GCHQ sets up £4.5m cyber vulnerability research institute

GCHQ has announced a second academic research institute to find new ways of analysing software automatically to combat cyber threats

UK communications intelligence agency GCHQ has announced a second academic research institute, which will find new ways of analysing software automatically to combat cyber threats.

The GCHQ group’s work is aimed at providing businesses, individuals and government with additional confidence that software will behave in a secure way when installed on operational networks.

Funded by a £4.5m grant, the new research institute is made up of teams from six universities and forms part of the government’s plan to increase the UK’s academic capability in all fields of cyber security.

The initiative enables leading UK academics in cyber security to work with industry security experts to tackle some of the toughest challenges in the field.

The institute is the second of its kind set up by GCHQ in partnership with the Research Council’s Global Uncertainties Programme (RCUK) and the Department for Business Innovation and Skills (BIS).

In September 2012, the government set up the first research institute in the science of cyber security to bring together academics in cyber security, mathematics and computer scientists across the UK

Science minister David Willetts said the second institute will build on the UK's global reputation for cyber security research and innovation.

“It complements wider work government is doing in partnership with academia and industry to boost the economy through improved cyber security,” Willetts said.

Universities in the second research institute were selected following a tough competitive process, in which they had to devise new research projects.

The projects addressed the key security challenges of vulnerability discovery, malware analysis and classification of code and improved defences and mitigations.

Last year, GCHQ, BIS and RCUK announced the award of Academic Centre of Excellence (ACE) in Cyber Security Research status to eight UK universities.

Also in the pipeline are plans for a scheme to recognise ACEs in Cyber Security Education, Certification of Cyber Security training courses and increased sponsorship of PhD research.

The ACEs and research institute initiatives are both aimed at harnessing the role that academia has to play in supporting the UK’s cyber security, but while the ACE initiative recognises existing areas of strength, the research institutes develop capability on strategically important topics.

Universities in the new research institute include:

  • Queen Mary, University of London, working with University of Kent and University College London;
  • University of Edinburgh;
  • Imperial College London;
  • University College London;
  • University of Kent working with University College London;
  • The University of Manchester.

Read more on Hackers and cybercrime prevention