From the 2019 terrorist stabbings in London to the WannaCry ransomware virus of 2017 (with damage across 150 countries estimated in the billions of dollars), defence and security has never faced so many worrying and novel challenges.
After all, it doesn’t take much to cause huge disruption in such an interconnected world – and not always in the ways we might expect.
Hollywood might think that terrorists like to hack into things to blow them up, but in real life, it can be rather more complex, as Alex Tarter (MEng Electrical and Electronic Engineering 2003) knows only too well.
As CTO-Cyber and Chief Cyber Consultant at Thales UK, Tarter also serves as a civil expert on cyber security for NATO’s Civil Emergency Planning Committee.
“It’s phenomenally difficult to cause anything to go bang,” he says. “But it is surprisingly simple to cause things to trip. Take a power station, for example. It would take a huge amount of skill and effort to cause physical damage to a power station, but there are plenty of ways that will cause it to trip and shut down safely.
"Likewise, it’s very difficult to interfere with the road network in such a way that you can actually direct traffic and cause things to crash into each other, but it’s easier than you might imagine to interfere and cause the system to glitch. And, often, that’s enough.”
Added to which, the threats the UK faces at home and abroad have intensified in scale, diversity and complexity, says Anita Friend, Head of the Ministry of Defence’s Defence and Security Accelerator (DASA).
They include: the resurgence of state-based threats and increasing competition; the undermining and destabilising of the international rules-based order; the rise in cyber-attacks; and the wider impact of technological developments.
“To counter these threats, we have to retain our strategic and technological advantage,” says Friend. “The only way we can achieve that is to be innovative – it’s absolutely crucial for our national security.”
DASA aims to improve the UK’s existing defence and security capabilities and find innovative solutions to key challenges, while generating economic value.
It takes the lessons of successful startups and applies them to security and defence thinking, providing innovators with access to funding, technical expertise, end users, and opportunities for collaboration to improve routes to commercialisation.
So, it makes sense for it to be based on the fourth floor of the I-HUB in White City, a facility that co-locates businesses, startups and entrepreneurs alongside Imperial’s extensive network of researchers, academics and other corporate partners.
The partnership between DASA and Imperial is led by Imperial’s Institute for Security Science and Technology (ISST), the interdisciplinary research hub that envisages, designs and coordinates the application of science and technology to answer pressing security challenges.
"We have to retain our strategic and technological advantage – the only way we can achieve that is to be innovative"
Anita Friend, Head of DASA
“It’s known as the triple-helix approach,” says Professor Deeph Chana, Co-Director of the ISST and Professor of Practice at Imperial College Business School. “In more normal times, it will again allow for collaboration and cross-pollination and watercooler moments, which you don’t always associate with the defence and security industry.
“We’re working with people and places who wouldn’t necessarily think of themselves as working in defence and security. We have close, regular engagement with companies such as Airbus, Rolls-Royce, Saab, Smiths Detection, BAE Systems, Wavestone and Northrop Grumman, and we previously hosted a NATO group of 30 people from 16 different countries. They chose to come to White City having seen the ecosystem that we’re building over there.”
Innovation flourishes through collaboration and a wide range of voices and perspectives, agrees Friend.
“It’s important that we challenge the status quo and that we have a mature and broad level of thinking throughout our organisation. This melting pot of skills and experience is essential to enable innovation.”
And that’s vital because unpredictable threats to vast, complex systems often require fresh, counterintuitive solutions, says Tarter.
“It’s next to impossible to remove all vulnerabilities in systems, as they involve hundreds of millions of lines of code,” he points out. “If we can’t design out all the vulnerabilities, if the threat changes too quickly for us to adequately deploy resources against it, then the only thing left is how to minimise the impact.”
Netflix, for example, might seem like an unlikely pioneer of such solutions. But its engineers use what’s known as ‘chaos engineering’ to protect their systems.
“Netflix realised that, at some point, one of their engineers was inevitably going to misconfigure something and cause a system to crash,” says Tarter.
“So, they send out a programme that randomly picks a server and intentionally turns it off – they call them ‘chaos monkeys’.
"The engineers don’t get to decide when that happens. The system is now designed to take account of someone randomly pulling the plug – and, over time, that’s become phenomenally reliable.
"It also means that any attacks attempting to do something similar are also not so much of an issue, as the impact they will cause is minimal.”
Chaos engineering is just one example of a security solution that isn’t sector-specific.
“That’s the approach that we want to go towards in the future – looking at all of these problems as an abstraction and not worrying about the specific industry too much,” says Chana.
“You realise that many industries are doing the same thing. For example, I recently worked on a digital money index project funded by Citibank at the Centre for Financial Technology, where I’m the co-director.
“We are trying to take in data feeds about different countries that tell us which country is ready to have a digital banking infrastructure and transform into a purely digital banking entity.
"That involves us taking structured and unstructured data from multiple sources running algorithms, coming up with a mathematical way of actually analysing that data and then writing that up in an algorithm. That’s not necessarily a direct security issue. But once we are able to generate these indexes and measures, we could also look at infrastructure resilience, for example, or cyber-security readiness.”
"It’s difficult to cause anything to go bang, but surprisingly simple to make things trip"
Alex Tarter, (MEng Electrical and Electronic Engineering 2003)
Another project developed a two-stage machine-learning algorithm to detect network traffic in a cyber-physical system – a factory, for example, with a mixture of computing and physical systems.
The aim was to monitor the network traffic between the various components and detect bits of information that could be potentially dangerous, a method that’s easily applicable to other situations.
Chana has also worked on CrowdVision, a crowd analysis technology startup originally designed to monitor the movement of pilgrims at Mecca. Pivoted to the transport sector, it has also been used at London City Airport to monitor how quickly people were being processed through the security checkpoint. This helps avoid overcrowding and can also check to see if the security value of those checks is being undermined because people are being rushed through.
Whatever the threat to a nation, Chana believes the solution is the same: convergence of domains and disciplines, diversity of thought, and an end to silos.
“We’re looking to create a new way of driving innovation in security and defence that cuts across infrastructure resilience, from cyber security to physical security,” he says.
“If you’ve got new problems, and the current global COVID-19 crisis is a prime example, then you need to look for solutions in new areas.”
Imperial is the magazine for the Imperial community. It delivers expert comment, insight and context from – and on – the College’s engineers, mathematicians, scientists, medics, coders and leaders, as well as stories about student life and alumni experiences.
This story was published originally in Imperial 49/Winter 2020–21.