professor Kevin Jones, Professor in Dependability and Security of Socio-technical Systems at City University London, is sure that academics are the right people to perform “basic, fundamental and applied research in the areas of cybercrime and cyber terrorism”.

He says these areas need to be covered in a way that is less likely to happen in even the best funded of corporates as “the aim of pure research and commercial profitability are quite different”.

Read more

Analysis