Last week HP announced inauguration of its Chair in Cyber Security at the University of Birmingham, appointing Professor Mark Ryan, an internationally recognised expert in cyber security, in a move described by the National Cyber Security Centre (NCSC) as an example of the academic and business cooperation that it seeks to foster.
The timing of the announcement, alongside that of the National Cyber Security Strategy, was coincidental, but it fits into the wider community remit of the NCSC to make the UK one of the safest places to conduct online business, and develop the skills needed to deliver on that objective.
Chris Ensor, deputy director Cyber Skills & Growth at the NCSC told SC, “A year ago we launched CyberInvest, building communities in academia and getting business involved, so what HP is doing now is an example of the investment in Universities that we want large companies to do. We continue to build new capability to help others build capacity; we want business to invest in research to build capacity in the UK.”
Palo Alto- based HP has chosen Bristol, UK, to base its Security Lab, which is engaged in long term research looking at a three to 15 years horizon with a particular interest in the blurring of the digital and physical world.
Simon Shiu, director of HP's Security Lab explained to SC the reasoning behind the move. “There's a recognition that we can't do everything on our own, that we need collaboration between academia, industry and government. By collaborating we get a different point of view, a broader perspective from effectively a larger team.”
Shiu added, “At HP we are focussed on endpoint devices – edge computing outside the perimeter, including but not restricted to printers and PCs. It's not just products, its device architecture, having a more robust foundation for things such as 3-D printing, communications infrastructure, device to cloud and device to device. Not just cyber security, but how things at the edge are set to change (whole paradigms). It's the bluring of the physical and digital, and issues of usability, integrity of IP.
SC asked Shiu what the next steps are, what sort of work is planned, and how the divide works between academia sharing knowledge and HP monetising research. Shiu responded, “The next step, after Christmas, will be Mark going into HP, and sharing actual projects, and working on site at HP to imbue the culture there, as well as HP pick up from Mark's approach.
“Possible areas of research include the ecosystems around 3-D printers and their potential to transform manufacturing, with design by documents sent to the printer. Thus assuring the security is built into the software in the workstations from the outset. How to keep data confidential, ensure its provenance and trace it back to its source, and maintain confidentiality end-to-end. The game will change and we need to understand the risks, so security of digital objects is a big concern.
“The role will be less teaching and more research, most of the time on academic work, publishing papers that go into the public domain, but there will also be work on HP projects. We see it as an industry programme that is improving the playing field for everyone. We want our endpoint devices to be robust to use and we will be happy for knowledge to be shared with other parties. There will be Intellectual property created that we will taken to market, but that won't be the majority.”
Ryan commented in a press statement: "The internet of things is going to bring a new wave of innovation, affecting how the physical world and the digital world interact. Figuring out how to support privacy and security for users in this setting is a huge task. This research chair is a great opportunity to work with a company that can complement the skills of academics and help bring theoretical ideas into practical realities."
Ensor adds, “NCSC is encouraging industry to invest, to help the academics – so tell them your problems – it needs to be a partnership and this is a good example.”
Shiu concluded, “Cyber-security is increasingly an enabler for many future scenarios including blended and augmented reality, where the risks and threats are more consequential on services and people, and where security will be seen as an enabler. The move is validation of the UK as a good multicultural place to do cyber, with government support, good thought-leading academic skills and strong research.”