Tag: ISST

Meet the ISST’s research team

In 2024, the ISST welcomed Dr Cathy Mulligan (Advanced Research Fellow) and Dr Gareth Tear (Postdoctoral Research Associate) to the growing team. Over the coming months, Cathy and Gareth will work with our leadership to drive towards the institute’s vision of a more secure and resilient world.

We sat down with Cathy and Gareth to find out more about their backgrounds and hopes for the months ahead:

Can you tell us a bit about your background and experience in security and/or resilience?

Cathy Mulligan: I’ve been on a fantastic journey of using digital technologies to build a more sustainable and resilient world for well over a decade now. It all started back when I was working as an engineer in Stockholm and was sent as technical support on the 2005 Beringia research trip to the North Pole on an ice breaker.

That moment inspired me to pursue a Master’s in Engineering for Sustainable Development and a PhD at the University of Cambridge. Since then, I’ve been lucky to lead exciting sustainability and resilience projects across India, Malaysia, the UK, the EU, and Australia, focusing especially on “community-based resilience”. This has included spinning out start-ups, research, being a Fellow at the World Economic Forum and member of the UN High-Level Panel on digital cooperation. It’s been a rewarding adventure, blending innovation with meaningful impact, and I have developed a network of truly wonderful collaborators from all walks of life across the world. Many days, I cannot believe how lucky I have been.

Gareth Tear: I completed my PhD in physics, looking at how transparent materials respond to shock and impact, under the supervision of Dr Bill Proud. Bill is the academic co-director of the ISST’s MSc Security and Resilience course, as well as a Security Science Fellow. I did my postdoc in the same group, this time investigating concrete in multiple impact scenarios. After that I co-founded Synbiosis, a start-up developing and innovating novel armour materials. In short, I’ve been in security research, development and commercialisation for a while now!

Cathy on a boat during her polar expedition, with the sun setting in the background
Cathy aboard the ice breaker during the Beringia expedition

Why did you want to join the ISST?

CM: Like Gareth, I’ve been around the ISST for a while now, first with the institute many years ago. I worked on the economics of cybersecurity and was Co-Investigator for the Cloud Intelligent Protection at Run-Time (CIPART) grant, for which Professor Emil Lupu was PI. I was drawn to the team’s cross-disciplinary approach to tackling crucial topics related to security and resilience, and the fact that I had worked with several of the academics before. I love the idea of bringing together different perspectives to solve real-world challenges—it’s like creating a puzzle with pieces from every field.

As someone with a strong background in telecommunications, I’m excited to contribute to discussions in that space, especially around my latest book on 5G Advanced core network. I’ve spent much of my career bridging disciplines as an interdisciplinary researcher, and the ISST provided the perfect environment to keep exploring how we can work together to tackle big challenges.

GT: I feel strongly aligned with the institute’s mission and vision. I don’t think there are many others looking at security and resilience in the global, ‘big picture’ context, something that is becoming increasingly important as the world experiences a vast range of security crises across interconnected industries.

I also really like research and understanding new ideas and concepts. At Synbiosis, I had to learn about the manufacturing to market journey for defence technology – including IP law, supply chains and interactions with buyers. I saw how challenging this is to navigate for start-ups and individuals wanting to contribute to the defence industry. I think the ISST and its network of experts can positively affect how the industry operates, as well as other areas of scientific research and technological innovation related to security.

Watch Gareth on an explosives course where they were measuring safe separation distances between sticks of dynamite.

What would you say are the most significant security-related challenges in your field that we should be focusing on in the next 5-10 years? How do you think the ISST’s work can/should contribute to addressing these?

CM: The next decade is going to be thrilling for those involved in security. Geopolitical and technical shifts are dramatically changing the landscape nearly every day.

We’ll need to tackle challenges like the rise of quantum computing, our increasing dependence on digital technologies, and the urgency of adapting to climate change. The silver lining? Digital technologies can be part of the solution if we use them wisely.

We also need a complete redesign of engineering education as the reliance on mega-infrastructures becomes more susceptible to the impacts of climate change in the longer term. To get there, we need bold moves—like completely rethinking how we educate engineers and designing systems that empower communities instead of relying on these fragile mega-infrastructures. The ISST can play a pivotal role by driving cutting-edge research, fostering collaboration, and inspiring the next generation to think outside the box.

GT: As I’ve mentioned, there are considerable difficulties in manufacturing in the defence industry. It seems like processes and systems haven’t progressed in decades. This causes problems for new players who innovate and can drive the industry forward. Ultimately, we don’t see the advances we need to address global security issues.

Furthermore, risks to supply chains and critical resources increase significantly due to their interconnectedness. Not only do we need to drastically improve the resilience of physical mega-infrastructures as Cathy already touched upon, we need to tackle how the health and social care system, food stocks and our energy capacity respond to shocks.

I think the ISST is uniquely placed to understand and shape the solutions to these problems. Our international and interdisciplinary network is extremely well-placed to create more flexible, resilient and effective ways of working, not just in defence manufacturing but any system societies rely upon for security.

What do you hope to achieve at the ISST?

