Skip to main content

Centre for Cyber Security and Resilience

A Newcastle University Centre of Research Excellence

Protecting the fabric of society

Emergent systems have a profound impact on society. They affect society’s interaction with those technologies in unprecedented ways.

This holds for the individual’s experience of the digital realm, as well as for society as a whole. We:

  • research and innovate in cyber security and resilience
  • look at key emergent systems
  • support individuals and society to guard safety, progress and prosperity

We aim at collaborating across faculties to create research opportunities. These include work in:

  • core cyber security and resilience techniques
  • key emergent application areas, meaningful for society
cyber nucore logo

The Centre is led by its Director, Prof Thomas Gross, the Professor of System Security of the School of Computing, and a dedicated steering group, the members of which represent designated research themes introduced below.

Our research themes

The initial research themes are designed to build bridges between Newcastle research strengths and yield cross-disciplinary value.

Artificial intelligence

Artificial intelligence (AI) is a pervasive technology. It can aid all areas of our lives. Cyber security and resilience is no exception.

We can develop systems which learn to make systems more secure. AI can also benefit from cyber security and resilience. We can make AI more robust and less susceptible to attacks.

Theme lead: Dr Stephen McGough

Bio/nano systems

Our research theme will look at all aspects of bio/nano cyber security. We must secure the entire supply chain of nano-bio products and processes as:

  • DNA synthesis becomes cheaper
  • sophisticated molecular and genetic engineering tools become more widespread

This includes securing:

  • the design process of nano-bio products (cells lines, plasmids, organoids, etc)
  • their deployment (e.g. in the food supply, environment or body)
  • final decommissioning

Our theme is keen to engage with a gamut of stakeholders. They represent experts on nanotechnology, biotechnology, cybersecurity.

They include industrial, government and public organisations and individuals. We gather all relevant perspectives on the future of bio/nano cyber security. That includes responsible innovation.

Theme lead: Prof Natalio Krasnagor

Cyber-Physical Systems (CPSs)

Cyber-Physical Systems (CPSs) are inter-connected systems that include physical components, computer control, networking and data collection, and human interactions. Examples include industrial control systems, precision agriculture, critical national infrastructure, on-body medical devices and drones. CPSs must be resilient to both cyber and physical attacks, and research is required to offer secure, resilient and, safe systems at all abstraction layers. This is not only meant to protect CPSs from threats creating a hazard for society: CPS research, in turn, infuses new thought paradigms into cyber security and resilience through the integrative modelling of the physical world and circular causality (feedback loops) of cybernetics, which give rise to autonomous and adaptive security systems.

We focus primarily on modelling and analysis as a solution to the challenge of CPSs, including how whole-system models and Digital Twins (DT) can better demonstrate resilience, how models of human performance and threats can be incorporated into these models. We will also investigate side channels and how both cyber and physical attacks can compromise CPSs, as well as how explainable trustworthy Artificial Intelligence (AI) can be used in CPSs in a way that is both verifiable and understandable.

Theme leads: Dr Ken Pierce and Dr Mujeeb Ahmed

Financial technologies

Many service firms (accounting, legal and financial) embrace big data and data analytics.

Research on Fintech applications and the effects of cyber-crime is sparse. So we're unclear about the impact on various stakeholders and firms’:

  • financial performance/risk
  • social commitments
  • governance

Under this theme, research and targeted grants will cluster around various sub-themes.

We'll investigate Fintech firms and financial institutions, looking at:

  • cyber risk assessment/mitigation models
  • governance systems/social responsibility
  • human interactions/behaviours

We aim to present international insights and key policy implications. They will reflect cross-country comparisons.

We'll use inter-disciplinary research designs, new methods and unique datasets for cyber security. They will address both conceptual and empirical contexts.

Theme lead: Dr Marwa Elnahass

Medical systems

This theme will investigate the end-to-end protection for medical systems to:

  • safeguard patients’ lives, health and treatment success
  • ensure informed privacy for their data

It will not only consider the cyber security and resilience of such systems. It will also investigate privacy preservation and disclosure risk mitigation on identifying or sensitive personal information.

Its scope covers:

  • medical, clinical and public-health systems
  • the sharing and analysing of health data
  • the challenges of ethics and governance vis-à-vis evolving healthcare technology

Theme leads: Dr Jaume Bacardit and Dr Leo Freitas

Governance, law and new technologies

The vision for the stream governance, law, and new technologies is to explore the interaction between politics, international relations and law in cybersecurity research and development that places sociotechnical understandings of cybersecurity at the heart of its research.

