Today, the University is recognised by GCHQ as an Academic Centre of Excellence in Cyber Security Research. We share the title with seven other UK Universities.
The aim of the scheme is to promote original research which helps to advance the state of the art: this means both getting such research done in the UK, and developing a pool of expertise for academia, government, and business. Wise and talented individuals are clearly crucial, and it’s a privilege to work with a large such group in Oxford.
The scheme is modelled after one which has been running in the USA for some time, fronted by the NSA. Their programme is extensive, and has other components – such as Centres of Excellence in Education, which we might expect to see here in the fullness of time.
Is close association with GCHQ a double-edged sword? They host the national technical authority for information assurance and so have a good idea of the kind of research which may be useful. In principle, they also have deep pockets (though not nearly as deep as those of their American counterparts mentioned above). On the other hand, universities will not stay excellent for very long if they are (or are seen to be) the patsies of the state. Happily, I think this is recognised by all sides, and we can look forward to some creative tension made possible precisely because our research is “outside the fence”.
There’s an interesting clash of mind-sets to hold in mind, too: the University is an open and exceptionally international place. Security research is pursued by people who have not just diverse skills but also a variety of affiliations and loyalties – in contrast to those who work in security for the State, who must generally be citizens or otherwise able to hold an advanced clearance. Having the one inform the other sets up tensions – all the more so if there is to be two-way flow of ideas. Perhaps an interesting topic of research for those in social sciences would be to ask what a “clearance” might look like in the cyber domain – if not based on citizenship, what might be the baseline for assuming shared objectives?
That is one of many cases which show that the concerns of Cyber Security clearly spread beyond the technical domain in which they first arise. Inter-disciplinary study is essential for the future of this topic. The next blog post will reproduce an article I recently wrote on the subject.