CM: I want to deliver top-notch research and insights that help people live joyful, fulfilling lives while reducing our environmental impact. It’s all about building a future that’s sustainable, secure and full of possibilities!

GT: I’m currently working on a practical module for the MSc Security and Resilience course. I think it’s essential that the next generation of security professionals apply the theory they learn about.

In terms of research, I’d like to contribute to a better equipped defence manufacturing sector that ensures innovators in the industry thrive.

I’d also like to support start-ups at the White City Innovation Ecosystem and NATO DIANA in the development of novel defence technology. We’re already applying for EU funding that will hopefully push this ahead.

Can you share a ‘fun’ fact about yourself?

CM: I set out to write just one book in my lifetime. Somehow, I’ve ended up writing nine! Life has a funny way of exceeding our expectations, doesn’t it?

GT: One of my hobbies is trampolining. I’m working towards doing a double-back somersault.

The Resilient Renewable Society Summit: a student perspective

On 23-24 September 2024, Imperial College London’s Institute for Security Science and Technology (ISST), Department of Civil and Environmental Engineering and EIS Council hosted the Resilient Renewable Society (R2S) Summit. Emily D’Agostino, a student in the MSc Security and Resilience: Science and Technology 2024/25 cohort, attended the event and shares her insights.

Until a few weeks ago, I was a cybersecurity engineer with the United States Federal Government, responsible for the security of a suite of APIs within the DevOps cycle. I very recently paused my career in federal cybersecurity, moving from the United States to London to pursue the MSc in Security and Resilience: Science and Technology with the Institute for Security Science and Technology (ISST) at Imperial College London.

Furthering my cybersecurity career

I chose to pause my career in favour of postgraduate education because I ultimately seek to become an industry leader in cybersecurity standards, which will require a strong understanding of constantly evolving technology to effectively create secure governance. This programme will strengthen my understanding of cybersecurity technologies, bridging my foundational gaps through taught disciplines, solidifying my foundational education before I am trusted to lead in the industry.

In addition, as an American cybersecurity professional, I have only practiced cybersecurity from an American perspective, with American technologies, regulations, and frameworks. As a global issue, cybersecurity governance deserves a well-rounded understanding, deriving from diverse viewpoints. An international study of this discipline will achieve a multifaceted understanding, representative of the ubiquity of cybersecurity governance.

Beyond cybersecurity

Prior to starting the course, I attended the Resilient and Renewable Society (R2S) Summit to familiarise myself with the current landscape of security and resilience, as well as hear from the field’s leading experts. This event not only provided an excellent networking opportunity, but also allowed me to meet current and prior students of the same discipline, my future professors, and gain valuable insights into their research and perspectives. The R2S Summit introduced me to concepts of environmental, political, electrical, and infrastructural resilience, which broadened my understanding of security and cybersecurity during catastrophic scenarios.

Coming from a technology background, I often lack consideration of the physical infrastructure which supports our technical systems. Without a resilient physical foundation, our networks and the digital capabilities they enable would not exist. In federal cybersecurity, a resilient and renewable society translates to strong, impenetrable national defences against domestic terrorism and state-sponsored attacks, among other threats. With the increasing prevalence of cyber warfare, it is more critical than ever to consider the necessary precautions to safeguard national security, especially during catastrophic events.

Highlights from the event

I found Professor Washington Yotto Ochieng’s (Interim Director, ISST) discussion particularly interesting. Professor Ochieng spoke about the increasing reliance on intelligent machines and the associated risks. Maintaining the systems which power these intelligent machines, Professor Ochieng presented how disruptions due to extreme weather events, software failures/incompatibilities, or political instability could lead to downstream disastrous outcomes in our current technology-dependent world.

Later, Dr Shlomo Wald (Chief Executive Officer at TAW) presented the resilience challenges faced by the Jordan Valley. This region, grappling with both climate change and political conflict, has an urgent need for regional collaboration through fully automated microgrids to improve access to electricity and the internet.

I am humbled by the opportunity to pursue the MSc in Security and Resilience: Science and Technology at Imperial College London, where I will study and research the future of security and resilience of this constantly evolving world. As reliance on Cyber-Physical systems grows, as does the corresponding attack surface. At Imperial, I aim to engineer resilient technology and strategies that can withstand present and future threats, technological advances, environmental changes, and geopolitical instability for a safer, more secure future.

Connect with Emily on LinkedIn

Improving engagement with gaming

Article written by Florian Pouchet: Senior Manager and Head of Cybersecurity and Operational Resilience for Wavestone UK with 15 years of experience in cybersecurity management consulting. Florian is responsible for building and leading teams to deliver high quality advisory services and growing Wavestone’s business in the cybersecurity and operational resilience space. He has provided oversight on a number of engagements including cybersecurity remediation programmes, IAM strategy and global deployment, crisis management exercises and security assurance in agile development processes.

 

 

Users play a massive role in detecting cybersecurity threats and attacks. Our CERT’s 2021 incidents report showed that more than half of major cyber incidents had been picked up by users before security solutions and monitoring was triggered.

