Dynamic Risk Assessment for Critical Infrastructures under Attack

This PhD project aims to address the need for near-real-time risk assessment for safe and continuous operation of critical infrastructures, e.g., water, power, transportation, when faced with an ongoing cyber-attack. Such infrastructures were traditionally not connected to the Internet hence the protocols, devices, software, and platforms have not had security as a core design consideration. Increasingly, they are being connected to enterprise systems for improved business process monitoring and optimisation. This convergence has led to several cyber security issues, in turn leading to safety or operational interruptions as evidenced by various high-profile incidents. The critical nature of these systems means that the infrastructure cannot simply be shut down on the first sign of attack and one needs to understand – in near-real-time – the implications of an ongoing attack on safe and continued operation, take mitigating actions and ensure that the infrastructure can keep running (albeit at a reduced capacity) in a safe manner, e.g., through isolation of compromised elements.

This project will develop a near real-time dynamic risk assessment model that maintains an ongoing representation of the security state of an infrastructure system, showcasing the ongoing status of an attack event, its implications in terms of composition with other events, and potential for violation of a safety or operational goal. This will enable not only dynamic risk assessment of an unfolding attack (and effectiveness of countermeasures) but also enable foresight into the potential paths that an attack may take to compromise safety or operational goals and make informed decisions on when an attack has escalated to a point where whole system shutdown is essential.

URL for further information: https://www.bristol.ac.uk/cdt/cyber-security/

Candidate Requirements

Applicants must hold/achieve a minimum of a Master’s degree (or international equivalent) in Computer Science, Safety Critical Systems, Artificial Intelligence/Data Science.  Applicants without a master’s qualification may be considered on an exceptional basis, provided they hold a first-class undergraduate degree. Please note, acceptance will also depend on evidence of readiness to pursue a research degree. 

Basic skills and knowledge required:

·      Essential:

Excellent analytical skills and experimental acumen. Strong programming skills and a knowledge of AI/machine learning techniques.

·      Desirable:

A background understanding in safety critical systems or methods for safety analysis such as fault trees.

Scholarship Details

This studentship offers a minimum tax-free stipend of £18,800  from September 2021 and is expected to rise slightly in line with the annual UKRI minimum tax-free stipend rate.

Tuition fees and a generous research grant are also covered by this studentship.

Applicants must meet the eligibility and residence requirements, please check the EPSRC.UKRI website.

Informal enquiries

For questions about the research topic please contact Prof Awais Rashid at [Email Address Removed]  

https://research-information.bris.ac.uk/en/persons/awais-rashid

For questions about eligibility and the application process please contact SCEEM Postgraduate Research Admissions [Email Address Removed]

Application Details

Prior to submitting your application, please contact the academic listed to discuss your research proposal and see if it aligns with their current research. No indication of an offer can be made until we receive your completed application.

To apply for this studentship, submit a PhD application using our online application system [www.bristol.ac.uk/pg-howtoapply]

Please ensure that in the Funding section you tick “I would like to be considered for a funding award from the Computer Science Department” and specify the title of the scholarship in the “other” box below along with the name of the supervisor.   Interested candidates should apply as soon as possible.