Scaling Trust is an interdisciplinary research project drawing on resources from anthropology, sociology, communication studies, literary theory, philosophy of science and computing. Using interviews, textual analysis, workshops and ethnography, Scaling Trust examines recent transformations in Cyber Security across four distinct domains, and asks: how are novel models and methods reshaping trust and securing in contemporary society? How do new forms of narrativizing threats, problems of technology and scale, and security solutions define what a secure future may be? A) In the initial period of the fellowship, we investigated current transformations in technology assurance. Security in this domain has been treated as a quality of technical products, a quality that can be tested and measured in an evaluation lab. In recent years, we can observe increasing awareness of unintended side effects of reliance on trusted products and the rise of new approaches focused on risk and the quality of communication. B) We also, in the initial fellowship period, examined the emergence of 'de-perimeterised' security models, today most prominently associated with 'Zero Trust' IT architectures. We examine the nature of security models in general, and how this one in particular has challenged intuitions of information security as the protection of an 'inside' of a private network, and focussed attention instead on asset value. This formulation of the object of securing has profound implications for what counts as a security technology, and for how users/people are positioned and treated. C) In the renewal period, we will conduct an empirical study of the 'DevSecOps' movement, a movement that aims to reconfigure organisations, so that security, here understood as an organisational function, is no longer in a 'silo', but becomes integrated in collaborative multi-function delivery teams. The focus on social architecture here draws on classic organisational thinking in software development, such as Conway's law (that technology tends to inherit a pattern of organisation from the structure of teams who made it), on 'Secure by Design' concepts, and is driven by the demands of continuous delivery methodologies. Securing is here understood as what a part of an organisation does, alongside developing, maintaining and operating. D) During the renewal period, we also build out a study of the recent emergence of hardware-based vulnerabilities, such as Rowhammer, SPECTRE and Meltdown, which have fundamentally challenged some of the certainties upon which security reasoning was built. These vulnerabilities drew attention to the level of hardware as a source of uncertainty, challenging the notion that security can be understood via analysis of logics implemented in software. In addition to preventing attacks, securing thus becomes a matter of being responsive to novel vulnerabilities as they emerge. In Scaling Trust, we examine the narrativization of security, how securing is constituted as a meaningful activity in distinct, but intersecting ways, as these expert domains undergo transformation: how security is variously posed as a problem of A) evaluation, B) architecture, C) organisation and D) function. If, as we argue, the nature of cyber security is not fixed, but rather refracts through a number of expert practices, it is important to examine and make sense of how it is changing and the implications for society, for organisations and for policymakers. Scaling Trust includes a portfolio of engagement activities with policymakers and with organisations. It involves the use of a palette of qualitative research methodologies, but also the development of a new participatory workshop format, called 'Trust Mapping' for organisations and researchers. It is a fellowship project, and thus also involves investment in the PI, Dr Matt Spencer, supporting his career trajectory and development of a position of research leadership in cyber security.

