The research institute, funded by a £3.8 million grant, “is a virtual organisation involving seven universities.” It will “allow leading academics in the field of Cyber Security including social scientists, mathematicians and computer scientists from across the UK to work together.”
The institute’s director of research will be Professor Angela Sasse from University College London. “This is an opportunity to work closely with colleagues from different scientific disciplines to tackle the technical, social and psychological challenges that effective cyber security presents,” she explained.
The other six universities chosen to take part are Aberdeen, Imperial College, Queen Mary, Royal Holloway, Newcastle, and Northumbria. They were selected following a competitive process that involved two challenges: ‘How secure is my organization?’ and ‘How do we make better security decisions?’
Industry response to the news is almost entirely favorable. Tom Burton, head of cyber for defense at BAE Systems Detica, said it is “an encouraging step, signaling the Government’s commitment to public and private sector collaboration, something we have long championed. The institute should also help to safeguard the UK economy for future generations.”
Paul Davis, director of Europe at FireEye, added, “This is not the time to be complacent and the [Research Institute in the Science of Cyber Security] is a good move in terms of understanding the most complex cybersecurity challenges and improving our readiness should the inevitable happen.”
One university missing from the list is Cambridge and its Computer Laboratory led by Ross Anderson. Cambridge also missed out on GCHQ’s earlier ‘centres of excellence’ in cyber security. At the time, “I declined to put my name forward because I object to their involvement in torture,” Professor Anderson told Infosecurity. His colleagues went ahead anyway, but were turned down because “without me on board they could not make the case that we were a cohesive unit,” he added. His colleagues found it dismissive while he considered it blackmail. “From the university's perspective it was counter to our deepest values; we're a self-governing community of scholars, not a centrally-directed bureaucratic organization.”
Anderson has not changed his opinion with the new institute. “The claim that this will be the first academic institute to do cybersecurity is nonsense. Cambridge has done a huge amount over the years, and Royal Holloway's no slouch either. Angela herself has done good work in the past, and will no doubt do more in the future once the current grant has all been spent. It's just government posturing.”