Dr. Siraj Ahmed Shaikh is a Reader in Cyber Security in the Faculty of Engineering and Computing at Coventry University. He leads the Digital Security and Forensics (SaFe) Group. Siraj has been involved in researching large-scale distributed secure systems for over thirteen years.
Can you tell us a little bit about SaFe’s activities?
The SaFe Group was formed well over five years ago. I joined Coventry University in 2009, and since 2010 I have been leading the group. Our predominant interests are in cyber security and digital forensics. A lot of our work is applied in the area of transport (automotive and rail), critical infrastructures, and sophisticated cyber attack detection.
What are you currently working on?
Our current project is funded by the Rail Safety and Standards Board (RSSB). The project has a focus on modeling safety and security data dependencies in the rail sector. With progress towards digital railways, a better understanding of data in the railways sector is becoming increasingly important. We are working directly with a range of stakeholders including Network Rail, Transport for London, London Underground, Thales and more.
In terms of client base, can you say who the major people you are working with are?
Most of my work has been funded by either the UK Ministry of Defence (MoD) or EPSRC.
The MoD funded two of our projects, which are investigating intelligent control and guidance for autonomous vehicles. Jointly led with Prof. Dobrila Petrovic, this work addresses a key capability for the clients in the area of unmanned logistics and distribution.
EPSRC has funded some work in the logistics sector, where we are working with Ricardo and Unipart to investigate the reliable transportation of consignments. We also worked with the Department for Environment, Food and Rural Affairs (Defra) ,looking at the policy formulation for secure rapid diagnostics capability for animal disease in the UK.
More recently, I have also been working with various small and medium sized enterprises (SMEs), largely in the area of electronic surveillance, automotive information architectures and cyber security. Security matters at all levels. Mobile phones, computers, laptops – businesses rely on these things and increasingly SMEs are making better use of technology. Because they are small they take advantage of computers and laptops to deliver their services. Bigger companies have more capacity; if one computer fails they can buy another one.
How important is digital security to organisations?
Increasingly important as every day goes by! As more and more business functions and services go online, our dependency on computer networks and systems increases. Even critical systems, such as transport systems and power systems, are increasingly using all kinds of electronics. The more electronics we use, the more sophisticated we get in terms of processing and communication, But we also become more vulnerable.
Where do you see digital security research expanding into in the future?
The first area is what we call cyber-physical systems. These systems are where physical hard-wired systems, electronics and hardware converge with software and digital platforms. A good example is intelligent transport systems. The attack vectors are numerous and diversified, the vulnerabilities possibly compound, and the attackers have an increased motivation to target such systems. So security is more important ever before.
The second big development in cyber security is going to be cyber warfare. So, this is where nation states, like the US, UK and EU states, increasingly look at cyberspace as a frontier for cyber offense and cyber defence. Cyber offense is where people will use cyber attacks for attacking digital services and critical infrastructure, and cyber defence is to address such threats.
Can you explain the ethics behind teaching ethical hacking to students? How do you know you’re not training up the next generation of cyber criminals?
Good question! In ethical hacking I always remind my students, every time I see them, that ethical considerations come first.
We need their skills for cyber defense and for effective protection. Whether it’s for a small business or a nation’s government, we need people to run secure systems. The British government want to have people defending critical infrastructures. The students that we are training will have those skills that are critically needed out there in industry, in government, in science, to protect our systems, to make them reliable, to make them dependable, to make them safe and secure.
What is interesting, and what I’m blessed with, is real life case studies to work on. There’s not a day goes by without a story on security or privacy. For example, the recent Edward Snowden case. Now, think of the ethical issues there.
We need to keep reminding them that ethics comes first. And this is the best we can do. Unfortunately, the profession – security scientists, computer scientists, and ethical hackers – is not as long established as some other professions where professional ethics are well known.
There is a need for more national or even international professionalisation, like in medicine. I mean, people have practiced medicine for hundreds of years. Ethical hacking is not even 30 years old: however it needs to be immediately understood to react to current critical issues.
What impact has your work had in the wider world?
Our projects are engaging with a wide range people and companies in railway transport. This means that we are raising awareness of some of the challenges in this area, and we are sharing a lot of computer science and cyber security techniques.
On the digital side of things, members of the SaFe group are involved in forensics teaching and ethical hacking teaching, so the skills contribution we’re making is huge. We need to remember that everyone who graduates from our programs has the potential to go out there and make a real difference.