We sought evidence to inform the Cybersecurity research: a vision for the UK project.
The Royal Society set out to obtain views from a wide set of experts, including academia, government, industry, commercial enterprises and non-government organisations, to ensure a broad debate that takes into account the needs of individual citizens and consumers. The evidence received will inform the project’s findings and conclusions alongside a programme of wider stakeholder engagement and consultation.
The deadline set for submission of evidence was Monday 9 December 2013, following these guidelines:
- Refer to the questions below when drafting evidence.
- You are welcome to answer all of the questions but feel free to just focus on a subset of them.
- Evidence should be appropriately referenced wherever possible.
- Keep responses to no more than 2,000 words.
- Identify any knowledge gaps and provide case studies to illustrate the evidence.
- Confirm whether you are responding in a personal or institutional capacity.
- Submit the evidence to email@example.com.
The Steering Group identified a list of cybersecurity research challenges (PDF), which are referred to by the questions below. This list is neither exclusive nor exhaustive, so we welcomed views on other emerging cybersecurity research challenges.
1. Research opportunities
- What is the current status of cybersecurity research in the UK relevant to each of the above challenges? In which key companies and academic institutions is this research being carried out?
- What are the major research gaps in the UK to address each of the above challenges?
- Where are the opportunities to strengthen the UK’s research capability to address the above challenges?
- What are the major interdependencies, if any, between the above research challenges?
2. International collaboration
- Which partners (companies, countries and key institutions) are UK researchers currently collaborating with on the above areas of research?
- Looking 5 to10 years ahead, who are likely to be the UK’s priority partners in the above areas of research?
- What is required to support these research partnerships, recognising different funding and collaborative models in these countries?
3. Research commercialisation
- What are the specific challenges facing the commercialisation of each of the above areas of research, as well as their adoption once commercialised?
- How can existing policy frameworks for commercialising research be applied to the cybersecurity sector effectively to address these challenges? What new policy frameworks, if any, are needed?
- What new policy frameworks, if any, are needed to facilitate transition to practice?
- What can the UK learn from entrepreneurial cybersecurity research ecosystems in other countries, such as Israel and USA?
4. Responsible research and innovation
- What are the major ethical and legal challenges facing the above cybersecurity research challenges?
- How should the potential dual use of cybersecurity research be managed most effectively?
- What does an ethical and legal framework look like for ‘responsible disclosure’?
- What does a national programme of public engagement on cybersecurity research look like, and how could it be developed and implemented in the UK?
5. Research co-ordination and informing policy
- What new interdisciplinary methodologies and/or interdisciplinary models of collaboration, if any, are needed in the UK to address these cybersecurity research challenges?
- What changes, if any, are needed to existing UK, European or other funding frameworks to reflect the dynamic nature of cybersecurity research?
- What new frameworks, if any, are needed in the UK to prioritise, coordinate and deliver cybersecurity research?
- What is the potential for new partnerships between academia, government and industry to address these cybersecurity research challenges? What new frameworks, if any, are needed in the UK to support these partnerships?
- What new frameworks, if any, are needed to ensure that the results of cybersecurity research can inform the UK’s policymaking process effectively?
6. Other cybersecurity research challenges
- What major cybersecurity research challenges emerging in the next 5-10 years have not been identified? How do they affect the above questions?