Spies and professors band together for UK cybersecurity research institute

The country's 'Research Institute in the Science of Cyber Security' will open at the start of October, in an attempt to make the UK a 'thought-leader' in the field. Meanwhile, an EU-level cybersecurity response team has been made permanent after a successful pilot.

The UK is to get an academic institute for researching the 'science of cybersecurity', the government and spy chiefs announced on Thursday.

The Research Institute in the Science of Cyber Security will open at the start of October and operate for the next three and a half years. It will be hosted at University College London (UCL), funded through a £3.8m government grant and led by UCL professor Angela Sasse.

UCL quad
The Research Institute in the Science of Cyber Security will be based at UCL. Image: UCL

The institute is backed by the government, GCHQ , various research councils and seven universities, and is intended to get "social scientists, mathematicians and computer scientists from across the UK" working together.

"The UK is one of the most secure places in the world to do business — already eight percent of our GDP is generated from the cyber-world and that trend is set to grow," cybersecurity minister Francis Maude said in a statement. "But we are not complacent. Through the National Cyber Security Programme we are putting serious investment into the best UK expertise to lead thought in the science of [cybersecurity]."

According to GCHQ, the objectives of the institute will include combating cyber-crime, making the UK more resilient against cyberattack and "better able to protect our interests in cyberspace", and to "help to shape an open, vibrant and stable cyberspace which the UK public can use safely and that supports open societies".

Cybersecurity efforts

The news of the institute came a day after the European Commission said its Computer Emergency Response Team (CERT) , which has been piloted over the last year, would now be permanently established.

Digital agenda commissioner Neelie Kroes said in a statement that EU institutions could "now count on a permanent CERT to deal with increasingly sophisticated cyber-threats against them", and that the move "ensures we are practising what we preach".

Part of the remit of CERTs — both at the European and national level — is to give advice to public-sector organisations in particular about defending themselves against cyberattacks.

As for businesses, GCHQ said on 5 September that it had started advising "the UK's most senior business leaders" on dealing with internet-related threats. At the time, business secretary Vince Cable said companies should shore up their defences to protect their bottom line.

"Ensuring this happens should be the responsibility of any chief executive or chair as part of an approach to good corporate governance which secures a business for the long term," Cable said.

The three documents produced as part of that advice strategy can be found here, here and here (all PDFs).