With growing dependency on digital infrastructure, vulnerability to cyber disaster becomes a defining context for social life. Within the last two years Wannacry led to the cancellation of thousands of NHS appointments, NotPetya brought Maersk's global shipping operations to a halt, the Equifax hack compromised the details of 140 million people, and TSB's outage left thousands of customers defrauded. Behind these failures-to patch systems, to secure networks, to implement good governance-is a problem of scales: the smallest "weak link" can end up compromising the security of the whole system. Yet because complete security is unattainable in practice, living well with infrastructures has become a question of trust. It is the premise of this fellowship that trust is not a "user's problem". Behind the services and utilities that we rely on in daily life, we can find an array of professional cyber security practices aiming to win and maintain trust, to question it and manage it across scales. How they go about doing that, their successes and failures, is the subject of this study. The ambitious anthropological study of cyber security at the heart of this fellowship will be undertaken in collaboration with the UK's National Cyber Security Centre (NCSC). A broad programme of ethnographic research will focus on long term participant observation of governance processes and knowledge practices within Critical National Infrastructure (CNI) organisations. Three trajectories of investigation comprise the core of the fellowship: In years 1-2, with an ethnographic study of the implementation of the Network and Information Systems directive in 2 CNI locations, it asks: how does cyber security policy "scale" best practice into diverse real-world contexts? In years 3-4, with an ethnographic analysis of how trust is built through the "rituals" of corporate governance in 3 CNI locations, it asks: how do IT practitioners "scale up" local forms of trust to create "high level" holistic representations with which approval can be given, and responsibility taken? In years 5-7, together with a postdoc, the fellow will conduct an examination of the impact of new technologies of automation and AI on cyber security practice, it asks: how do new technologies reconfigure trust? Traditionally led by engineers, cyber security has a legacy of treating people or users simplistically: as problems, or attack vectors. Interdisciplinary approaches have had steady success over recent years in developing more nuances approaches. This fellowship advances the state of the art in interdisciplinary cyber security research with an anthropological style of empirically grounded critical conceptual analysis of professional practices involved in making and managing trust across scales. In doing so it will also make important contributions to several fields of research in the social sciences: the anthropology of governance and accountability, the sociology of trust, and interdisciplinary studies of the digital infrastructures that underlie contemporary social societies. A comprehensive impact programme will ensure that the study stays aligned with policymakers' priorities, and contributes to cyber security policy and practice across industry and government. Academic audiences will be reached through presentation at leading conferences and an ambitious publication strategy targeting high impact journals, and an academic monograph, aiming to be a definitive anthropological account of cyber security. The fellow's professional background managing digital and IT projects are indispensable to this research, as is his research experience in the ethnography of computational science. An extensive training and discipline hopping programme will make the fellow a research leader, standing between academic fields, industry, and policy, poised to produce the engaged interdisciplinary research needed to tackle the Grand Challenges of the UK's Industrial Strateg

Wireless access is an essential to the networks that underpin modern life, providing communications for people, vehicles, machines, infrastructure, and the wide variety of devices that will make up the Internet of Things (IoT). They will become increasingly important to support safe transportation and future healthcare. Society is increasingly vulnerable to network cyber attack, for motivations ranging from financial extortion through terrorist disruption to subversion. Cyber attacks can be mounted remotely through networks, making them attractive to malefactors who can operate safely and anonymously from anywhere in the world. Cyber defence and associated research has become critical, mainly directed at developing and rolling out technical encryption and authentication measures in the network protocols and embedding the essential processes in organisations. Nevertheless exploits continue as attackers discover new vulnerabilities that were not considered in the system design or arise through imperfect implementations. Fixing these requires updating both functionality and credentials of the network elements as threats emerge. By contrast cyber-attack via the wireless interface, exploiting vulnerabilities in the physical layer and lower layers of the protocol stack, has received much less attention. As network originated exploits become more difficult it can be expected that more attacks will be mounted through the "air interface". The means to develop and mount such attacks are increasingly available with the proliferation of low cost software-defined radio (SDR) platforms and open-source software, and the ubiquity of potentially hackable wireless terminals. More research on this problem is needed to find solutions to be retrospectively applied to existing systems, influence the next generation of wireless standards, raise awareness of the potential problems, and train engineers to develop and embed defensive capability in radio standards and products. Crucial will be the ability to change the physical layer functionality, right to the antenna, by changing system software. This is not possible with current equipment or indeed envisaged in the 5G. Apart from countering the security threat, such technology will be needed to enable the future adoption of Dynamic Spectrum Access (DSA), in which, rather than frequency bands being administratively licensed to specific users, spectrum will be allocated dynamically according to evolving demand in space and time. The project partners, Toshiba Research, Roke, University of Bristol, and GCHQ, share a vision of Secure Wireless Agile Networks (SWAN) to be developed in this research partnership. The project scope will include technical deliverables; the shaping of policy and standards; and the training and career development of the SWAN teams. The co-created 5-year programme will integrate academic and industrial teams in activities that address the following Research Challenges (RCs). 1. Threat Synthesis & Assessment: how can RF interfaces be attacked, beyond the threats envisaged in their design? 2. RF Cyber Detection & Defence: techniques to detect RF cyber attack and mitigate their effects. 3. Cyber Secure Radio Design: designing radios whose RF characteristics can be updated in the field to deal with new threats, which also enable DSA. 4. Secure Dynamic Spectrum Access: enabling technology for securely sharing spectrum for most efficient usage. The consequences of not addressing the above will potentially make the wireless channel an Open Attack Surface for cyber attack. SWAN's technological solutions will place the UK at the forefront of enabling the fundamental parameters and architectures of wireless systems to be adaptable to new spectrum and interface specifications; resilient to accidental or induced failures (such as jamming); and resistant to cyber-attack.

