The modern digitised and networked world presents a series of significant security challenges. How can sensitive information be secured in a world where everyone is connected to everyone else while ensuring the benefits of such a world continue to be delivered?
The UK possesses a wealth of digital security expertise that could and should be harnessed in order to address these challenges. However that expertise isn't always channelled or focused in the most effective way.
The newly formed Cyber Security Knowledge Transfer Network (KTN) has been charged with changing this - both by tackling some of the universal security problems facing the UK's digital economy, such as cyber-crime or identity management, at the same time as helping UK plc to fully exploit the security expertise it has to offer.
This is no small task but it is hoped that the collaborative approach adopted by the KTN provides the best chance of success.
The UK already possesses a wealth of cyber security expertise, within industry, academia and government, but the effort is fragmented and focused on point solutions by technologies and sectors. Only by joining together can we understand the breadth and depth of the cyber security challenge.
This understanding is essential to planning effective protection and response. We need to provide a UK-wide focus to address challenges holistically; identifying the gaps in the work already being undertaken across the community and planning how to bridge them; unifying the pool of UK expertise in a manner which amplifies the efforts of the community and makes the results more accessible to all.
The Cyber Security KTN was launched earlier this year with the aim of providing a single national focal point for digital security expertise. This KTN is the 18th network backed by DTI funding and seeks to better exploit a technical area in which the UK possesses real strength. Other KTNs include those dealing with grid computing, materials and health care technologies.
The Cyber Security KTN is guided by a fully engaged expert panel made up of government departments and agencies with a significant interest in security (including CSIA, NISCC and the MOD), representatives of big industrial users of digital security (Visa,Aviva, BT, BP and British Airways), the supplier community (Microsoft, QinetiQ and HP), along with leading lights in the university research community.
KTN membership is free and open to all, from multinational corporations and SMEs to individual researchers and users. The network, managed by QinetiQ, offers a number of benefits. These include:
- access to expertise across industry, government and academia;
- a direct line to potential customers and partnerships;
- exposure to the key problems faced by users and suppliers;
- collaborative market growth and education;
- a single source for locating good ideas;
- a forum for influencing joined-up investment across government and industry.
The KTN range of services for members include:
Knowledge networking events
These events are designed to take the pulse of the cyber security community on both a national and regional basis. Such events provide an environment in which cyber security stakeholders can come together to explore ways to help secure our society, exploit market opportunities, debate approaches and policy, and exchange views and information.
Achieving a unified voice on cyber security issues is hugely important and by participating, members can influence that voice. The KTN will actively encourage local stakeholders to lead regional events, directly supporting the development of capability and contacts with a light touch.
The network aims to facilitate engagement between suppliers and customers at a strategic level, providing a catalyst for new business opportunities.
The KTN will support targeted activities to address key cyber security challenges in a collaborative manner. These will include voluntary activities such as special interest groups (SIGs) and funded activities in the form of working groups (WGs). Both SIGs and WGs will have clear objectives, defined outputs and outcomes and will be time-limited.
A large part of their work will be via online webinars supported by the KTN portal to facilitate broad participation and enable international inputs. KTN members can participate in SIGs and WGs and will also have early sight of all outputs. Any member can propose ideas for SIGs and WGs.
The KTN portal provides information resources for members, including listings for cyber security events, funding opportunities (UK, EU, international), information on the Network Security Innovation Platform, links to policy consultation papers, links to other groups and organisations active in the cyber security space, White Papers, conference reports and news items. A prototype catalogue of UK industry, government and academia security expertise is also being developed.
Small grants scheme
This scheme aims to support the KTN mission of accelerating innovation and identifying universal challenges and effective response. Members of the KTN can apply for grants of up to £5,000 for projects and activities that align with the KTN mission and strategy and broadly benefit the community. These grants will be assessed within three weeks of submission in the approved format.
Activity groups have already been established to address such issues as: business models for trusted computing; implementing cost-effective identity management on a global scale; how to measure the effectiveness of security solutions; and how to engender trust in security products in a non-expert user. More groups are planned to look at software integrity and use of open source in a system security management strategy.
Ultimately the aim of the Cyber Security KTN is to provide an environment in which all interest groups can come together to explore some of the key digital security issues facing the UK that are simply too big for any one single community to tackle alone.
Alongside the investment in strategy and community building, the DTI is also investing in research and development in the form of the Network Security Innovation Platform.
Innovation platforms have been developed by the DTI Technology Strategy Board to respond to a well-defined societal challenge by bringing together government departments and agencies, research councils, development agencies, business and the science base.
The aim is to identify and apply a diverse range of technologies (and policy levers such as standards, measurement, regulation and public procurement) to deliver innovative products and services, for which there are real customers in a potentially large global market.
There are two pilot innovation platforms in network security, and intelligent transport systems and services. The first step towards an innovation platform in network security has been the establishment of a core group of partners to provide policy oversight. Key government stakeholder departments (including NISCC) and the Cyber Security KTN are represented.
Recent activity for the Network Security Innovation Platform has focused on defining the challenges and subsequent actions needed to bring government procurement and innovative business solutions closer together.
Good progress has been made in identifying priorities for intervention that include the human machine interface in network security and innovative techniques for the effective application of biometric systems.
The area of human machine interface has been included in the list of technology priorities recently released for the Autumn 2006 and Spring 2007 research and development competitions in the government's Technology Programme.
The competition in human machine interface in network security will be looking to support projects that address the challenge of effective communication of security to the non-specialist user and new systems and environmental design to reduce insider fraud.
This is a 'challenge-driven' approach, encouraging consortia to focus on achieving solutions to a societal challenge. Support will be in two stages - initially through supporting short feasibility studies, the best of which will be selected, leading to longer-term collaborative research and development projects, with the ability to make significant change.
About the author
Dr Sadie Creese is an experienced consultant and researcher in the area of cyber security. As strategy manager for QinetiQ's Trusted Information Management division, she takes responsibility for ensuring strategic alignment of the businesses offerings and research groups.
Sadie has technically led multiple military, DTI, European and industrial research programmes in this domain and is an expert reviewer on behalf of the EPSRC and an independent technical consultant in the areas of security, trust and dependability for the European Commission Future Emerging Technologies programme.