Considering the increased role of cybersecurity in national security and economic concerns, this stream of research considers how policymakers, industry professionals, and civil society view cybersecurity, what problems they identify, and then how they then pursue legal or policy initiatives to address those cybersecurity concerns. We consider the following non-exhaustive list as indicative of the themes of this stream:

  • Political salience: As cybersecurity moves from an issue considered technical and niche to one that is central to many states’ security policies, how does this change the importance of cybersecurity in the eyes of the public? Could cybersecurity become an issue that carries similar weight to other political issues such as health, the economy, or immigration? This research theme explores public understandings, and the political importance of, cybersecurity to a general public audience, which can help us to understand how this may shape cybersecurity laws and policies.
  • Geopolitical cybersecurity: With increased geopolitical fragmentation and increased security and trade tension between states, is cybersecurity moving from something considered a public good to one that is considered rivalrous, reducing the potential for international collaboration and collective responsibility? This this research theme considered the impact of geopolitics and increased national protectionism and its impact upon international cybersecurity cooperation.
  • Informed lawmaking: How do policymakers levels of understanding and expertise impact upon the development of legal regimes for cybersecurity compliance and enforcement? To what extent do lawmakers rely on the expertise of cybersecurity professionals, and how are the views of the general public taken into account during legislative development?
  • Regulatory convergence/divergence: This research theme explores laws applicable to cybersecurity in a comparative perspective. Do we see cybersecurity legislation implemented by states or regions converging towards common goals, approaches and standards, or do we instead see divergence, where the approaches, standards, or compliance mechanisms increasingly differ between states or regions?
  • Future-proof law and policy: Regulating new and emerging technologies is a complex issue, where there is a difficult balance to be struck between technological neutrality, ensuring that new developments can be captured by new laws and policies, and specificity, which ensures a clear and precise approach to regulation. This theme explores how this balance can be struck, or indeed, whether such a balance is possible.
  • Compliance by design: To what extent can regulatory mechanisms be incorporated into cybersecurity technology design? Privacy by design holds that privacy and data protection should be considered at all stages of the development process, rather than seeking to ‘retrofit’ privacy or treat it as an after-thought. As legal cybersecurity compliance mechanisms develop, can they be incorporated into the design of systems in a way that guarantees ‘cybersecurity by design’?

Theme lead: Dr Ben Farrand

Human identity and trust

The Human Identity and Trust cross-cutting theme seeks to promote social justice by advancing knowledge on public awareness of and engagement in cyber security issues and citizens’ experiences of cyber security threats. By examining how individuals and groups negotiate their identities online; the level of trust they invest in their online interactions; and how they navigate their online decisions, the twofold aim is to (a) prevent digital technologies from performing as sites that reflect, exacerbate, or reinscribe social inequalities through design, production, and use and (b) identify and promote ways to protect citizens’ online identities and enhance individual and community trust in digital technologies.

Potential projects and approaches

The following themes and issues are illustrations of potential projects, reflecting the cross-cutting theme’s vision:

- To identify potential interdisciplinary research projects (UK centred or cross-national studies):

To understand the social implications of current and future technologies, the aims is to foster and support a series of citizen-oriented interdisciplinary research projects between members of HASS and other Faculties to attract research grants, centred on the intersectional dimensions of cybersecurity pertaining to identity and trust, by focusing on:

a) accountability, trust, and transparency

b) the growing normalisation of dis/misinformation, surveillance, and capitalist exploitation.

c) factors of age; disability; gender; children and youth; race, and ethnic identities

d) knowledge-sharing to promote online safety in everyday life and work, by enabling individuals and organisations reduce the risk of cyber-attack.

Theme leads: Prof Deborah Chambers and Dr Tina Sikka

Responsible and sustainable innovation

Our vision for this research stream is to pioneer a new era in cyber security research and development that places ethical considerations, public trust, and environmental sustainability at the forefront.

