Closing the window between becoming aware of a potential technical exploit and action to plug the vulnerability reduces exposure to systems compromise. How can we best apply automation across government’s cyber security practices to ensure that potential exploits are addressed as quickly as possible? What are the risks and opportunities? What are the dependencies on other technology? Are there ethical or considerations in this area?

Background

The challenges have become more complex, intertwined and dangerous as the world has become more uncertain and volatile. Domestic, overseas and online threats are increasingly integrated as adversaries develop capabilities and exploit vulnerabilities across borders and between the cyber and physical worlds. We are seeking research to help Government adapt to a changing security environment based on research and evidence.

Next steps

Should you have questions relating to this ARI please contact co_aris@cabinetoffice.gov.uk. If your query relates to a specific question please state its title in your email.

Source

This question was published as part of the set of ARIs in this document:

CO AR Is 2019 20190429

Related UKRI funded projects

  • Academic Centre of Excellence in Cyber Security Research - Cardiff University

    Cardiff University is a leading UK academic institution for cyber security analytics and artificial intelligence - the interpretation and effective communication of applied data science and AI methods through interdiscip...

    Funded by: EPSRC

    Lead research organisation: Cardiff University

    Why might this be relevant?

    The project focuses on cyber security analytics and artificial intelligence, which can be applied to address potential exploits and vulnerabilities in government's cyber security practices.

  • Leveraging the Multi-Stakeholder Nature of Cyber Security

    Cyber Security (CyS) is a challenging, distributed, multi-stakeholder problem. It is distributed in the sense that the expertise to comprehensively assess the level of security of a given IT system is commonly not all av...

    Funded by: EPSRC

    Lead research organisation: University of Nottingham

    Why might this be relevant?

    The project aims to leverage the multi-stakeholder nature of cyber security and develop a framework to improve user access to tailored cyber security information, which can help address potential exploits and vulnerabilities in government's cyber security practices.

  • RISKREVELATION AI

    Planet Pen Test Ltd (PPT), led by Shannon Simpson and Anna Standley, is a UK cybersecurity SME developing an AI platform (RISKREVELATION AI) to help companies proactively tackle cybersecurity issues. Even before COVID-19...

    Funded by: Innovate UK

    Lead research organisation: PLANET PEN TEST LTD

    Why might this be relevant?

    The project is relevant as it is developing an AI platform to proactively tackle cybersecurity issues, which aligns with the question's focus on automation in cybersecurity practices.

  • Machine Learning, Robust Optimisation, and Verification: Creating Synergistic Capabilities in Cybersecurity Research

    The need for better support to deal with the threats of cybersecurity is undisputed. Organisations are faced with an ever growing number of malware and integrated malware attack tools, attempted attacks on infrastructure...

    Funded by: EPSRC

    Lead research organisation: Imperial College London

  • Proactive Security Decision Support System informed by Cyber Threat Intelligence (PSDSS-CTI)

    This project will develop a proactive security decision supporting system that helps decision makers prioritise security investment within a changing threat landscape. This system will incorporate cyber threat intelligen...

    Funded by: Innovate UK

    Lead research organisation: DE MONTFORT UNIVERSITY HIGHER EDUCATION CORPORATION

  • Evaluating Cyber Security Evidence for Policy Advice: The Other Human Dimension

    The quality of a state's capacity to respond to the challenges of cyber security is rapidly coming to be recognised as an important element of global competitiveness. This project seeks to understand the challenges faced...

    Funded by: EPSRC

    Lead research organisation: University College London

  • Cyber Enterprise Security - predict it, fix it

    This project is a new approach to making sure an enterprise (be that a business, defence such as the MoD or Health) can function as best as possible as the state of cyber changes. This could be as a result of cyber-attac...

    Funded by: Innovate UK

    Lead research organisation: INFINITE PRECISION LTD

  • Customized and Adaptive approach for Optimal Cybersecurity Investment

    The proposed research aims to help organisations to make better cybersecurity investments. For example is it better in a given organization to prioritise a policy of changing passwords over patching software regularly? A...

    Funded by: EPSRC

    Lead research organisation: Imperial College London

  • Academic Centre of Excellence in Cyber Security Research - King's College London

    King's College London (KCL) is a research-led university established in 1829 (4th oldest in England), and one of the top 25 universities in the world (2017-18 QS international world rankings). The current King's Strategi...

    Funded by: EPSRC

    Lead research organisation: King's College London

  • Research Institute in Science of Cyber Security (RISCS) Phase 2

    The Digital Economy is a key part of the strategy for UK economic growth. But as more businesses move into the digital space, they need to be able to protect their assets (such as their Intellectual Property) and process...

    Funded by: EPSRC

    Lead research organisation: University College London

Similar ARIs from other organisations

Cyber Security and Digital Identity (CSDI) - Adoption of cyber security How might automation, machine learning/AI change the way in which cybersecurity services are currently delivered? Do these changes lead to a reduction or even an increase in demand for cyber security skills, products and services Department for Science, Innovation & Technology, 2024
See details
Cyber Security and Digital Identity (CSDI) - Cyber security of technologies and services Does deploying AI models in an existing process or system increase the attack surface of the host system? If so, how can this be mitigated? Who would be the owners for securing against those vulnerabilities and, where this is unclear, should organisations be sharing knowledge and security ownership, across the technology stack and system of deployment? Analyse and examine the full extent and range of cyber security risks to the UK economy in software development, distribution and supply chains. Identify what risks to the UK’s cyber resilience are introduced through software supply chains by software vendors and users? Which are the highest profile risks? We are interested in B2B/enterprise software rather than consumer software but including: operational technology, IT and cloud and on-premise. Department for Science, Innovation & Technology, 2024
See details