New institute at UK's Imperial College to focus on thwarting cyber-attacks, other threats

12 Dec 2013

Averting cyber-attacks and other threats to vital systems that control the UK's industry and infrastructure will be the focus of a new institute.

Researchers at the Research Institute into Trustworthy Industrial Control Systems at Imperial College London, announced today, will explore potential threats to the infrastructure that controls a range of processes, from nuclear power generation, to manufacturing, to energy distribution and the national rail network. 

The researchers will analyse how cyber-attacks that could shut down these Industrial Control Systems can be prevented or counteracted.

Professor Chris Hankin, director of the research institute into Trustworthy Industrial Control Systems at Imperial College London, said, "In 2007, parts of Estonia ground to a halt when it experienced a 'denial of service' cyber-attack, overloading servers, which lead to a temporary government shutdown. While this is an extreme example, it highlights how vulnerable countries are to these types of threats.

"Our Industrial Control Systems are vital for running most of the industrial processes that underpin modern society. From electricity generation to making sure trains run on time, these systems are vital to our everyday lives, but more work needs to be done to determine how vulnerable they are threats from cyber-attack. Research at Imperial's Institute will focus on working out what the potential dangers are, so that new technologies and procedures can be designed to mitigate them in the future."

Industrial Control Systems (ICS) consist of many components including physical mechanical parts, sensors, computer hardware and software. These are often located over long distances and in remote places, making them vulnerable to attack.

For instance, the UK's railways use ICS to control the entire national network - from monitoring and controlling train movements across the country, to signalling and emergency services. One of the first challenges for researchers at the new Institute is to investigate ways to improve how ICS are protected.

Previously, ICS were developed to operate in isolation, but since the rise of the internet they have increasingly been connected to business IT networks, enabling them to be maintained remotely and providing engineers with more information about how they are operating.

However, this makes them more vulnerable to cyber-attacks. The systems are also required to operate continuously for months at a time, making it more difficult to regularly install upgrades or 'patches' to prevent attacks on software. By comparison, patches for IT networks are done daily. Researchers at the Institute will look into how these systems can be made more robust without impacting on operations.

Working alongside government and industry, the team will also identify how a lone cyber-attack on one business or utility could have a knock-on effect, affecting groups of businesses 'downstream', which could lead to impacts on the UK's infrastructure as a whole.

Academics at the Institute will also investigate ways that these threats can be avoided through the development of better procedures and technologies.

Francis Maude, minister for the cabinet office with responsibility for the UK Cyber Security Strategy, said,  "The National Cyber Security Programme has ensured serious investment through its partnership with academia. This will make certain that the best UK expertise in thought and innovation in the study of cyber security is properly supported. The UK's third academic Research Centre at Imperial College will further strengthen capability and reputation in the strategically important area of protecting industrial control systems that lie behind some of our national infrastructure."

The Institute is jointly funded by the Engineering and Physical Sciences Research Council and the Cabinet Office.

Professor David Delpy, Chief Executive of the Engineering and Physical Sciences Research Council (EPSRC), said: "This EPSRC investment is part of our wider support for underpinning research into the science of cyber security. We need to ensure that the UK has the capability to protect both our physical and virtual assets and to do this we must develop outstanding individuals, support the best projects and make the most of the opportunities that the online environment can deliver for our economy."