By prioritizing ethics, ESG impact, public trust, and long-term efficacy, this stream of research ensures that cyber security solutions are not only cutting-edge but also responsible, sustainable, and capable of safeguarding individuals, organizations, and societies in an ever-changing threat landscape. We consider the following themes as examples (not limited to these):

  • Ethical Considerations: In the rapidly evolving field of cyber security, it is crucial to develop innovative solutions that align with ethical principles. Responsible innovation ensures that technologies and practices are developed and deployed with a focus on protecting individual rights, privacy, and data security. This research theme helps mitigate potential ethical dilemmas and prevents the misuse of cyber security technologies for harmful purposes.
  • Public Trust and Confidence: Responsible and sustainable innovation in cyber security instills confidence and trust among the public and stakeholders. When individuals know that research and solutions prioritize their safety and well-being, they are more likely to embrace and adopt cyber security measures, thereby enhancing overall cyber resilience.
  • Environmental Impact: Sustainability in cyber security research addresses the ecological footprint of digital technologies. As the world increasingly relies on digital infrastructure, it is essential to develop eco-friendly solutions that reduce energy consumption and waste. Sustainable cyber security practices align with broader environmental goals, contributing to a greener and more environmentally conscious society.
  • Future-Proof Solutions: Responsible innovation looks beyond short-term gains and aims to develop long-lasting solutions that can adapt to future challenges. Cyber threats constantly evolve, and sustainable innovation ensures that cyber security solutions remain effective and relevant over time, providing continuous protection against emerging threats.
  • Regulatory Compliance: As governments and international bodies strengthen data protection and cyber security regulations, responsible innovation becomes a necessity. Research that adheres to ethical and sustainable practices is more likely to comply with existing and future regulations, reducing legal risks and liabilities.
  • Social Impact: Cyber security incidents can have far-reaching consequences, affecting not only individuals but also critical infrastructures and societies as a whole. Responsible innovation focuses on minimizing negative social impacts, fostering a safer and more resilient digital environment for everyone.
  • Preventing Technological Lock-in: Sustainable innovation encourages open and interoperable technologies. Avoiding proprietary and closed systems prevents technological lock-in, enabling the seamless integration of diverse cyber security solutions and fostering healthy competition among vendors.

Theme lead: Prof Marwa Elnahass

About us

Newcastle University founded its cyber security research initiative in 2010. We responded to increasing global cyber crime and the need for resilient systems. We became an Academic Centre of Excellence in Cyber Security Research (ACE-CSR) in 2013.

We pursue a holistic research vision in this area. We look at a wide range of applications, including:

  • protection of cyber systems supporting society
  • socio-technical aspects of cyber security

The NUCoRE in Cyber Security and Resilience includes members with a wide range of expertise across faculties. Core cyber security topics are also investigated in the group Secure and Resilience Systems (SRS) of the School of Computing.

alt = ""

Breadth of expertise

Our Centre builds on world-leading research in dependability and formal methods. It's underpinned by rigorous quantitative and evidence-based data. But we also incorporate research in social sciences, arts and culture, business and law.

This NUCoRE benefits from Newcastle's growing strength in data science. It collaborates with NUCoRE Data, the National Innovation Centre for Data and partners with the Alan Turing Institute.

Highlighted recent projects

Newcastle Cyber Security and Resilience hosts a number of exciting research projects:

  • PETRAS - investigating privacy, ethics, trust, reliability, acceptability and security of IoT devices, systems and networks

  • CASCAde - enabling the security assurance of evolving topologies, while preserving confidentiality
  • CRITiCaL and EMPHASIS - conceptualising cybercrime psychologically and criminologically, while pitting the strengths of machine learning against it
  • FinTrust - infusing trust in the growing FinTech industry, especially focusing on automation and machine learning algorithms
alt = ""

Facilities for fighting cyber crime

Cyber Security and Resilience benefits from a number of integrated, purpose-built labs and associated assets:

  • Cyber Security Incident Simulation Room - this lab aims at hosting ethical hacking and capture the flag exercises
  • Psycho-Physiological Measurement and Eye Tracking Lab - aims at complex experiments with precise, synchronized measurement of eye gaze, skin conductance, heart-rate variability, and human affect
  • Smart Building Lab - enables experiments on a well-controlled smart building environment including experiments on ethical hacking of such infrastructures under safe circumstances
 

Join us

We offer an opportunity to collaborate with colleagues across the University. You'll benefit from the rich tapestry of expertise.

Join us to connect to colleagues, for example, from:

  • computing
  • engineering
  • social sciences
  • law
  • arts and cultures
  • the business school

We have interest in cyber security and resilience in the widest sense. You are welcome, no matter whether you are a:

  • seasoned academic
  • early career researcher
  • research associate
  • PhD student

To join us, please contact our operations support, Angela Horend