Investigator: Tingting Li (PI) and Pete Burnap
Timeline: 2021-2022
Project value (funder): £142K (GCHQ/NCSC)

The Diversity-by-design project is funded by NCSC as one of the RITICS projects. Diversity-based approaches have been studied as an effective strategy to enhance the security and resilience of complex systems. The project aims to quantify the system diversity by identifying similarly vulnerable structures of components in interconnected systems. It mainly uses Graph Neural Networks (GNN) and other machine learning techniques to convert network graph data into vector representation and search for similarly vulnerable structures. We can then effectively evaluate human-input diversification strategies prior to actual deployment. The proposed work also provides an effective way to represent the CNI and other interconnected systems with the focus of identifying similarly vulnerable points of a system, which is able to provide insights into the resilience of the dependencies against replicated attacks and avoiding cascading failure.

Investigator: Tingting Li (PI)
Timeline: 2021
Project value (funder): £25K (Thales)

Investigator: Yulia Cherdantseva (PI), Tingting Li (Co-I), Pete Burnap and Barney Craggs (Bristol)
Timeline: 2021-2023
Project value (funder): £503K (EPSRC EP/V038710/1)

The ultimate goal of the project is to improve CNI resilience in the UK by enabling timely and efficient incident response. To achieve this, this project will deliver a Framework for creating Risk-Informed Metrics-enriched Playbooks for Critical National Infrastructure (FRIMP4CNI). We propose to approach incident response playbooks in a fundamentally different way. First, playbooks in this project are integrated into core CNI processes affected by an incident, showing how enacting a particular response affects core processes as well as interdependent processes. Second, our playbooks address more than technical actions, they look at aspects beyond technology, e.g. operational response, issues related to staff availability and costs, reporting process, political and communication response. Third, playbooks are risk-informed because each playbook has an associated risk model; and fourth, they are enriched with business-driven multifaceted metrics which reflect the changes that an incident inflicts on a core process. Fifth feature is that our playbooks are optimal; an optimisation algorithm is applied to a set of alternative response strategies to identify the optimal response playbook for each case. A combination of the features listed above makes our approach unique and allows our playbooks to serve both as an action guide enabling improved cybersecurity incident response and as a decision support tool at the Board level.