The University of Cambridge has been recognized as an “Academic Centre of Excellence in Cyber Security Research” (ACE-CSR) by the UK Government.
The status is further acknowledgement of Cambridge’s long-standing record of world-class research in the field of cybersecurity, in particular within its Computer Laboratory, where there is a well-respected security research group.
In the broadest sense, “cybersecurity” is about protecting activity, assets and services on digital devices and networks from unauthorized interference or attack. In practice, it can mean anything from improving chip-and-pin technology in order to stop banking fraud, to securing government computer networks to prevent hostile attacks from other countries or criminal organisations.
The national scheme to identify British centres of excellence dedicated to cybersecurity is administered jointly by EPSRC (the Engineering and Physical Sciences Research Council), GCHQ (Government Communications Headquarters) and BIS (the Government's Department for Business, Innovation and Skills). Its aim is to strengthen the links between institutions that are carrying out vital research in this field, and organisations - such as businesses, or the Government itself - that could benefit directly from it.
The initiative also aims to identify technical gaps in UK cybersecurity research, so that they can be addressed by future projects.
Cambridge itself has been responsible for world-leading work on cybersecurity since before the word (or even the Internet) existed: It was at Cambridge, for example, that the use of a one-way function to protect the password file was first conceived and deployed in 1966.
The University’s current work touches on areas of great impact for society such as securing global infrastructure (banking security, smart card security, satellite navigation security, civil infrastructure security) and securing the building blocks of the digital world (operating system security, secure computer architectures, network protocol security, security of mobile devices). Other research addresses the fundamental problem of the interaction between people and computers – the intersection of security and psychology, overcoming the usability and security flaws of password authentication, modelling frauds and scams, protecting location privacy and privacy in social networks, and fighting online censorship.
Much of the University’s work in security research is carried out in close collaboration with commercial and industrial bodies, both in the UK and abroad, with a view to tackling real-life problems. Recent projects have, for example, focused on how to identify cybersecurity vulnerabilities in the computer systems that control major power plants; or on the protection of sensor networks that monitor potential damage to vital infrastructure like bridges and tunnels.
The entrepreneurial spirit of Cambridge academics and graduates has created hundreds of start-up companies, of which several deal with security. Xensource, founded by former Computer Lab staff, and whose Xen hypervisor now runs Amazon’s EC2 cloud (the world’s largest), was acquired by Citrix for $500m in 2007, while nCipher, a maker of cryptographic accelerators founded by a Computer Lab graduate, was bought by Thales for $100m in 2008. Cronto, co-founded by a Cambridge staff member, currently licenses its secure online banking device to major banks in Germany, Switzerland and Chile.
Faculty member Dr Frank Stajano, head of the Cambridge ACE-CSR and an expert in security and privacy based at the Computer Lab, said: “We believe cybersecurity is inherently a systems problem and must be addressed as such.”
“Our strongest asset as a cybersecurity research institution is our unique combination of depth and breadth. We offer a core of systems security expertise at the Computer Laboratory. Through the rest of the University, we have ready access to world-class domain experts from other disciplines. We are therefore uniquely placed to critically analyse and contribute to all aspects of the cybersecurity problem.”
“No other academic institution in the whole of Europe has the mix of skills, knowledge and creative people to do this as effectively as the University of Cambridge. We are committed to researching long-term solutions to the fundamental cybersecurity problems that will affect the society of tomorrow.”