INCS-CoE Expert Community Seminar: Security Challenges for Space Systems

Wednesday, December 11, 2024 12:00-13:30 pm London / 7:00-8:30 am EST / 9:00-10:30 pm JST

https://hal.zoom.us/j/93319719846?pwd=aevX5XbSfM9bVisDdTBS6sv00nIx3r.1

This seminar will be chaired by Prof Chris Hankin of Imperial College, Chair of INCS-CoE.
Speakers and themes are:

  • Ali Abbasi, CISPA Helmholtz Center for Information Security, Germany
  • Ioana Boureanu, University of Surrey, UK
  • Gregory Falco, Cornell University, US

Ali Abbasi, CISPA Helmholtz Center for Information Security, Germany

Ali Abbasi is a faculty at CISPA Helmholtz Center for Information Security, Saarbrücken, Germany. His research interests include embedded systems security, security of mission-critical real-time systems, and secure space and automotive systems. He leads the Embedded Security group at CISPA, which develops and implements new methods to protect embedded systems against various classes of attacks on both the hardware and firmware.

Securing the Skies: A Deep Dive into Space System Security

As satellites revolutionize global communication and Earth observation, their rapid growth has outpaced efforts to secure them. In this talk, we explore the evolving cybersecurity landscape of satellite systems, examining vulnerabilities from legacy design flaws to sophisticated attack vectors. We will specifically analyze the architecture of Low Earth Orbit (LEO) satellite subsystems, using case studies and demonstrations to reveal how weaknesses in components like COM and CDHS can be exploited. Beyond technical challenges, we examine the broader issues of insufficient security standards, limited access to satellite systems for researchers, and fragmented regulatory efforts.


Ioana Boureanu, University of Surrey, UK

Ioana Boureanu is Professor of Secure Systems at University of Surrey and Director of Surrey Centre for Cyber Security. Her research focuses on (automatic) analysis of security using mainly logic-based formalisms, as well as on provable security and applied cryptography. Before joining Surrey, she worked as a researcher and professor in Switzerland, as well as a cryptography consultant in industry. 

Formally Verifying the Newest Versions of the GNSS-centric TESLA Protocol

A recent version of the  Timed Efficient Stream Loss-Tolerant Authentication (TESLA) protocol was adopted as part of the Open Service Navigation Message Authentication (OSNMA) inside the Galileo  system , the European Global Satellite Navigation System (GNSS) Service, in 2024, but this has not been formally verified with computer-aided tools beforehand.  In this talk, we would look at how to formally verify these versions of the  Timed Efficient Stream Loss-Tolerant Authentication (TESLA) protocol, using symbolic/Dolev-Yao verification tools — looking to understand what the challenges and solutions are.


James Pavur, Department of State’s Office of the Special Envoy for Critical and Emerging Technology, US

James Pavur is a Senior Advisor and Presidential Innovation Fellow at the United States Department of State’s Office of the Special Envoy for Critical and Emerging Technology. In this role, he focuses on the technical dimensions of AI technologies and their relationship to foreign affairs. Previous roles include leading an infrastructure and security team at a digital engineering startup and working for the Pentagon’s Defense Digital Service and Chief Digital and Artificial Intelligence Office. He holds a DPhil from Oxford University’s Department of Computer Science, courtesy of a Rhodes Scholarship, where his research focused on space systems security. He also holds a Bachelor of Science in Foreign Service from Georgetown University’s Walsh School of Foreign Service. Beyond academia, James has delivered multiple briefings at the DEFCON and Blackhat hacking conferences and his research has been covered by several popular press outlets.

New Directions in Space Cyber

This talk will present several avenues for academic and applied security research in space that go beyond traditional communications topics. By viewing space missions holistically, we will identify promising sub-fields in the space security domain that have received relatively little research attention, such as space domain awareness and launch operations. The hope is to inspire those interested in security research to consider new avenues for the cyber defense of space missions.