As a consulting firm that helps our clients make their most strategic decisions, Wavestone wants to empower users to identify suspicious activity. In such time-sensitive events, every minute matters: a ransomware could encrypt most of your data/IT in less than an hour! So, how to make sure users have the skills and practice to handle a cybersecurity crisis? One solution might surprise you: gaming.

 

Why do we need to be trained?

When an incident escalates into a crisis, we need both the skills and practice to handle it. I don’t know about you, but I prefer to live most of my life out of crisis mode. Without a regular training, I wouldn’t have the right reflexes and reactions to make the right decisions and make my organisation more resilient.

Also, the pandemic weakened our cyber “herd immunity”. As we are going back to the office or in a flexible working situation, we are by ourselves more than before. It offers more time to focus, but we lose the benefit of learning from others around us. Being fragmented like this, weakens our ability to react and respond effectively as a group and help each other, with regards to cyber incidents and crisis response.

But the standard for mandatory training, due to regulations, is sadly a dull, online tick box exercise that you just want to get done and forget the moment you finish…

What if we could learn and enjoy it at the same time?

 

Level up your training

What about games makes them a great tool to train?

  • The novelty: It’s human nature to be excited by something new. That peak of interest (and spike of dopamine) increases focus, which is perfect for absorbing and learning new things
  • The competition and challenge: The gamified setting creates a fun experience and a memorable journey. In turn, these memories are anchor points for lessons learnt and will stick around after the course. Those “oh yes, I really shouldn’t use my children’s names as passwords, that’s how my colleague got hacked” moments.
  • The reward: Whether it’s just bragging rights or a more material reward, it gives a sense of achievement and incentivizes players to commit to the game.
  • In certain settings, games can help break diversity barriers: anyone could be behind an avatar. There’s no discrimination against your gender, ethnicity, etc. You are just another player.

The gamification trend we saw a decade ago was largely about adding a scoring system or leaderboard to any activity. This was a good start, but I believe it is time for the next level of the training, and by that, I mean creating an immersive experience.

Wavestone has been running cyber escape games for a couple of years, with more enthusiasm from participants each year. With a set of accessories and devices, we turn a simple office room into an escape game. One scenario puts the players in the shoes of attackers: ill-intended fraudsters posing as a startup seeking investment.

They are left unattended in the office before a presentation with the investors and told: “You have 20 minutes to leverage the environment, gain access to the laptops in the room and commit a fraud”. There are even fake social media accounts that players can access through their phones. This really increases the immersion! By seeing an attack from the other perspective, players better understand how their actions and systems could be leveraged against them, helping to build “reflexes” to avoid such a scenario.

In another context, we have been working with the Imperial College London / Business School Executive Education programme to teach security in agile software development. We used typical creative thinking workshop materials but went a step further by delivering the activities in the format of a popular TV show. This familiar format eases the learning curve for players and adds excitement and competition to the mix.

Lastly, we run super-realistic crisis exercises, where we leverage our incident response experience to present life-like scenarios. The greater degree of immersion helps teams appreciate the challenges of a real crisis. For instance, having technical details about systems affected by a cyber-attack speaks to IT teams, but may be a challenge for board level executives. In such a scenario, board executives would have to have a conversation with IT teams in order to translate technical details into business impacts, before being able to take a decision. These are “realistic role-playing games”, where players play their own job in the story.

 

Not just training

The utility of games extends well beyond training and cybersecurity.

  • Collaboration: WorkAdventure is a conference tool that uses a gamified interface, with a pixelated visual style that resembles games from the 1990s. It emulates a location and you are represented by an avatar. You can move around freely in that location, and when you get close to a group of people, it automatically adds you to a video conference call to talk with that “circle”. A colleague rebuilt one of our office floors, and with this we could virtually wander around the office and replicate our habits of “going to join that conversation/group of people” to talk during lockdown.
  • Recruitment: Wave Game is an event we run every year to attract passionate cyber talents, by creating a competition between major French universities. Participating students, in teams, are presented various challenges requiring technical and analytical skills, all wrapped up in a story inspired by the work we do with our clients. They have fun solving these challenges, and it serves as a first step of the recruitment process if they wish to apply.
  • Science: Fold.it is a puzzle game that leverages the player solutions to drive research in the field of protein structure prediction. Similarly, in 2020 EVE Online added a mini-game which advanced COVID-19 vaccine research!

 

Now it’s your turn. Can you think of an essential but dull activity? Why not add gaming elements, and see the benefits of improved engagement yourself?

 

Wavestone is a global transformation consultancy, focused on delivering business improvement and transformation. Our mission is to work in partnership with technology and business leaders to design and deliver successful change, innovation, cyber security, and operational resilience.  We deliver our most critical transformations on the basis of a single, central, conviction that a shared sense of enthusiasm is at the core of successful change. That’s what we call “The Positive Way”. We bring together more than 3,600 employees across 8 countries, amongst the leading independent firms in consulting in Europe, and the n°1 independent consulting firm in France. Wavestone is one of Imperial College London’s industry partners in the ISST Innovation Ecosystem.