Today we use many objects not normally associated with computers or the internet. These include gas meters and lights in our homes, healthcare devices, water distribution systems and cars. Increasingly, such objects are digitally connected and some are transitioning from cellular network connections (M2M) to using the internet: e.g. smart meters and cars - ultimately self-driving cars may revolutionise transport. This trend is driven by numerous forces. The connection of objects and use of their data can cut costs (e.g. allowing remote control of processes) creates new business opportunities (e.g. tailored consumer offerings), and can lead to new services (e.g. keeping older people safe in their homes). This vision of interconnected physical objects is commonly referred to as the Internet of Things. The examples above not only illustrate the vast potential of such technology for economic and societal benefit, they also hint that such a vision comes with serious challenges and threats. For example, information from a smart meter can be used to infer when people are at home, and an autonomous car must make quick decisions of moral dimensions when faced with a child running across on a busy road. This means the Internet of Things needs to evolve in a trustworthy manner that individuals can understand and be comfortable with. It also suggests that the Internet of Things needs to be resilient against active attacks from organised crime, terror organisations or state-sponsored aggressors. Therefore, this project creates a Hub for research, development, and translation for the Internet of Things, focussing on privacy, ethics, trust, reliability, acceptability, and security/safety: PETRAS, (also suggesting rock-solid foundations) for the Internet of Things. The Hub will be designed and run as a 'social and technological platform'. It will bring together UK academic institutions that are recognised international research leaders in this area, with users and partners from various industrial sectors, government agencies, and NGOs such as charities, to get a thorough understanding of these issues in terms of the potentially conflicting interests of private individuals, companies, and political institutions; and to become a world-leading centre for research, development, and innovation in this problem space. Central to the Hub approach is the flexibility during the research programme to create projects that explore issues through impactful co-design with technical and social science experts and stakeholders, and to engage more widely with centres of excellence in the UK and overseas. Research themes will cut across all projects: Privacy and Trust; Safety and Security; Adoption and Acceptability; Standards, Governance, and Policy; and Harnessing Economic Value. Properly understanding the interaction of these themes is vital, and a great social, moral, and economic responsibility of the Hub in influencing tomorrow's Internet of Things. For example, a secure system that does not adequately respect privacy, or where there is the mere hint of such inadequacy, is unlikely to prove acceptable. Demonstrators, like wearable sensors in health care, will be used to explore and evaluate these research themes and their tension. New solutions are expected to come out of the majority of projects and demonstrators, many solutions will be generalisable to problems in other sectors, and all projects will produce valuable insights. A robust governance and management structure will ensure good management of the research portfolio, excellent user engagement and focussed coordination of impact from deliverables. The Hub will further draw on the expertise, networks, and on-going projects of its members to create a cross-disciplinary language for sharing problems and solutions across research domains, industrial sectors, and government departments. This common language will enhance the outreach, development, and training activities of the Hub.

Nettitude and Lancaster University are developing an ICS framework and network based appliance that will provide end users within complex supply chains the relevant knowledge and visibility of their key areas of risk. A common framework and approach will provide consistency across the supply chain and help identify the priorities and actions needed to ensure a robust security posture is maintained.

Organisations value their data. Security controls have historically been implemented around the environment in which data resides in order to bring the risk down to an acceptable level. The advancements in collaboration tools between businesses, use of cloud services, the borderless nature of our mobile work environments, and a reliance on 3rd parties - providing this secure ‘wall’ around your data can be very difficult. Modern cyber-attacks utilising readily available advanced threat intelligence, sophisticated malware and spear phishing techniques can penetrate traditional defences in a few steps. But as our data increases, keeping track of where it is and when it leaves our organisation becomes harder. One of the first challenges for many companies is knowing what data they need to protect, where it actually resides and who has access to it. In the last 6-12 months there has been a real shift in security thought leadership from simply preventing it from happening, to knowing when it does. When you do get hacked, how do you respond, contain the problem and recover? Stopping it from happening is no longer a realistic expectation. ‘Security in Depth’ is the starting point, but without a strategy around ‘Response in Depth’ organisations will only know a problem exists after it is too late. Current solutions attempt to secure the environment, but if the data gets out, how do you know where it has gone? Or when it went? Nettitude aim to address these issues through the development of a Data Loss Intelligence (DLI) prototype tool. This builds significantly on existing Data Loss Prevention (DLP) tools by tagging real data and providing control over this data to its owners after it has left their organisation. The control and intelligence gathered by the data itself on its journey will provide a unique approach to enhance incident response services based around log data collection and analysis. This additional capability will allow you to know and control your data.

This project will research and develop a continuous, AI assisted cyber assurance penetration testing platform for web and mobile applications. The outputs will also consider wider applications of AI/ML within other cyber domains.

The Nettitude ThreatReceivers (Cyber Deception Technology) project is designed to develop a cutting edge solution in detecting threat actors seeking to compromise critical assets and systems within financial services organisations and high threat environments. Deploying technology that will act as a decoy away from critical assets and systems and provide credible simulated environments for attackers to focus their time and effort on, whilst giving up valuable intelligence about their capabilities and methods.