 

INCS-CoE Expert Community Seminar: Security Challenges for Democratic Elections

Wednesday, September 11, 2024

Wednesday, 11 September 7:00-8:30 am US EDT / 12:00-1:30 pm UK / 1:00-2:30 pm CET /  2:00-3:30 pm Tel Aviv / 7:00-8:30 pm Perth / 8:00-9:30 pm Japan / 9:00-10:30 pm Canberra

This seminar will be chaired by Prof Chris Hankin of Imperial College, Chair of INCS-CoE.
Speakers and themes are:

  • Alan Sherman, CSEE Department, University of Maryland, Baltimore County (UMBC), US
  • Steve Schneider, School of Computer Science and Electronic Engineering, University of Surrey, UK
  • David Lazer, Political Science and Computer Sciences, Northeastern University, US
  • Yuasa Harumichi, Governance Studies, Meiji University, Japan

Alan Sherman, UMBC, US

Alan T. Sherman is a professor of computer science at the University of Maryland, Baltimore County (UMBC) in the CSEE Department.  He is also associate director of UMBC’s Cybersecurity Center and director of the UMBC Cyber Defense Lab.  His main research interest is high-integrity voting systems. He has carried out research in election systems, formal-methods analysis of cryptographic protocols, algorithm design, cryptanalysis, theoretical foundations for cryptography, applications of cryptography, cloud forensics, and cybersecurity education. He is PI on two UMBC NSF-funded projects: EPIC—to study and improve how the US Navy and Army Military Academies teach cybersecurity, and SFS—to recruit and educate BS, MS, and PhD cybersecurity students to serve government. Previously, he served as PI on UMBC’s NSF-funded CATS project (collaborative with the Universities of Illinois and Minnesota Duluth), which developed two concept inventories (CCI, CCA) for cybersecurity. Resulting work won best research paper at ACM SIGSCE 2023. Dr. Sherman is also a private consultant performing security analyses and serving as an expert witness.  Sherman earned the PhD degree in computer science at MIT in 1987 studying under Ronald L. Rivest. https://www.csee.umbc.edu/people/faculty/alan-t-sherman/

VoteXX: Extreme Coercion Resistance

Joint work with D. Chaum, R. Carback, J. Clark, M. Nejadgholi, B. Preneel, M. Yaksetig, F. Zagorski, B. Zhang, Z. Yin

We solve a long-standing challenge to the integrity of votes cast without the supervision of a voting booth: “improper influence,” which we define as any combination of vote buying and voter coercion. In comparison with previous proposals, our system is the first in the literature to protect against a strong adversary who learns all the voter’s keys—we call this property “extreme coercion resistance.” When keys are stolen, each voter, or their trusted agents (which we call “hedgehogs”), may “nullify‘” (effectively cancel) their vote in a way that is unstoppable and irrevocable, and such that the nullification action is forever unattributable to that voter or their hedgehog(s). We demonstrate the security of our VoteXX system in the universal composability model.

In comparison with previous proposals, our system offers some protection against even the strongest adversary who learns all keys. Other coercion-resistant protocols either do not address these attacks, place strong limitations on adversarial abilities, or rely on fully trusted parties to assist voters with their keys.

Reference

“VoteXX: A Solution to Improper Influence in Voter-Verifiable Elections (extended abstract),”

Proceedings of E-VOTE-ID 2022, University of Tartu Press (October 2022).


Steve Schneider, University of Surrey, UK

Steve Schneider is a professor of Computer Science at the University of Surrey, UK, in the School of Computer Science and Electronic Engineering.  He is Director of the Computer Science Research Centre in the School, and was founding Director of the Surrey Centre for Cyber Security, an Academic Centre of Excellence in Cyber Security Research and Cyber Security Education recognised by the UK National Cyber Security Centre.  A principal research interest is in Verifiable Electronic Voting Systems.  He was one of the proposers (with Peter Y. A. Ryan and David Chaum) of the Pret a Voter voting system in 2005, and led its adaptation to a deployment (as vVote) in the 2014 Victorian State Election, Australia.  He has also served as chair of the Working Group on Electronic Voting for the Institution of Engineering and Technology (IET).  Other research interests include formal methods, concurrency theory, security verification, privacy, and digital identity.  He obtained his PhD in Computer Science from Oxford University in 1989. https://www.surrey.ac.uk/people/steve-schneider

Verifiable Voting in the Wild

Verifiability in Electronic Voting Systems is an approach to enabling checking of the election result independently of the system used to capture and process the votes. There have been numerous proposals in the literature for electronic voting systems designed to include verifiability, generally underpinned by cryptographic mechanisms.  These typically enable voters to confirm that their vote has been captured as cast, and enable observers (including the voters themselves) to verify that the votes have been counted and tallied correctly from the cast votes.  The need to simultaneously ensure other requirements such as ballot privacy and coercion-resistance leads to voting ceremonies that can be intricate and place an additional burden on voters.

This talk will describe the trial deployment of two such systems in the wild: the vVote polling place system based around Pret a Voter; and the VMV (Verify My Vote) internet voting system based around Selene.  We will discuss voters’ reactions to the systems in terms of their usability and comprehensibility, and consider the implications for verifiability and associated protocols in practice.


