Blog posts

What does artificial intelligence mean for cyber security? Prof Chris Hankin speaks to the House of Lords Select Committee.

Cyber attacks are considered one of the major threats for national security by the UK government. Artificial intelligence is considered to be a technology with major potential benefit. But what happens when these two worlds combine?

That’s exactly what the House of Lords Select Committee on Artificial Intelligence wanted to know. To find out more, they recently called in Professor Chris Hankin, Co-Director of the Institute for Security Science and Technology, to provide the panel with professional insight.

Below is a cut and edited summary of the evidence session. Some of the questions included have been rephrased. You can watch the full session online here.

Can we trust cyber-physical systems?

A post by Professor Emil Lupu, Associate Director of the ISST and Director of the Academic Centre of Excellence in Cyber Security Research.

It’s often reported that we can expect 30 billion IoT devices in the world by 2020, creating webs of cyber-physical systems that combine the digital, physical and human dimensions.

In the not too distant future, an autonomous car will zip you through the ‘smart’ city, conversing with the nearby vehicles and infrastructure to adapt its route and speed. As you sit in the back seat, tiny medical devices might measure your vitals and send updates to your doctor for your upcoming appointment.

The Security of Driverless Cars

A post by Dr Deeph Chana, Deputy Director for the Institute for Security Science and Technology. This blog first appeared as an opinion piece on GATEway project website, 19 September 2017. 

Image copyright Frank Derks under CC-CC-BY-2.0

The opportunities that driverless vehicles present are undoubtedly profound. None more so than the emergence of multi-modal transport services (trains, planes, automobiles … and boats) that will intelligently cooperate to take us from A to B without any human intervention.

Replacing the old biological controllers — namely us — the autonomous vehicle will excel in everything from energy efficiency to just being safe.

How the Internet of Things poses fresh risks to public sector systems

A post by Professor Chris Hankin, Director ISST. This blog originally appeared on publictechnology.net published 19.06.2017.

With the cyber threat shifting its focus to sabotage rather than data theft, many of the defences deployed by public sector organisations will have to be adapted for the new world.

Information security policies are commonly guided by the CIA triad of confidentiality, integrity and availability. Many of the big security stories in the media relate to confidentiality, where data theft, for example, affects both individuals (eg. personal banking data) but also has a huge economic impact as a result of industrial espionage.

Integrity, or rather its loss, is most evident in the hijacking of websites by “hacktivists” seeking to deface content or replace it with political messages, but can also be associated with data, such as environmental monitoring, stock market trading or consumer price indices.

The Role of Distributed Ledgers in Securing Urban Infrastructure

A post by Dr Cathy Mulligan (Imperial College), Tony Kenyon (Guardtime) and Kacper Zylka (Imperial College).

Imperial College’s Blockchain research group (IC3RE) together with Guardtime have been investigating how distributed ledger technology – aka Blockchain – can be used to secure digitally-enabled critical infrastructure. Together they are providing an early warning system that embedded sensors have been compromised.

Cities around the globe are under increasing pressure to deliver high quality services to a growing number of citizens. Digital technology is being adopted – in what is sometimes called the ‘smart-city’ – to better manage assets, and deepen understanding of key services like waste, water, power and transport.

How we can secure critical infrastructure against zero-day hacks

A post by Dr Tingting Li, Research Associate at the Institute for Security Science & Technology.

As detailed in the recent Alex Gibney documentary Zero Days: Nuclear Cyber Sabotage, the Stuxnet worm caused havoc in an Iranian nuclear facility by exploiting unknown – and hence unprotected – weaknesses in the computer control system; so called zero-day weaknesses.

At Imperial ISST we’ve shown that the risk of a cyber-attack like Stuxnet being successful can be reduced by strategically defending the known weaknesses. We can model the relative risks in the system without foreknowledge of potential zero-day weaknesses, and maximise security by focusing defences on higher impact risks.

Worms, birds and insects inspire the robots of the future

A post by Dr Silvia Ardila-Jiménez, Post-doctoral Research Associate, Imperial College London

The development of autonomous systems is one of the technology trends driving the fourth industrial revolution. Autonomous systems in transportation are perhaps the most widely talked about, but beyond this we’re already seeing systems deployed in sectors like environmental monitoring and agriculture.

The range of potential applications is huge: search and rescue, border surveillance, construction, energy, health, sports and recreation, agriculture, and food and water security to name a few. And whilst advances in this area are vast – fueled by machine learning, data science, robotics etc. – no man-made system can perform at the level of living organisms.

The interaction between safety and security

A post by Professor Chris Hankin, Director ISST

Increasing digitization has led to convergence between IT (Information Technology) used in offices and mobile devices, and OT (Operational Technology) that controls devices used in critical infrastructure and industrial control systems. The IoT (Internet of Things) is also rapidly growing, with around 10 billion devices today.

These trends raise concerns about the interaction between safety and security. The reality of the threat has been highlighted in national news coverage, from cyber security vulnerabilities being exploited to compromise vehicle safety, to denial of service attacks launched from consumer devices.

Discussions are sometimes hampered by the lack of clear definitions of the concepts.

The origin of threat assessment

A post by Helen Greenhough, PhD Research Student, Imperial College, Dept of Computing

As an analyst in the defense sector, the adage of threat = capability x intent was widely accepted.   But where did it come from?

In the course of my research I was pleased to come across what appears to be the original source of this equation in J. David Singer’s 1958 paper ‘Threat Perception and Armament-Tension Dilemma’ and was originally:   ‘Threat-Perception = Estimated Capability x Estimated Intent’ [p94, Singer, J. 1958].   This quasi-formula  posits that the perception of a threat can be reduced to zero by either reducing military capability or military intent.  In the context of Springer’s paper the equation was part of a discussion on a Cold-War disarmament strategy  concluding that weapons, rather than being dismantled or re-purposed, should be transferred to the custody of the UN.   Ultimately the Cold-War threat equation was reduced to zero not by removal of estimated capability but through the fall of the Soviet Union – the removal of intent.

Security of Industrial Control Systems

A post by Professor Chris Hankin, Director ISST

Operational Technology (OT), as distinct from Information Technology (IT), refers to the hardware and software that controls an industrial process.  Despite increasing similarities between OT and IT architectures and components there are quite fundamental differences in the make-up of cyber attacks on each.  In To Kill a Centrifuge, an in-depth technical analysis of the Stuxnet attack, Ralph Langner has already identified three distinct layers of a sophisticated cyber-physical attack: the IT, the Industrial Control Systems (ICS) and the physical layers.  The SANS Institute in the U.S. has recently published an anatomy of cyber attacks  on ICS, involving two multi-phase stages: 1) cyber intrusion preparation and execution – what can be thought of as intelligence gathering; and 2) ICS attack development and execution.