The security of many cryptographic protocols in use today relies on the computational hardness of mathematical problems such as integer factorization. These problems can be solved using quantum computers, and therefore most of our security infrastructures will become completely insecure once quantum computers are built. Post-quantum cryptography aims at developing security protocols that will remain secure even after quantum computers are built. The biggest security agencies in the world including GCHQ and the NSA (the American National Security Agency) have recommended a move towards post-quantum protocols, and the new generation of cryptographic standards will aim at post-quantum security. Driven by the need to upgrade our cybersecurity infrastructures, many cryptographic algorithms have recently been developed which are claimed to offer post-quantum security. These proposals are based on a few distinct mathematical problems which are hoped to remain difficult for quantum computers, including lattice problems, multivariate polynomial system solving, coding theory problems, isogeny problems, and the security of cryptographic hash functions. Unfortunately, many of these problems, and more importantly the cryptographic algorithms that are built on top of them, have not been subject to a thorough security analysis yet, therefore leaving us with a risk to oversee major weaknesses in algorithms to be deployed in security applications. In this fellowship, we will develop breakthrough cryptanalysis techniques to analyse the security of post-quantum cryptography candidate algorithms, and determine which algorithms may or may not be further considered for digital security applications. Using the insight gained through cryptanalysis, we will then develop new post-quantum cryptographic algorithms offering better security, efficiency and functionality properties in applications.

As the world becomes ever more connected, the vast number of Internet of things (IoT) devices necessitates the use of smart, autonomous machine-to-machine communications; however, this poses serious security and privacy issues as we will no longer have direct control over with what or whom our devices communicate. Counterfeit, hacked, or cloned devices acting on a network can have significant consequences: for individuals through the leakage of confidential and personal information, in terms of monetary costs (for e.g. the loss of access to web services - Mirai attack on Dyn took down Twitter, Spotify, Reddit); or for critical national infrastructure, through the loss of control of safety-critical industrial and cyber-physical IoT systems. In addition, IoT devices are often low-cost, low power devices that are restricted in both memory and computing power. A major challenge is how to address the need for security in such resource-constrained devices. As companies race to get IoT devices to market, many do not consider security or, all too often, security is an afterthought. As such, a common theme in all realms of IoT is the need for dependability and security. The SIPP project aims to rethink how security is built into IoT processor platforms. Firstly, the architectural fundamentals of a processor design need to be re-engineered to assure the security of individual on-chip components. This has become increasingly evident with the recent Spectre and Meltdown attacks. On the upper layer of systems-on-chip (SoCs), hardware authentication of chip sub-systems and the entire chip is crucial to detect malicious hardware modification. Then, at the systems layer (i.e., multiple chips on a common printed circuit board), innovative approaches for remote attestation will be investigated to determine the integrity at board level. Finally, the security achieved at all hierarchical layers will be assessed by investigating physical-level vulnerabilities to ensure there is no physical leakage of the secrets on which each layer relies. The proposed project brings together the core partners of the NCSC/EPSRC-funded Research Institute in Secure Hardware and Embedded Systems (RISE), that is, Queen's University Belfast and the Universities of Cambridge, Bristol and Birmingham, with the leading academics in the field of hardware security and security architecture design from the National University of Singapore and Nanyang Technological University, to develop a novel secure IoT processor platform with remote attestation implemented on the RISC-V architecture.