Questions from the Department for Science, Innovation & Technology:
Data Policy - Drivers of data use
Data as a rival and nonrival economic good: Is there evidence that data privacy laws centred around individuals’ rights might hinder realising collective benefits? What are the potential remedies and interventions to resolve that?
Department for Science, Innovation & Technology, 2024
Data Policy - Drivers of data use
What are the potential cases and market failures Privacy Enhancing Technologies (PET) might help to resolve? What are the potential barriers to their adoption? What are some of the most adopted PETs in use in the UK?
Department for Science, Innovation & Technology, 2024
Data Policy - Market failures in the data market
How should government approach public sector valuation to encourage further utilisation of datasets. What are some effective models to provide access to sensitive public datasets for research purposes.
Department for Science, Innovation & Technology, 2024
Cyber Security and Digital Identity (CSDI) - Importance of inclusion for digital identity solutions
If digital identity solutions become more widespread, what are the impacts this could have on marginalised groups? What further interventions could be implemented to improve access for these groups?
Department for Science, Innovation & Technology, 2024
Cyber Security and Digital Identity (CSDI) - Importance of inclusion for digital identity solutions
How can governance and standards frameworks encourage greater inclusion and security across the ecosystem? What would a good framework for measuring inclusion in digital identity markets look like? How can we minimise security and privacy risks within digital identity solutions?
Department for Science, Innovation & Technology, 2024
Cyber Security and Digital Identity (CSDI) - Importance of inclusion for digital identity solutions
How inclusive is the evolving digital identity ecosystem? What are the barriers to inclusion within the system? What are the benefits of digital identity to individuals and businesses? How can we ensure the UK’s digital identity ecosystem is secure? Within the current market which groups are disproportionately affected or are more likely to become left behind as digital identity solutions become more widespread? What are some of the consequences of having excluded groups? Are there differences across different sectors or use cases? How can we build trust in digital identity solutions?
Department for Science, Innovation & Technology, 2024
Cyber Security and Digital Identity (CSDI) - Cyber security of technologies and services
Where are the biggest risks from - developers, vendors, customers? Where could government intervention help to improve the cyber resilience of software supply chains? Explore case studies of different contexts, for example: (i) most recent significant attacks, incidents and exploited vulnerabilities and their causes and (ii) statistics on attacks, breaches and prevalence of software vulnerabilities. What are the biggest/most urgent software supply chain risks to the UK economy (that companies face)?
Department for Science, Innovation & Technology, 2024
Cyber Security and Digital Identity (CSDI) - Cyber security of technologies and services
Does deploying AI models in an existing process or system increase the attack surface of the host system? If so, how can this be mitigated? Who would be the owners for securing against those vulnerabilities and, where this is unclear, should organisations be sharing knowledge and security ownership, across the technology stack and system of deployment? Analyse and examine the full extent and range of cyber security risks to the UK economy in software development, distribution and supply chains. Identify what risks to the UK’s cyber resilience are introduced through software supply chains by software vendors and users? Which are the highest profile risks? We are interested in B2B/enterprise software rather than consumer software but including: operational technology, IT and cloud and on-premise.
Department for Science, Innovation & Technology, 2024
Cyber Security and Digital Identity (CSDI) - Cyber security of technologies and services
Does the cyber security of AI models need to follow any novel principles that aren’t set out under existing policy and technology security principles? If so, what are these measures and how do the differ from what exists? How do the vulnerabilities/risk of AI model security differ from existing cyber threats?
Department for Science, Innovation & Technology, 2024
Cyber Security and Digital Identity (CSDI) - Cyber security of technologies and services
What are the most common connected technology convergence points we will see realised in the UK in the next 5-10 years? What are the applications of these converged connected technologies? Which sectors will be most impacted? Will there be an increased cyber attack surface for converged technologies? How can the cyber security of converged technologies be managed?
Department for Science, Innovation & Technology, 2024
Cyber Security and Digital Identity (CSDI) - Cyber security of technologies and services
How can connected technologies can be secured when liability and responsibility of product security is unclear, due to convergence of technologies and systems. I.e., taking a system-of-systems approach, how can holistic and robust cyber security be ensured? What is the series of measures required to safeguard the whole system? For example, taxonomy of cyber security risks and threats from the research phase through to product development, deployment and embedding with other technologies and systems. How could the UK produce a world-leading approach to securing emerging technologies through an end-to-end process?
Department for Science, Innovation & Technology, 2024
Cyber Security and Digital Identity (CSDI) - Cyber security of technologies and services
What is the most effective method for incentivising responsible technology design, in terms of cyber security? What are the barriers or blockers for using secure by design principles for cyber security of emerging connected technologies? Where have we seen successes in adopting secure by design principles for connected technologies? Is there a gold-standard or case study where security of a product has been considered during early inception? Has led to greater security of the product and fewer breaches?
Department for Science, Innovation & Technology, 2024