Project Summary
Attacks on Critical National Infrastructure (CNI), such as the energy, transport management, and supplies sectors, may have disastrous consequences. Such attacks may be performed by a variety of threat actors, including lone individuals, crime organisations, and nation states. Likewise, the goals of the attacks comprise a wide range, such as attention-seeking, terrorism, monetary gain, and cyber warfare. Attackers may use a large array of approaches to reach these goals. They may perform pure cyberattacks – which can be executed from anywhere in the world.
Deception provides a virtual environment that resembles the actual physical environment as closely as possible, in order to fool the attacker into believing they are attacking the real system
Deception has two aims:
- Enabling the study of attackers’ Tools, Techniques, and Procedures (TTPs) within a secure environment. This supports the gathering of threat intelligence. One well-known instance is the classical “honeypot” approach.
- Defending the system by drawing attackers’ attention and effort away from the real environment into the virtual one.
We are seeking an enthusiastic, creative and technically skilled candidate for an exciting and unique fully-funded scholarship opportunity to study deception in the context of cybersecurity for critical national infrastructure. The result of this PhD will be novel research that addresses a subset of the challenges outlined below, and begins to develop a realistic technical implementation. The successful candidate will be supported by internationally recognised researchers at Cardiff University’s NCSC Academic Centre of Excellence for Cybersecurity Research, as well as industry experts and world class testbeds at Thales’ National Digital Exploitation Centre (NDEC). You will join the ESPRC DTP Hub in Cyber Security Analytics at Cardiff University, becoming part of an interdisciplinary cohort of students studying the human and algorithmic aspects of AI in the context of cybersecurity.
Objectives
This project will investigate existing deception approaches for CNI systems in both the academic and the industrial domain. Due to the context, there are many intellectual, scientific and technical challenges to be addressed:
- Realistic systems: The deception system must appear realistic in order to convince the attacker. Hence, its components and topology must closely match the real system. This is made particularly challenging by the fact that attackers may attack the system not just in the cyberspace. Therefore, the deception system will have to emulate not just digital components, but social and physical systems as well.
- Realistic responses: The system must react to attacks in a convincing way. As attackers can monitor the success of their attacks in the physical world and in the media, these must be covered as well.
- Scalability: Depending on the real system in question, CNI may involve a large number of diverse components. This raises questions of emulating those in a scalable way without replicating the original system in its entirety.
- Automation: Generating an instance of the deception system for a particular real system cannot be done manually. Therefore, the project must support the automated discovery and matching of a real system, including components, topology, and behaviour.
- Publicity and impact: The deception system will operate within an intellectually challenging field. On the one hand, some information needs to be publicised in order for it to operate (see (2), above). On the other hand, generating false information about attacks on a CNI may cause problems. In addition, the fact that a deception system is in operation should not be publicised.
Potential impact
The successful candidate will spend time located within Thales’ research labs in Ebbw Vale (short train journey from Cardiff). This will enable you to determine the factors associated with the deployment of new methods within a realistic testbed. The opportunity is to translate the outcomes from your research into new products and processes that could be of practical use to Thales.
External Partner (Thales)
- Thales will support on project definition and steering, including industrial relevance
- The student will be expected to work for part of their study period at Thales’ research labs in Ebbw Vale (on a main train/bus route)
- The student will sign a contract between the university and Thales
Application format
Please provide the following information in your application
- Academic background – we are seeking creative and energetic individuals from a range of backgrounds. We require a 1st or 2:1 at first degree level and/or or distinction at Masters degree level to apply. Example degree subjects include (but are not limited to): computer science, psychology, criminology, sociology, law, and business. We also welcome those who have significant relevant work experience.
- Describe any experience of research
- Write a short statement on what you understand the topic of cyber security analytics to be and what excites you about it
- Write a short statement on how your experience fits to the project to which you have applied, and how you would approach the project
- Write a short statement on why you would like to undertake PhD research in a multi-disciplinary cohort, and how you think the experience will benefit your career in comparison with studying as an individual student.
Apply online - https://www.cardiff.ac.uk/study/postgraduate/research/programmes/programme/computer-science-and-informatics
Applicants should select Doctor of Philosophy, with a start date of Oct 2021. In the research proposal section of your application, please specify the project title and supervisors of this project. In the funding section, please specify that you are applying for advertised funding from EPRSC DTP.
For more information on shortlisting and assessment process, please contact [Email Address Removed]
For more information about the project, please contact the hub’s Academic Lead, Professor Pete Burnap, [Email Address Removed]