Defending

Defending systems, data, and services from potential attack.

This is the largest area in terms of potential research topics, as it includes developing and implementing defences against potential attacks. Effective defence requires a technical understanding of threats and vulnerabilities in the systems you are trying to defend it also covers the human element of responding to and recovering from attacks.

  • Crimes that may be digitally-enabled or digitally-dependent, including fraud, theft (of personal data, money etc), harassment, child sexual exploitation, money-laundering, spying, system sabotage, spreading of viruses, malware, and ransomware.
  • Potentially harmful but non-criminal activities, e.g., cyberbullying, the manipulation of social media to sow discord or influence democratic processes.
  • Methods used to do harm: e.g., hacking or malware infection, hardware tampering, insider access and social engineering. 
  • Technical vulnerabilities that arise during software and hardware design and implementation (including through increased connectivity, for example; Industrial IoT), and that are perpetuated through failure to patch or replace insecure software and systems. 
  • Vulnerabilities in human systems: e.g., ‘insider threat’, failure to follow security procedures, use of workarounds. 
  • Secure software development: processes, tools and techniques, from the fundamental building blocks like cryptography to design and implementation.
  • Secure hardware: e.g., anti-tamper techniques for processing chips, counterfeit detection and prevention.
  • The nature and value of data held on digital systems and how it could be exploited (including through behavioural analytics and identity ‘profiling’).
  • Risk-based decision-making, in particular risk assessment and mitigation, risk prioritisation and visualisation, communication of risk information, decision-support.
  • Developing and improving monitoring and detection systems (both technical and human) to establish when a breach has occurred.
  • Regulatory and other mechanisms to ensure organisations respond appropriately to data breaches.
  • Once a breach/attack has been detected, organisational and individual decision making in complex, uncertain situations, where extent and nature of damage may be unclear, including the role of emotion and impact of stress, crisis management, internal/ external crisis communications.
  • Resilience and recovery from an attack/breach, including damage assessment after data breaches, organisational decision making in post-crisis situations, organisational learning; betrayal, forgiveness and recovery of trust.