The need for better support to deal with the threats of cybersecurity is undisputed. Organisations are faced with an ever growing number of malware and integrated malware attack tools, attempted attacks on infrastructure and services, an increasing number of insider attacks, and advanced persistent threats for high-priced assets. Dealing with such threats requires that organisations have ICT staff that is at least familiar with cybersecurity issues and preferably has actual skills in cybersecurity regardless of the role of such staff. Likewise, management and decision makers need to be aware of cybersecurity issues and reflect these in their actions. Large organisations often have a Chief Information Security Officer (CISO) who deals with the operational and strategic issues of cybersecurity for his or her organisation. But SMEs typically cannot afford a role with such oversight on cybersecurity, which makes them especially vulnerable. The scale and diversity of cybersecurity issues that an organisation faces means it cannot possibly consider each single vulnerability of its systems against each credible or potential adversary whose presence would turn a vulnerability into an actual threat. A CISO or decision maker, though, needs to have a fairly abstract view of all this complexity where the choice of abstraction is not driven by technical aspects but by modalities such as risk, compliance, availability of service, and strategy. This view often has to take into account the cybersecurity of external or partner organisations, which is problematic as organisations are reluctant to share such sensitive information. Therefore, a CISO or decision maker needs a representation of relevant internal or external systems and services that allows him or her to make decisions of either operational or strategic nature. The uncertainty expressed in such abstractions is typically probabilistic or strict in nature. For example, a bank may have a good idea of the probability that a given teller machine has a corrupted external interface that clones inserted bank cards, based on past history, location of the machine and so forth. Strict uncertainty often relates to threats for which no (or insufficient) historical information is available to estimate probability distributions, or it is used to express the combinatorial nature of a problem, for example the different orderings in which one may schedule critical tasks. This project brings together research leaders in machine learning, robust optimisation, verification and cybersecurity to explore new modelling and analysis capabilities for needs in cybersecurity. The project will investigate new approaches for modelling and optimisation by which cybersecurity of systems, processes, and infrastructures can be more robustly assessed, monitored, and controlled in the face of stochastic and strict uncertainty. Particular attention will be paid to privacy: new forms of privacy-preserving data analytics will be created and approaches to decision support that respect privacy considerations; for corporate confidentiality, we will invent foundations that enable different organisations to model and analyse cross-organisational cybersecurity aspects whilst respecting the type of privacy inherent in organisations' confidential information by establishing appropriate information barriers.

The UK RDRF brings together a number of research strands funded under the DET, EPSRC and ESRC portfolios over the last decade to create a national facility to tackle the vexed question of regional competitiveness and rebalancing the UK economy. Following the Scottish referendum there have been renewed calls for greater devolution to regions and core cities. This facility will bring together the big economic data and construct the high resolution models needed to support policy makers at national, regional and local level. It will innovate by building together a model of the fixed stock of buildings, including housing, commercial, warehousing and manufacturing, with a network model of key infrastructure. This will allow analysis of which policy nudges might be expected to overcome the inertia present in the historic geography of the UK. It will allow a common framework of data and evidence ti be used by regional and local policy professionals wishing to evaluate policy options. The whole facility is built on the opportunity created by CDT funding to develop a cohort of evidence based policy professionals and analysts to support the needs of a more devolved form of planning. We aim to support the creation of a 'community of practice' based on access to big economic data and open source analysis and modelling tools. We will host workshops and networks to spread best practice and create some institutional glue amongst the people concerned. Finally, we will engage local communities in the debate and bring the same evidence and tools to the public at large through crowd science and in-the-wild research engagement.

Compared to many parts of the world, the UK has under-invested in its infrastructure in recent decades. It now faces many challenges in upgrading its infrastructure so that it is appropriate for the social, economic and environmental challenges it will face in the remainder of the 21st century. A key challenge involves taking into account the ways in which infrastructure systems in one sector increasingly rely on other infrastructure systems in other sectors in order to operate. These interdependencies mean failures in one system can cause follow-on failures in other systems. For example, failures in the water system might knock out electricity supplies, which disrupt communications, and therefore transportation, which prevent engineers getting to the original problem in the water infrastructure. These problems now generate major economic and social costs. Unfortunately they are difficult to manage because the UK infrastructure system has historically been built, and is currently operated and managed, around individual infrastructure sectors. Because many privatised utilities have focused on operating infrastructure assets, they have limited experience in producing new ones or of understanding these interdependencies. Many of the old national R&D laboratories have been shut down and there is a lack of capability in the UK to procure and deliver the modern infrastructure the UK requires. On the one hand, this makes innovation risky. On the other hand, it creates significant commercial opportunities for firms that can improve their understanding of infrastructure interdependencies and speed up how they develop and test their new business models. This learning is difficult because infrastructure innovation is undertaken in complex networks of firms, rather than in an individual firm, and typically has to address a wide range of stakeholders, regulators, customers, users and suppliers. Currently, the UK lacks a shared learning environment where these different actors can come together and explore the strengths and weaknesses of different options. This makes innovation more difficult and costly, as firms are forced to 'learn by doing' and find it difficult to anticipate technical, economic, legal and societal constraints on their activity before they embark on costly development projects. The Centre will create a shared, facilitated learning environment in which social scientists, engineers, industrialists, policy makers and other stakeholders can research and learn together to understand how better to exploit the technical and market opportunities that emerge from the increased interdependence of infrastructure systems. The Centre will focus on the development and implementation of innovative business models and aims to support UK firms wishing to exploit them in international markets. The Centre will undertake a wide range of research activities on infrastructure interdependencies with users, which will allow problems to be discovered and addressed earlier and at lower cost. Because infrastructure innovations alter the social distribution of risks and rewards, the public needs to be involved in decision making to ensure business models and forms of regulation are socially robust. As a consequence, the Centre has a major focus on using its research to catalyse a broader national debate about the future of the UK's infrastructure, and how it might contribute towards a more sustainable, economically vibrant, and fair society. Beneficiaries from the Centre's activities include existing utility businesses, entrepreneurs wishing to enter the infrastructure sector, regulators, government and, perhaps most importantly, our communities who will benefit from more efficient and less vulnerable infrastructure based services.

