This PhD project aims to address the need for near-real-time risk assessment for safe and continuous operation of critical infrastructures, e.g., water, power, transportation, when faced with an ongoing cyber-attack. Such infrastructures were traditionally not connected to the Internet hence the protocols, devices, software, and platforms have not had security as a core design consideration. Increasingly, they are being connected to enterprise systems for improved business process monitoring and optimisation. This convergence has led to several cyber security issues, in turn leading to safety or operational interruptions as evidenced by various high-profile incidents. The critical nature of these systems means that the infrastructure cannot simply be shut down on the first sign of attack and one needs to understand – in near-real-time – the implications of an ongoing attack on safe and continued operation, take mitigating actions and ensure that the infrastructure can keep running (albeit at a reduced capacity) in a safe manner, e.g., through isolation of compromised elements.
This project will develop a near real-time dynamic risk assessment model that maintains an ongoing representation of the security state of an infrastructure system, showcasing the ongoing status of an attack event, its implications in terms of composition with other events, and potential for violation of a safety or operational goal. This will enable not only dynamic risk assessment of an unfolding attack (and effectiveness of countermeasures) but also enable foresight into the potential paths that an attack may take to compromise safety or operational goals and make informed decisions on when an attack has escalated to a point where whole system shutdown is essential.
URL for further information: bristol.ac.uk/cdt/cyber-security/
This is a fully funded 4-year studentship covering:
- A Minimum £18,800 tax-free stipend per year
- tuition fees at UK student rates
- equipment and travel allowance to support research related activities.
For EPSRC funding, students must meet the EPSRC residency requirements.
Applicants must hold/achieve a minimum of a Master’s degree (or international equivalent) in Computer Science, Safety Critical Systems, Artificial Intelligence/Data Science. Applicants without a master’s qualification may be considered on an exceptional basis, provided they hold a first-class undergraduate degree. Please note, acceptance will also depend on evidence of readiness to pursue a research degree.
Basic skills and knowledge required:
Essential: Excellent analytical skills and experimental acumen. Strong programming skills and a knowledge of AI/machine learning techniques.
Desirable: A background understanding in safety critical systems or methods for safety analysis such as fault trees.
Prior to submitting your application, please contact the academic listed to discuss your research proposal and see if it aligns with their current research. No indication of an offer can be made until we receive your completed application.
Please ensure that in the Funding section you tick “I would like to be considered for a funding award from the Computer Science Department” and specify the title of the scholarship in the “other” box below along with the name of the supervisor. Interested candidates should apply as soon as possible.
For questions about eligibility and the application process please contact SCEEM Postgraduate Research Admissions [email protected]