Coventry University is training the cyber-security experts of the future in its ethical hacking laboratory. Danny Palmer speaks to senior lecturer Dr Siraj Shaikh to find out how
"We have a lot of focus on applied research and applied skills and tools and there's also emphasis on collaboration with colleagues on critical infrastructures such as transport," said Shaikh.
"Coventry University does very well in terms of research and teaching of transport, so there is an overlap there in terms of getting specialist knowledge."
That collaboration is certainly required as computer systems play an increasingly sophisticated role in critical infrastructure. While technology has provided massive benefits, it also means a security breach by malicious hack could cause chaos, especially if infrastructure is based on traditional systems.
"As systems converge in terms of data collection, in terms of sensing, in terms of data analysis, the typical usual threats that are there to our mobile phones, to our computer systems and cyber-space, they in a sense carry over to critical infrastructures as it becomes more automated, makes use of data, collects data, senses data," Shaikh told Computing.
"That element of it stays in terms of how we design this new critical infrastructure - whether it's transport systems, power grids - and the danger is that a lot of threats and vulnerabilities that we've had to traditional computer systems carry onward, because of similar problems with design, the vulnerabilities, user software and so on."
According to Shaikh, a key element in protecting systems from malicious attacks is design, arguing that currently for a lot of systems, security is somewhat of an afterthought.
"We really need to focus on how we can design systems better. Security is one of those things that is often added on, and that's not ideal; that's why a lot of systems fail. What we really need is for people to realise security needs to be understood, modelled and built in right from scratch."
Shaikh told Computing that it might take time, but the mind-set of security system designers needs to change, something the University of Coventry is attempting to play its part in with its ethical hacking lab.
"This will mean it will take years before our systems can cope with cyber-attacks, and I think that's why that mind-set needs to change. It will take time, we will stumble along, but there are some improvements in terms of skills," he said.
[Turn to next page]