Cyber expert joins ISST to work on critical infrastructure security
The Institute for Security Science and Technology recently welcomed Dr Martin Barrere Cambrun, bolstering work on critical infrastructure security
Max Swinscow-Hall caught up with Martin to find out more.
What are your expertise and background prior to joining us?
My areas of expertise are mostly computer networks and cyber security.
Prior to joining the ISST, I worked as a post-doctoral researcher in the Resilient Information Systems Security (RISS) group in the Department of Computing, Imperial College London. There I focused on new approaches to deal with attack graph complexity, probabilistic and graphical security models, network and cloud security analysis, and forensics.
Outside of academia, I have previously worked as a CTO, a network and system administrator, and a software developer. I’ve also been involved in teaching activities for more than a decade in Uruguay, France, and the UK.
What are you working on here at the ISST?
I’ll mostly be working on the KIOS project, a multi-million euro research collaboration between Imperial College London and the University of Cyprus.
KIOS focuses on top-level research on the monitoring, control and security of critical infrastructures, such as power systems, water networks and transportation systems. All of these are referred to as cyber-physical systems.
What are cyber-physical systems?
Cyber-physical systems have the cyber world -- computers, networks, data, algorithms, etc. -- deeply integrated with physical elements and processes. It’s important to note that these often involve human actors as well. These systems usually form an ecosystem where both cyber and physical sides are strongly dependent on each other.
From a security perspective, an important point is that a cyber attack on one of these systems could have physical consequences. In addition, most of these systems usually present real-time availability constraints, which makes the design of security solutions much more challenging.
I am working on new methods to improve industrial control system security -- a type of cyber-physical system -- with a particular focus on simulation, monitoring and protection of national critical infrastructures, e.g. water treatment plants.
What are the challenges in securing cyber-physical systems?
While cyber security (i.e. IT security) broadly refers to the activity of protecting computer networks, systems and data from cyber attacks, cyber-physical security must take into account not only the cyber space, but also physical and human dimensions at different scales.
One of the main challenges is to rethink security from a new angle where cyber, physical and human aspects are integrated and understood as a whole. Typical IT security methodologies do not always work as cyber physical systems often involve outdated hardware, plus, responses are time critical, and human safety is also in the loop.
Protecting industrial control systems from cyber threats is a high priority as their compromise can result in a myriad of different problems, from service disruptions and economical loss, to jeopardising natural ecosystems and putting human lives at risk. For example, cyber attacks on these systems could lead to flooding, blackouts, or even disasters on nuclear power stations.
What are you most looking forward to?
I already met many of the members of the KIOS project and they are amazing people. I am sure we will have great results and will produce strong scientific advances in this domain.
Article text (excluding photos or graphics) © Imperial College London.
Photos and graphics subject to third party copyright used with permission or © Imperial College London.