David Lazer, Northeastern University, US

David Lazer is University Distinguished Professor of Political Science and Computer Sciences, Northeastern University, faculty fellow at the Institute for Quantitative Social Science at Harvard, and elected fellow of the National Academy of Public Administration. He has published prominent work on computational social science, misinformation, democratic deliberation, collective intelligence, and algorithmic auditing, across a wide range of prominent journals such as ScienceNatureProceedings of the National Academy of Science, and the American Political Science Review. His research has received extensive coverage in the media, including the New York TimesNPR, the Washington Post, and the Wall Street Journal.  He is a co-leader and co-founder of the COVID States Project, one of the leading efforts to understand the social and political dimensions of the pandemic in the United States; as well as the National Internet Observatory. Dr. Lazer has served in multiple leadership and editorial positions, including on the Standing Committee on Advancing Science Communication for the National Academies, the International Society for Computational Social Science, the International Network for Social Network Analysis, Social NetworksNetwork Science, and Science.

Misinformation, misperceptions, and the 2024 election

This talk will evaluate the potential threats to the 2024 election. The information environment has continued to rapidly change, and with those changes come new potential vulnerabilities to the integrity of the 2024 election. This talk will examine lessons from the 2016 and 2020 elections, as well as examine some early findings regarding misinformation in the aftermath of the assassination attempt of Donald Trump.


Yuasa Harumichi, Meiji University, Japan

Yuasa Harumichi is Professor, Graduate School of Governance Studies, and Senior Staff to Office of the President, Meiji University.  He is focusing on legal, administrative, and political aspects of internet and information society including protecting privacy and personal information, administrative information handling and disclosure, regulation of cyber security and defense activities, internet election campaign and e-voting. He is also serving as Committee Member, Cabinet, National Center of Incident readiness and Strategy for Cyber Security (NISC), Sub-Working Group for Research and Examination of Cyber Security-Related Laws and Regulations, Research Fellow, Ministry of Internal Affairs and Communications, Information and Communications Policy Research Institute, and Committee Member, Ministry of Internal Affairs and Communications, Standardization Study Group for Electoral List Management System, etc.

Overseas voting reform in Japan

Overseas voting is an important system for guaranteeing the voting rights of citizens living abroad. However, in Japan, only postal voting or voting at an embassy is permitted. The COVID-19 pandemic has caused problems such as delays to postal voting and the inability to visit embassies due to lockdowns. A method has been proposed in which voters living abroad can vote via the internet using their My Number card. In addition, we will introduce some of the problems in Japan related to elections and the internet.

INCS-CoE Expert Community Seminar: Security Challenges of Next Generation Energy Distribution Networks

Wednesday, June 5, 2024

7:00-8:30 am US EDT / 12:00-1:30 pm London / 1:00-2:30 pm CET / 2:00-3:30 pm Tel Aviv / 7:00-8:30 pm Perth / 8:00-9:30 pm Japan / 9:00-10:30 pm Canberra

This seminar will be chaired by Prof Chris Hankin of Imperial College, Chair of INCS-CoE
Speakers and themes are:

  • Dirceu Cavendish, Kyushu University, Japan: Electric Vehicle Authentication and Secure Metering in Smart Grids
  • Ali Mehrizi-Sani, Virginia Tech, USA: Renewables and Cybersecurity: Friends or Foes?
  • Fei Teng, Imperial College London, UK: Cyber Resiliency of Digitalized Power Grids – Keep the Lights on!

Dirceu Cavendish, Kyushu Institute of Technology, Japan

Bio: Dirceu Cavendish received his bachelor degree in Electronics from Federal University of Pernambuco, Brazil in 1986. He spent five years as a telecommunications engineer in the Business Communications Division of Philips. He received his M. S. in Computer Science from Kyushu Institute of Technology, Japan, in 1994, and his Ph. D. from Computer Science Department-UCLA in 1998. From 1998 to 2006, Dr. Cavendish conducted research in Optical Transport Networks, IP, and Ethernet technologies at NEC Labs America. Since 2007, Dr. Cavendish has been part of the Faculty Staff of Kyushu Institute of Technology. His current research interests include LEO satellite networks, security of medical systems and electrical grids.

Electric Vehicle Authentication and Secure Metering in Smart Grids
Electric vehicles have been recently produced at a very aggressive pace as a way to curb carbon emissions in the 21st century. Public utility companies are rushing to provide electric vehicle charging station infrastructure needed to serve a rapidly growing fleet of EV users in various countries around the world. Equipped with smart meters, charging stations must check vehicle’s characteristics prior to charging, as well as securely report charging data back to public utility companies. In this talk, we propose to leverage an Authentication and Key Agreement protocol used in cellular networks into an electric vehicle authentication and secure metering framework. Starting with a vehicle Subscriber Identification Module, we show how generic vehicle services can be securely provided, including mutual authentication, key agreement, and key management issues.


Ali Mehrizi-Sani, Virginia Tech, USA

Bio: Ali Mehrizi-Sani received the Ph.D. degree in electrical engineering from the University of Toronto in 2011. He is currently an Associate Professor with Virginia Tech. He is a Senior Editor for IEEE Transactions on Energy Conversion and is or has been on the editorial board of IEEE Transactions on Power Delivery, IEEE Transactions on Power Systems, IEEE Power Engineering Letters, and IET Generation, Transmission and Distribution. Among his recognitions are the 2018 IEEE PES Outstanding Young Engineer Award and the 2017 IEEE Mac E. Van Valkenburg Early Career Teaching Award. He has over 180 refereed publications.

Renewables and Cybersecurity: Friends or Foes?
Power system is a critical infrastructure whose geographical expanse and pervasive use of information and communication technologies (ICT) make it an attractive target for cyberattacks. Increasing integration of renewables, especially through grid-forming (GFM) inverters, exacerbates this challenge. Compared with other modes of operation, GFM inverters can support a wider host of functionalities leading to a more pronounced impact on the system performance. This complicates the design of their cybersecurity detection and mitigation algorithms as attackers can compromise GFM inverters through different attack types, circumventing the existing cybersecurity approaches that are largely designed for one specific attack type. This talk discusses, at a high level, our work to address this gap via a diverse set of detection and mitigation methods. Specifically, this talk will share our work on physics-informed machine learning—based cybersecurity of control and power sharing algorithms for renewable generation units. This approach is validated using offline and real-time simulation studies on standard test power systems as well as on our digital twin representing the Virginia Tech-owned utility, VTES. At the end, this talk also discusses how the twin problems of the design of the control system and the design its cybersecurity algorithms can be considered as one simultaneous problem.


Fei Teng, Imperial College London, UK

Bio: Fei Teng is the Director of Education at Energy Futures Lab, a pan-university hub promoting inter-disciplinary research in energy, and a Senior Lecturer in the Department of Electrical and Electronic Engineering at Imperial College London. He holds visiting positions at MINES Paris, France, PolyU, Hong Kong and KTH, Sweden. His research primarily focuses on the interplay of energy and digital technologies. He is a leading researcher in software-defined power grids and the cyber resiliency of digitalized power grids.

Cyber Resiliency of Digitalized Power Grids – Keep the Lights on!
The digitalization of the power grid is one of the key components to support a cost-effective transition toward “Net-zero”. However, the increasing cyber-physical dependency causes potential vulnerabilities against cyberattacks that may lead to catastrophic damage to the power grid. It is hence critical to understand such vulnerabilities and develop capabilities to maintain safe operations under those attacks. This talk will present the cyber-resiliency framework and our recent research on cyberattack mitigation and recovery strategies for digitalized power grids.

INCS-CoE Expert Community Seminar on Security of Healthcare Systems

 

Tuesday, March 26, 2024

8:00-9:00 am US EDT // 12:00 noon-1:00 pm London GMT // 1:00-2:00 pm EU CET // 2:00-3:00 Tel Aviv IST // 9:00-10:00 pm Tokyo JST // 11:00 pm-12:00 Melbourne AEDT

This seminar is moderated by Prof Chris Hankin, Imperial College London, Current Chair of INCS-CoE, with the three (3) speakers:

 

Professor Emil Lupu (Imperial College London): Healthcare Cyber Security – Conundrums and Opportunities

Emil Lupu is Professor of Computer Systems in the Department of Computing at Imperial College London, where he leads the Resilient Information Systems Security Group (rissgroup.org) and a Security Science Fellow with Imperial’s Institute for Security Science and Technology. He has made numerous contributions in computer security, network and systems management, IoT systems and software engineering. His current research interests are focused on the security and resilience of cyber-physical systems to both systems and data spoofing attacks and their ability to continue to operate even when they have been partially compromised.

 

Professor Kevin Fu (Northeastern University): Medical device cybersecurity

Kevin Fu is Professor of Electrical & Computer Engineering, the Khoury College of Computer Sciences, and Bioengineering at Northeastern University in Boston. His research lab focuses on analog cybersecurity—how to model and defend against threats to the physics of computation and sensing. His research led to a decade of revolutionary improvements at medical device manufacturers, global regulators, and international healthcare safety standards bodies. He published widely on medical device security, healthcare ransomware, automobile cybersecurity, RFID security and privacy, secure content distribution, and web security. He served as the inaugural Acting Director of Medical Device Cybersecurity at U.S. FDA’s Center for Devices and Radiological Health (CDRH) and Program Director for Cybersecurity at the Digital Health Center of Excellence (DHCoE).

John Wandelt (Georgia Tech): Trust in Healthcare Systems

John Wandelt is a Georgia Tech Research Institute Research Fellow and Division Chief for the Trusted Interoperable Systems & Architectures (TISA) Division. He has demonstrated consistent performance in making original and innovative contributions that are widely recognized. Nationally, his vision and leadership has played a significant role in shaping the standards, technologies, architectures, and commercial products that enable secure sharing of information for the justice, public safety, defense, health, and intelligence communities. His work has attracted attention from federal and state government agencies, national standards committees, commercial vendors, and academic institutions. Today the information sharing standards and products developed by him and his team of researchers enjoys national adoption at the federal, state, and local levels and has been implemented in a wide range of commercial products. Most recently he is spearheading the technical vision and implementation for Georgia’s Medicaid Enterprise System Transformation (MEST). This is a highly visible and critical program to the health infrastructure and ecosystem in the state of Georgia with expenditures in the hundreds of millions of dollars and impact to millions of citizens.

INCS-CoE Expert Community Seminar – Cybersecurity Issues in Transportation

Tuesday, November 28, 2023

8:00 am – 9:00 am EST

Hosted by Dr. Karl V. Steiner, Vice President for Research & Creative Achievement, UMBC, USA.

GraphCAN: Graph-Based Controller Area Network Security

Dr. Riadul Islam, Assistant Professor, Computer Science & Electrical Engineering, UMBC, Baltimore, MD, USA.

Abstract: Vulnerabilities and security threats associated with the widely adopted vehicular Controller Area Network (CAN) will be examined. Novel techniques for the creation of graphs from CAN data will be introduced. Subsequently, various methods, encompassing statistical analyses, machine learning algorithms, and graph neural network approaches, will be presented as potential means to enhance the security of CAN networks. Furthermore, the challenges related to processing extensive sensor data within a stringent timing budget will be addressed, emphasizing the significance of implementing intrusion detection algorithms on edge devices with a focus on cost-effectiveness.

Advancing Cyber-Resilience in the Age of Autonomous Vehicles

Dr. Rolando Martins, Assistant Professor, Computer Science, University of Porto, Portugal.

Abstract: The adoption of autonomous vehicles requires shifting cyber-physical infrastructures. They are high-value targets, and while Zero Trust is vital, it is insufficient against modern cyber threats. The traditional firewall-based “fortress” approach falls short against advanced adversaries. This situation has reignited interest in Intrusion Tolerance, underutilized since the ‘90s due to its complexity. We will showcase work at the UP Cybersecurity and Privacy Centre (C3P)’s on cybersecurity, focusing on autonomous vehicles.

From Skyjacking to Carjacking: Challenges and Opportunities in Securing Modern Navigation Technologies

Dr. Aanjhan Ranganathan, Assistant Professor, Khoury College of Computer Sciences, Northeastern University, Boston, MA, USA.

Abstract: Modern transportation systems rely heavily on accurate positioning and navigation technologies, which have become increasingly vulnerable to security threats. In this talk, we will explore the security challenges associated with secure positioning and navigation in modern vehicles, including the impact of GPS spoofing on unmanned aerial vehicles (UAVs) and the security problems of instrument landing systems used in aviation as one of the primary means of navigation aid for landing. We will also discuss the security problems of automotive radar, where we will show how easily radio frequency radar signals can be manipulated to fake distances and velocities, compromising the safety of the vehicle and passengers. We will see how even with cryptographic primitives, the challenges to securing positioning, navigation, and timing technologies is no trivial task. The talk will aim to highlight the fundamental limits that exist in securing current technologies and a call for designing secure alternatives.

INCS-CoE Expert Community Seminar – The Growing Role of AI in Cybersecurity

Thursday, September 7, 2023

8:00 am – 9:00 am EDT / 13:00 London / 21:00 Tokyo

The seminar will showcase presentations by experts in the areas of Cybersecurity & AI

The weblink link will be provided soon.

Hosted by Dr. Karl V. Steiner, Vice President for Research & Creative Achievement, UMBC

Optimizing vulnerability triage in DAST with deep learning

Dr. Paul Miller, Queens University Belfast, U.K. – Interim Director of the Global Innovation Institute (GII) and Deputy Director of the Centre for Secure Information Technologies (CSIT) at QUB.

Abstract: False positives generated by vulnerability scanners are an industry-wide challenge in web application security. We present a novel multi-view deep learning architecture to optimise Dynamic Application Security Testing (DAST) vulnerability triage, with task-specific design decisions exploiting the structure of traffic exchanges between our rules-based DAST scanner and a given web app. Leveraging convolutional neural networks, natural language processing and word embeddings, our model learns separate yet complementary internal feature representations of these exchanges before fusing them together to make a prediction of a verified vulnerability or a false positive. Given the amount of time and cognitive effort required to manually review high volumes of DAST results correctly, the addition of this deep learning capability to a rules-based scanner creates a hybrid system that enables expert analysts to rank scan results, deprioritise false positives and concentrate on likely real vulnerabilities. This improves productivity and reduces remediation time, resulting in stronger security postures.

Evaluating what generative AI systems know about cybersecurity

Dr. Tim Finin, UMBC, USA – Willard and Lillian Hackerman Chair in Engineering and a Computer Science and Electrical Engineering Professor at UMBC.

Abstract: The public release of OpenAI’s ChatGPT system eight months ago signaled an inflection point for AI technology and its applications. While these AI systems have well-known shortcomings, they have the potential to help in many ways. After describing the technology, I will report on a recent evaluation of OpenAI’s ChatGPT and Google’s Bard ability to solve cybersecurity problems using two datasets designed to test students’ knowledge: the Cybersecurity Concept Inventory (CCI) and the Cybersecurity Curriculum Assessment (CCA). The CCA results will be compared with those from a recent evaluation of 193 students from seven colleges and universities. Spoiler: one of the AI systems performed surprisingly well.

The use of machine learning algorithms in hardware security

Dr. Avi Mendelson, Technion, Israel – Professor in the CS and EE Departments, and a member of the Technion Computer Engineering center.

Abstract: Machine learning is widely used these days to help expose Hardware Security vulnerabilities and serve as another attack vector.  The talk will provide a brief introduction to some of the machine-learning technologies, followed by a few unique examples, such as (1) the use of machine-learning algorithms to assist side-channel attacks and (2) The use Graph Neural Networks (GNN) to locate potential location within a chip that may contain Hardware Trojan horses.

INCS-CoE Expert Community Seminar – Cybercrime and Ransomware (May 31, 2023)

8:00 am EST / 13:00 London / 21:00 Tokyo

This seminar will showcase three presentations from experts in the area of cybercrime and ransomware.

Speaker: Dr Jason Nurse

Title: Cyber insurance and ransomware

Bio: Dr Jason R. C. Nurse is an Associate Professor in Cyber Security in the Institute of Cyber Security for Society (iCSS) & School of Computing at the University of Kent, UK. He also holds the roles of Visiting Fellow in Defence & Security at Cranfield University, UK, and Associate Fellow at the Royal United Services Institute for Defence and Security Studies (RUSI). He received his PhD from the University of Warwick, UK. His research interests include cyber insurance and ransomware, security risk management, corporate communications and cyber security, cyber resilience, and security culture. Jason was selected as a Rising Star for his research into cybersecurity, as a part of the UK’s Engineering and Physical Sciences Research Council’s Recognising Inspirational Scientists and Engineers (RISE) awards campaign. Dr Nurse has published over 100 peer-reviewed articles in internationally recognised security journals and conferences, and he is a professional member of the British Computing Society.

Related work: https://www.sciencedirect.com/science/article/pii/S016740482300072X
Presentation slides: INCS-CoE-2023-Jason-Nurse

_____________________________________

Speaker: Dr Maria Bada

Title: Improving resilience to ransomware

Bio: Dr Maria Bada is a Lecturer at Queen Mary University in London. Maria is a behavioural scientist, and her work focuses on the human aspects of cybersecurity and cybercrime. Her research looks at the effectiveness of cybersecurity awareness campaigns. She has collaborated with government, law enforcement and private sector organisations to assess national level cybersecurity capacity and develop interventions to enhance resilience. She has also supported National Cyber Security Strategy development for the UK and governments in Europe, Africa, Asia and Latin America. She is a member of the National Risk Assessment (NRA) Behavioural Science Expert Group in the UK, working on the social and psychological impact of cyber-attacks on members of the public.

Related work:
https://bpb-eu-w2.wpmucdn.com/blogs.bristol.ac.uk/dist/3/939/files/2022/02/RISCS-Ransomware-workshop-report_Feb2022.pdf
https://assets.kpmg.com/content/dam/kpmg/uk/pdf/2022/11/improving-resilience-to-ransomware.pdf
https://riscs.org.uk/research/research-themes/cybercrime/
Presentation slides: INCS-CoE-2023-Maria_Bada

_____________________________________

Speaker: Dr Darren Hurley-Smith

Title: Game Theoretic Analysis of Ransomware: Identifying and Mitigating Motivators to Pay

Bio: Dr Darren Hurley-Smith is a Senior Lecturer in Information Security, in the Information Security Group of Royal Holloway University of London. Darren has been involved in Ransomware research since 2016, where he worked as PDRA on the RAMSES Horizon 2020 project until 2020. He has authored papers in the area of game theoretic modelling of ransomware and ransomware targeting blockchain and web3 services. A substantial portion of his current research focuses on identify opportunities for extortion in next-generation vehicular networks. His research interests include the analysis of novel ransomware strategies, Systems Security, statistical testing of Random Number Generators, and Mobile Ad Hoc Network Security. He also has a keen interest in investigating moving target defence, and cyber-security related to cloud-implemented services.

Related work:
https://link.springer.com/chapter/10.1007/978-3-031-16035-6_9
https://ramses2020.eu/wp-content/uploads/sites/3/2019/09/D4.4-Optimal-model-system.pdf
https://ramses2020.eu/wp-content/uploads/sites/3/2016/09/D4.1-Findings-on-economic-modelling-of-malware-as-a-business-model.pdf
Presentation slides: INCS-CoE-2023-Darren_Hurley-Smith

INCS-CoE Expert Community Seminar – IT and OT (March 30, 2023)

The seminar will showcase three presentations from experts in the area of cybersecurity in operational technology.

7:00-7:20 am EST / 12:00-12:20 London / 20:00-20:20 Tokyo

Title: Cyber Security and Critical Infrastructure Systems

Speaker: Prof. Chris Hankin, Security Science Fellow, Institute for Security Science and Technology, Imperial College London
c.hankin (at) imperial.ac.uk

Bio: Prof. Hankin joined Imperial College London in 1984 and was promoted to Professor of Computing Science in 1995. His research is in cyber security, data analytics and theoretical computer science. He leads multidisciplinary projects focused on providing better decision support to defend against cyber-attacks for both enterprise systems and industrial control systems.  He is Director of the UK Research Institute on Trustworthy Inter-connected Cyber-physical Systems (RITICS) which focuses on cyber security of critical infrastructure. He is a Board Member for the International Cyber Security Centre of Excellence (INCS-CoE). He is a past chair of the Association for Computing Machinery (ACM) Europe Council.  He chairs the ACM Europe Technology Policy Committee.

7:20-7:40 am EST / 12:20-12:40 London / 20:20-20:40 Tokyo

Title: Autonomic Resilient cyber-physical Systems

Speaker: Prof. Kiriakos Kiriakidis, Professor of Estimation and Control Dept. of Weapons, Robotics, and Control Engineering, US Naval Academy, Annapolis
kiriakid (at) usna.edu

Bio: Kiriakos Kiriakidis was born in Greece.  He received the Diploma in mechanical engineering (1990) from the National Technical University of Athens, Greece, and the M.S. (1993) and Ph.D. (1996) degrees, also in mechanical engineering, from Polytechnic Institute of NYU, Brooklyn, New York.  Since 1996, he has been on the faculty of the United States Naval Academy, Annapolis, MD, where he is Professor of Estimation and Control.  He served as Department Chair from 2010 to 2015.  Dr. Kiriakidis is a member of Institute of Electrical and Electronics Engineers, the American Society of Mechanical Engineers, and Technical Chamber of Greece.

7:40-8:00 am EST / 12:40-13:00 London / 20:40-21:00 Tokyo

Title: Operational Technology Cyber range at UMBC- Systems and Applications

Speaker: Prof. Nilanjan Banerjee, Professor of Computer Science and Electrical Engineering, University of Maryland Baltimore County, Associate Director of Cybersecurity in Manufacturing.
nilanb (at) umbc.edu

Bio: Nilanjan Banerjee is a Professor at University of Maryland, Baltimore County. He is also an Associate Director of Cybersecurity in Manufacturing at UMBC. He is an expert in mobile and sensor systems with focus on designing end-to-end cyber-physical systems with applications to physical rehabilitation, physiological monitoring, and home energy management systems. He is also an expert in cybersecurity for embedded and cyber-physical systems. Presently his research focuses on two broad areas: (1) Wearable Sensing and Analytics for Physiological Sensing; and (2) Cybersecurity for Manufacturing and Supply Chain Management. His research is funded by the National Science Foundation, National Institutes of Health, Office of Naval Research, Army Research Lab, Microsoft, Department of Defense, and the Technology Development Corporation.

Maritime security is vitally important to safeguard shipping and supply chains throughout the world. It presents a truly international challenge, given the growing frequency and sophistication of attacks against maritime infrastructure, both on the sea and on land.
The general aim of the seminar is to help stimulate further INCS-CoE involvement through research, training and/or advisory activities.
The seminar takes place on Monday the 5th of December 2022, at 08:00-09:00 US EST, 13:00-14:00 UK, 22:00-23:00 Japan, online.

The Speakers:

Andy Powell, CISO Maersk. Andy Powell is Chief Information Security Officer (CISO) at A P Moller- Maersk. He joined Maersk in May 2018 from Capgemini where he spent two and half years as Vice President for the UK Cybersecurity business selling, delivering, and running Cybersecurity solutions for over 70 Clients particularly in the Energy and Utility sectors. This ranged from CISO consultancy services to running SOC Services. Prior to this he was General Manager for Cybersecurity at CSC for two years covering UK, Ireland, Netherlands, and Israel. He spent the first 28 years of his career in the Royal Air Force retiring as an Air Commodore (1*) in Dec 2013. In his last three senior roles he was Assistant Chief of Staff (ACOS) A6 for the Royal Air Force, ACOS J6 for joint operations in Iraq/Afghanistan and Libya, and headed Service and Cyber Defence Operations for the UK Ministry of Defence at Information Systems and Services (ISS).

Rory Hopcraft, Research Fellow at the University of Plymouth. He is currently working on the EU Horizon 2020 CyberMAR Project. Prior to this his PhD was within the Centre of Doctoral Training in Cyber Security at Royal Holloway University, focusing on regulatory aspects of maritime cyber security. His current focus is on the skills and training needed by the digital seafarer. He enjoys adopting an inter-disciplinary approach to his work, and exploring new topics and themes, these include, maritime security, piracy, environmental protection, sustainability and critical infrastructure protection.

Mark Sutcliffe, MICS, Director Maritime Safety and Security Alliance CIC. After six years as an Officer in the British Army with the Royal Hussars, Mark spent two years working on the docks of Hartlepool and Bristol starting off as a tally clerk, a very effective shop floor grounding into the world of maritime. 22 years followed in the role of business development with global blue chip shipping companies, Gearbulk, GAC and Wilhelmsen, during which time he was invited to join the board of Wilhelmsen Lines Car Carries in Southampton. Since then, Mark has focused on developing online membership only platforms to enable security officers throughout the world to work as one, sharing ideas and information to better combat organised maritime crime. Mark is a member of the Institute of Chartered Shipbrokers.

The last few years have seen a significant convergence between Information Technology (IT) and Operational Technology (OT), which controls much of our industrial and critical national infrastructure. This convergence is being accelerated by the rapid growth in the Internet of Things (IoT). Blurring boundaries between IT, OT and IoT are increasing the need for more integrated, collaborative cyber security strategies. The International Cyber Security Center of Excellence (INCS-CoE) plans to pursue collaboration aimed at designing new integrated strategies that combine IT, OT and IoT security efforts and to maximize use of existing and novel cyber security resources.

This paper briefly reviews current activities in the UK, US and Japan in the OT security and IoT spaces.
We identify three main areas for potential collaboration:

1. Supply Chain Security

2. Sharing of Testbed Facilities

3. Sharing of datasets

by UMBC, Kyushu University, Northeastern University, Keio University.

At Inamori Center Hall, Kyushu University, Kyushu

– Current Issues and On-going Activities of Super-Aging Society

– Super-Aging Society: Gerontology ad Social Study Perspective

– IT for Super-Aging Society Perspective

– Research Strategy:

– Comparative Study

– Natural Human-Smart IoT Interaction Design

            – Security and Privacy of Smart IoT for Super-Aging

            – Context Recognition, Understanding and Exploitation