On Friday 5 March, the University of Twente and corporate life will jointly launch a new centre of expertise for cybersecurity: The Twente University Centre for Cybersecurity Research (TUCCR). Professionals, entrepreneurs, researchers, undergraduates, and graduates will pool their cybersecurity research efforts in this public-private centre.
TUCCR is the brainchild of two professors of cybersecurity at the University of Twente, Prof. Willem Jonker and Prof. Aiko Pras, both leaders in their discipline. According to Prof. Pras, there is a great need for a hub of this kind. “In the discipline of cybersecurity, it is now more important than ever to establish a direct link between the worlds of science and corporate life. We are all familiar with recent cases in which municipalities, universities, universities of applied sciences, and the Dutch Research Council were hacked. These are problems that cannot be solved within the boundaries of a single discipline. Moreover, there is far too little ICT expertise in the Netherlands to prevent problems of this kind. Developments are coming thick and fast. If they wish to achieve the best insights, the realms of science, local authorities and business communities must cooperate with one another.”
Three themes
TUCCR will focus on three specific themes: network security, data security, and the associated social and economic aspects. As part of this effort, TUCCR is particularly seeking to establish links with other disciplines at the University of Twente, such as business administration, mathematics, ethics and psychology.
Aiko Pras points out that “Here at Twente, the work we are doing in the field of cybersecurity is unique. Unlike many other researchers, we do not confine ourselves to designing more secure systems, also known as security by design. In our globalised world, it is an illusion to think that if we start building more secure systems the Chinese will do the same. Thus, it is essential to collect huge amounts of data from raw reality and to analyse security problems, in order to arrive at new insights. That is the only way in which we will be able to improve existing systems and design new ones. This data-driven approach sets us apart from others.”
Issues
The specific issues to be addressed by TUCCR will be discussed with our partners in the upcoming period. Prof. Pras gives some preliminary examples: “In an effort to enhance the security of the internet, we have already started collecting huge amounts of DNS data. DNS can be seen as the internet’s telephone directory, as it indicates which internet numbers belong to which user. We are searching this directory for patterns that will help us to identify malicious webshops and phishing sites. In addition, we can search for dependencies in this data that can be used to predict the impact of situations in which one party is attacked and is no longer accessible. Imagine that the Dutch DigiD system [a kind of digital passport] was to fail, following a cyber attack. What would be the economic and social impact of such an event? What technical measures can we take to mitigate these types of risks? Is it ethically justifiable to investigate vulnerabilities yourself, when there is a risk that this might actually cause problems? Is specific legislation required to curtail problems of this kind? What about the privacy of members of the public, and the security of their data?”
Educational programmes in cybersecurity
The boom in cybersecurity is not limited to academic research and corporate life, there is also enormous interest among undergraduates and graduates (including prospective students). The Master’s specialisation in Cyber Security, which is coordinated by Dr Andreas Peter, is currently one of the most popular tracks among Computer Science graduates at the University of Twente. Aiko Pras points out that “In this subject, there is an enormous demand for future professionals. That doesn’t necessarily just involve those who work at cybersecurity companies, it is also about the mental exploration of this subject. As many people know, the government’s lack of ICT expertise is still a major hurdle. We hope to provide at least part of the solution.”
Membership
TUCCR will offer three types of membership – gold, silver, and bronze. Gold members will fund PhD students, while silver members will fund students in two-year design programmes (PDEng). Bronze members will pay a smaller amount, but will also contribute to the research in other ways. Aiko Pras points out that “We demand real commitment from our partners, but we give them a great deal in return. The membership system distinguishes between commercial and non-commercial parties. While non-commercial parties can’t always provide funding, they can still contribute manpower. For instance, the National Cyber Security Centre (NCSC) is using this form of participation.”
TUCCR’s founding partners are the Dutch Payments Association, BetterBe, Cisco, NCSC, NDIX, SIDN, SURF, Thales, the Netherlands Organisation for Applied Scientific Research (TNO), and the University of Twente.
TUCCR’s launch
The official (virtual) opening of TUCCR will take place on Friday 5 March (16.00 – 17.00). The founders and gold partners will address the meeting. Mikko Hyppönen, Chief Research Officer at F-Secure, will give a keynote lecture.