Northumbria Cyber Security Research Group (NCSRG) is a cross-faculty, multi-disciplinary group which aims to understand security vulnerabilities which exist at the intersection of people, technology, and place. Members of the NCSRG enjoy ongoing relationships with a wide range of academic and non-academic partners, including local and national government, regional businesses and community groups and national and multinational organisations. Members regularly undertake knowledge exchange activities in relation to cybersecurity. These activities reflect the interests of the group in terms of its research on human-centred cybersecurity and behaviour change, organisational and individual cyber-resilience, data fusion, privacy, regulation, intrusion detection, hate speech detection, web security, biometrics and digital forensics.

We train our BSc undergraduates (Computer Science, Digital Forensics and Networks and Cyber Security) to run the Cyber Clinic, where some selected students are employed as cyber security consultants/ethical hackers for the North East Business Resilience Centre (NEBRC). The North East Business Resilience Centre is a police-led, not-for-profit organisation that provides 24/7 cyber security support to SMEs. Their cyber security services have developed an ethical reputation and formed a partnership network with the Cyber Essentials Certification to protect businesses from cyber risks. Here, Northumbria University students are matched with local businesses where they spend time carrying out vulnerability assessments of businesses’ networks and web applications to identify any weaknesses in IT systems and computers. NEBRC provide businesses with quality cyber security support, through the talented team of paid student ethical hackers from Northumbria University. BBC broadcasted 15 episodes of ‘Dirty Rotten Scammers’ from June 2022 where Northumbria students from NEBRC who worked as ethical hackers created the show by doing Open-Source Intelligence (OSINT) on selected people that was arranged through ITN Productions. The show explained how people could be easily scammed with personal information of them available on the Internet. The ‘Dirty Rotten Scammers’ link: https://www.bbc.co.uk/programmes/m00183m1/episodes/guide 

At an international level, group members have a history of international funding in relation to cybersecurity and enjoy ongoing relationships with academic institutions in Europe (e.g. Interactive Technology Lab (University of Lisbon), The School of Media and Information (iSchool) University of Siegen, The University of Valencia) and also in the US (University of Indiana) and Canada (Designing for People Lab, University of British Columbia, International Cybercrime Research Centre, Simon Fraser University). Activities regularly undertaken with these academic partner institutions include summer schools, seminar programmes and academic exchanges and these are used to ensure staff and graduate students stay abreast of the latest developments in cybersecurity research. For example, in summer of 2023, members of NCSRG took part in three summer schools, including a cryptography and cybersecurity summer school organised by Canada’s International Cybercrime Research Centre and we subsequently hosted the Centre Director at Northumbria, where he shared details of his latest research on the use of AI by adversarial state actors.

Across the UK we have academic cyber security partnerships with major research hubs (SPRITE, REPHRAIN, PETRAS, RISCS) and with the Universities of Bath, UCL, Edinburgh, Abertay (in relation to its developing cyber quarter), Birmingham and Newcastle. Many are collaborators on the EPSRC funded Centre for Digital Citizens (CDC) where Northumbria leads on the Safe Citizen challenge area (2020-25). Northumbria will also shortly announce their involvement in a new conflict, security and justice pathway, to be funded as part of the ESRC funded Nine DTP (Doctoral Training Pathway) which involves the Universities of Durham, Newcastle, Northumbria, Sunderland, Teesside, Ulster and Queens Belfast.

Our non-academic partnerships cover government and policy institutions and local and national businesses. For example, we have a range of non-academic partners working with the CDC that include Meta (regarding censorship policies), the Web Foundation, NHS Digital and the NHS Business Services Authority (regarding cybersecurity behaviours), the BBC, Yoti (regarding identity authentication and management), Newcastle City Council, Sunderland Software City and the National Innovation Centre for Ageing (regarding keeping older adults safe online). NCSRG members have a range of Knowledge Transfer Partnerships (KTPs) embracing cybersecurity research with, for example, