EPSRC logo

Details of Grant 

EPSRC Reference: EP/R002983/1
Title: Customized and Adaptive approach for Optimal Cybersecurity Investment
Principal Investigator: Hankin, Professor C
Other Investigators:
Researcher Co-Investigators:
Project Partners:
Department: Institute for Security Science and Tech
Organisation: Imperial College London
Scheme: Standard Research
Starts: 01 November 2017 Ends: 31 August 2022 Value (£): 386,129
EPSRC Research Topic Classifications:
Fundamentals of Computing Human Communication in ICT
Networks & Distributed Systems Software Engineering
EPSRC Industrial Sector Classifications:
No relevance to Underpinning Sectors
Related Grants:
EP/R004897/1
Panel History:
Panel DatePanel NameOutcome
01 Jun 2017 EPSRC ICT Prioritisation Panel June 2017 Announced
Summary on Grant Application Form
The proposed research aims to help organisations to make better cybersecurity investments. For example is it better in a given organization to prioritise a policy of changing passwords over patching software regularly? And how frequently should passwords be changed? Should all employees scan for malware all USB sticks? The answers to these kind of questions largely depends on the type of organization and the specific threats it faces. For example while requiring employees to change passwords often may decrease the threat from some kind of attacks, it also imposes costs on the organization both in terms of help desk workload and employee productivity. Are these costs justified? it depends on the specific organization and the threats it faces.

There is no one size fits all solution in cybersecurity, hence a cybersecurity investment plan should start with an appropriate model of the organization and its threat profile. We will build such a model which will capture in a formal way important aspects of the socio-human-technical characters of the organization and its exposure to attacks.

This model will inform our decision support engine, which will evolve from our recent research using optimisation and game theory. In this project we will refine our existing decision support engine.

One of the planned refinements is about the possible threats faced: is the attacker someone just exploring the web for weak websites or a criminal targeting that specific organization or maybe an employee from a foreign intelligence agency? The mathematical modelling of these different attackers presents challenges. Other refinements are in terms of dealing with different ways security controls can be combined, for example how to measure the effectiveness of changing password and encryption in relation to an attacker who wants to steal data - do they combine additively (i.e. are independent)? or multiplicatively (i.e. are totally correlated)?

We also want our engine to be resilient, i.e. we want to give meaningful advice even if the data is not very precise, and we want it to be robust, i.e. it should provide security guarantees even when the data is not very precise.

We will enrich our decision support engine with adaptivity so that once deployed it is capable to adapt to changes in the organisation, the threat profile and the general societal environment. For example the investment advice should change if a major new attack has been reported (for example the Heartbleed and Shellshock vulnerabilities in 2014), or if a new more effective security control is available.

Our research will both provide theoretical and practical advances to these challenging issues. The practical advance will be in the form of prototype tools. We will measure our achievements via validation of these prototype tools. The validation will start by comparing our calculated investment strategy with expert advice and will evolve to larger case studies involving our partners and careful deployment in the field.
Key Findings
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Potential use in non-academic contexts
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Impacts
Description This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Summary
Date Materialised
Sectors submitted by the Researcher
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Project URL:  
Further Information:  
Organisation Website: http://www.imperial.ac.uk