The Critical National Infrastructure (CNI) is becoming digitally enhanced and interconnected through the interface between Operational Technology (OT) with generic ICT capability. While such developments bring substantial benefits to the modernisation and sustainability of the CNI, they also mean it is increasingly exposed to cyberattacks and adversarial events with potentially catastrophic consequences to society, national defence, and the functioning of the state.
Ensuring the CNI is resilient against a dynamically evolving set of threats that manifest through the digital infrastructure both at their onset and over the longer term is therefore paramount. However, the vendor-specific and resource-constrained nature of industrial OT underpinning many CNI sectors, coupled with the prolonged lifespan of OT components and supply chain strategies that limit their inherent cyber-resilience capabilities make this extremely challenging.
The proposed project will strive to develop novel, in-network instrumentation capability to facilitate the development and retrofitting of digital resilience mechanisms to existing IT/OT configurations. Such mechanisms will implement complex metrics through combining different measurement and control modules.
This will include research in network programmability and virtualisation to support the development of complex cyberthreat detection and attack mitigation mechanisms that can be dynamically composed and orchestrated over one or more resource-constrained platforms (e.g. Single-Board Computer, FPGA, small form factor PC, etc.) connected to the local IT/OT network. Low-level traffic monitoring and control instrumentation primitives will be specified and implemented in the form of virtualised Network Functions (vNFs) or directly on programmable network dataplanes. Such primitives will include packet timestamping, network flow statistics, and packet dropping/throttling rules. These are potentially of time-critical nature and low processing complexity, hence able to be supported by a limited programming environment with high reusability and sharing potential between different higher-level detection and mitigation modules. Subsets of these primitives will then be dynamically orchestrated to process traffic (meta)data in sequence, and form Service Function Chains (SFCs) implementing complete cyberthreat detection and mitigation routines of higher processing complexity.
Applications will close once a suitable candidate has been identified.
How to Apply: Please refer to the following website for details on how to apply:
http://www.gla.ac.uk/research/opportunities/howtoapplyforaresearchdegree/.