Imperial sets out cyber security research priorities

L-R: Professor Chris Hankin, Dr Soteris Demetriou and Professor Emil Lupu at the ACE-CSR annual conference

Imperial commits to secure, resilient and intelligent software systems through its world-leading cyber security networks and research institutes.

Through the Institute for Security Science and Technology (ISST), Imperial College London has been a National Cyber Security Centre Academic Centre of Excellence in Cyber Security Research (ACE-CSR) since 2012. To attain this status, ACEs must produce high-impact research and publications, as well as demonstrate sustained commitment and investment to cyber security research.

In January 2025, Dr Soteris Demetriou (Director of the ACE-CSR, Department of Computing), Professor Chris Hankin and Professor Emil Lupu (Department of Computing) attended the annual ACE-CSR conference at Lancaster University.

Also in attendance were PhD students Maja Lie (supervisor Professor Cong Ling, Electrical & Electronic Engineering); Bachir Bendrissou (co-supervised by Professor Cristian Cadar and Professor Alastair Donaldson, Computing); Jacob Yu (co-supervised by Professor Alastair Donaldson and Associate Professor (Reader) Nicolas Wu, Computing); and Cenxi Tian (supervised by Associate Professor (Senior Lecturer) Soteris Demetriou, Computing).

Cyber security is a national priority

Imperial College London is a leading UK university in cyber security research, demonstrated by our status as an Academic Centre of Excellence in Cyber Security Research (ACE-CSR). The ACE-CSR programme is run by the National Cyber Security Centre (NCSC) which sits within GCHQ.

In its 2024 annual review NCSC Director, Anne Keast-Butler, says the “pace and scale of technological change shows no sign of slowing down” and that although new technologies such as AI and quantum computing present brilliant opportunities, significant security threats arise when they are utilised with malintent. Keast-Butler accepts that such innovations will soon be embedded in everyday life and asserts that these should also be employed in cyber defence strategies to protect people, businesses and infrastructure.

The path ahead

Speaking at the ACE-CSR conference, the NCSC’s Deputy Chief Technology Officer, Peter Haigh, called upon research institutions and the wider UK cyber security industry to drive forward its objective of "no cyber harm" by:

• Building up an independent body of evidence to drive investment in, and acceptance of, cyber security
• Researching the efficacy of adoption of cyber security recommendations
• Promoting good practice and collaboration
• Working with and supporting critical national infrastructure industries

Existing and future challenges encompass technical and socio-technical aspects of cyber security. It is therefore crucial that the UK’s research agenda brings together scientific, economic, business, behavioural and public policy expertise to establish effective cyber security regulations.

The NCSC sets an example through its four research institutes, each of which focus on a different area: cyber-physical systems; sociotechnology; trustworthy software systems and  hardware security. Each institute undertakes projects relevant to their area of expertise and convenes specialists to feed into the national cyber security agenda.

Imperial’s contributions, delivered by ISST, RITICS and VeTSS

The Imperial ACE-CSR is hosted through the Institute for Security Science and Technology (ISST) which provides operational support for the centre as well as a network of skilled and experienced interdisciplinary professionals from Imperial and beyond, such as its honorary colleagues and Innovation Ecosystem.

In addition, Imperial is home to two of the NCSC’s research institutes: Research Institute for Trustworthy Inter-Connected Cyber-Physical Systems (RITICS) and the Research Institute on Verified Trustworthy Software Systems (VeTSS). The work of these institutes is integral to Imperial’s recognition as a world-leading hub for cyber security research.

RITICS, coordinated by the ISST, carries out its own research projects, runs a fellowship programme, and supports academics and industry professionals in advancing our understanding of cyber-physical threats and developing solutions for critical systems.

At a recent showcase, RITICS fellows shared their ongoing work on establishing operational technology (OT) penetration testing best practices, security assurance for cyber physical systems and security of cyber physical assets. This work is key to effectively creating and promoting secure systems in critical national infrastructure.

VeTSS is jointly hosted by Imperial (director, Dr Azalea Raad) and the University of Surrey (director, Professor Brijesh Dongol) and ensures research into software considers national security threats and challenges. VeTSS’ work drives forward innovations in program analysis, testing, and verification.

VeTSS have collaborated with industry partners such as Google, Meta, Microsoft, ARM and nVIDIA. Such investment underscores how valuable trustworthy software systems are to multinational corporations, and their impact on our day-to-day lives globally.

What next?

Director of Imperial College London’s ACE-CSR, Dr Soteris Demetriou, explains that the main focus of this Centre is to be an international leader in the research and design of novel technologies and solutions for secure, resilient and intelligent software systems.

Our people, who are pioneers in their respective areas, are our main asset and Imperial will support its Centre’s members in achieving their ambitious goals while advocating for sustainable growth of our cyber security research portfolio. 

Moreover, our research focus will have AI at its core. Given the rapid advancements in AI there are ever increasing risks and opportunities that come with it. Our research expands on areas related to the security and privacy of AI and other emergent systems, while tackling challenging problems across areas of cyber security by leveraging AI methods.

Lastly, through the ISST, the ACE-CSR will engage with experts in areas beyond cyber, addressing issues in the wider security landscape including people and infrastructure safety. Truly secure systems require interdisciplinary research and collaboration.

Dr Demetriou adds:

“The ACE-CSR conference brought up issues of significant national importance, including the increasing cyber security threats to academic institutions, enterprises and national infrastructure.

“Imperial’s ACE-CSR will seek opportunities to work with the government to inform cyber security regulations and policies. We will work to enable the co-design of novel resilient systems, developing strategic partnerships with industry stakeholders responsible for cyber infrastructure used by UK citizens and enterprises, including social networks, mobile platforms, and critical industrial control systems, amongst others.”

If you are looking to collaborate with Imperial College London on cyber security research, contact Dr Soteris Demetriou.

If you are interested in pursuing a PhD, find out more about potential supervisors on the Imperial ACE-CSR website.