Broad ThemesCrime and terrorism threaten States, businesses and individuals; they increasingly exploit technology, sometimes more effectively than the security forces that oppose them. Our proposed Security Science DTC aims to promote fundamental science and research but to do so in a training environment that will provide a broader understanding of these threats; the pace at which they evolve, and the extent to which holistic responses are increasingly required if we are to contain them or to recover more rapidly from attack. We aim to prepare a future generation of security scientists better able to face these rapidly emerging new threats in crime and security. To do so this DTC will catalyse a truly interdisciplinary research effort that brings together multiple domains in security science to focus on the physical and cyber security of the State (borders and critical infrastructures, broadly construed, including financial, transport, energy, health and communication), business and the individual. Need and impact on the research landscape Science and technology have been utilized to protect against the threats outlined above, yet it is now widely accepted that security must be integrated, with a much greater awareness of the environmental operating contexts. This need has been expressed by governments (through policy papers and the creation of new bodies with interorganisational mandates such as the Serious and Organised Crime Agency), industry (through their increasing engagement with academic institutions to develop a new generation of security technologies that take into account factors such as behavioral response and ethical sensitivity) and research councils (eg. through their new 'Global Uncertainties: Security for all in a changing world' programme which cuts across all research council remits). The EPSRC is in an ideal position to invest in a national DTC where a critical mass of researchers can foster innovation and encourage and nurture an integrated systems approach that recognizes the importance of environmental context, human factors, and public policy to security solutions. This vision is based on the observation that the benefits of introducing advanced technologies into the security arena are significantly enhanced by engagement with the broader social, political and economic contexts within which those technological solutions apply. It is clear that disciplines as far apart as psychology and electronic engineering should come together in new ways to combat security threats in a holistic manner. This enhanced sensitivity to interconnectedness and multidisciplinary will lead to more effective science and encourage synergies to develop, increase knowledge transfer and facilitate engagement with end-users. Security is a challenging domain that drives adventurous research in a wide range of disciplines represented in this proposal (e.g. cryptography, radiation physics, nanotechnology). A DTC that helps secure the future supply of researchers with strong links to and appreciation of problems in the security context will help support the long term vigour of these disciplines. The DTC will also provide the UK with a hub to spark synergistic collaboration with other centres working in these areas such as the US Centres for Excellence (eg. National Consortium for the Study of Terrorism and Responses to Terrorism (START), University of Maryland). We further believe that this DTC in integrated security science will act as a prototype for future similar activities around the world. Ultimately, research associated with this DTC will help to position the UK as the international leader in the development of a uniquely equipped generation of security scientists, delivering innovative research to meet one of society's greatest challenges.

The 2015 UK National Security Strategy identifies cyber security as one of the top four UK national security priorities. The UK National Cyber Security Strategy 2016-2021 (NCSS) has an underlying vision to make the UK secure and resilient to cyber threats, prosperous and confident in the digital world. It is widely recognised that the UK, indeed the world, is short of cyber security specialists. Cyber security is genuinely cross-disciplinary. It's about technology, and the networks and systems within which technology is deployed. But it's also about society and how it engages with technology. Researching the right questions requires researchers to fully understand the integrated nature of the cyber security landscape. A CDT provides the perfect vehicle within which suitably broad training can be provided. The establishment of a cohort of researchers with different backgrounds and experience allows this knowledge to be cultivated within a rich environment, where the facts of hard science can be blended with the perspectives and nuances of more social dimensions. While society has made progress in developing the technology that underpins security, privacy and trust in cyberspace, we lag behind in our understanding of how society engages with this technology. Much more fundamentally, we don't even really understand how society engages with the concepts of security, privacy and trust in the first place. We will host a CDT in Cyber Security for the Everyday, which signals that research in our CDT will focus on the technologies deployed in everyday digital systems, as well as the everyday societal experience of security. Research in our CDT will investigate the security of emerging technologies. As cyberspace continues to evolve, so, too, do the technologies required to secure its future. Research topics include the cryptographic tools that underpin all security technologies, the security of the systems within which these tools are deployed, the use of artificial intelligence to aid discovery of system vulnerabilities, and security and privacy of everyday objects which are becoming embedded in cyberspace. Our CDT will also research how to secure cyber societies. Securing increasingly networked, automated, and autonomous societies requires an integrated research approach which engages the social, technological, cultural, legal, social-psychological and political on equal terms. Research topics include exploring state, institutional and corporate responsibility over how information is gathered and used, investigating how cyber security is perceived, understood and practiced by different communities, and researching how social differences and societal inequalities affect notions of, and issues relating to, cyber security. Our training programme will be based around a suite of relevant masters programmes at Royal Holloway, including in Information Security, Geopolitics and Security, and Data Science. This will be supplemented by workshops, practice labs, and a comprehensive generic skills programme. Students will work closely with the wider cyber security community through a series of industry engagement sessions and visits, summer projects, and three-month internships. Peer-to-peer learning will be fostered through group challenges, workshop design and delivery, reading groups and a social programme.