As the old Russian saying goes, "Trust but verify". The recent series Chernobyl has the best explanation of this - the circle of accountability. This project looks at the classical problem of auditing: when multiple organisations or government departments collaborate or share data in order to deliver a single service, if something goes wrong, how do we identify what and who made a mistake, either by negligence or deliberately? A good example is when businesses operate over the Cloud. Another aspect is sensitive data sharing such as medical data being shared between hospitals, insurance companies, doctors, etc.. How can share such data in a secure, accountable and traceable way? One of the technologies we are looking into is Blockchains and Smart-Contracts.
Threat Detection in Building Management Systems.
We are taking a close look at Smart Buildings and developing new technologies, based on Artificial Intelligence, to detect attacks as early as possible. Typical protocols in use, such as BACnet, do not provide the necessary protection; often, they are used in legacy configurations with no security at all. Not only the security of Smart-Buildings (often part of national Critical Infrastructure and under the EU NIS Directive) needs to be revisited, but legacy buildings need to be considered when designing a secure approach.
We accept and sign up for any T&Cs every day and online businesses take all our personal data. At present, and even with GDPR, we do not know what we accepted and what we shared and when. In recent cases, people complained about having accepted certain conditions while the online business denies. How can we prove and control what we shared?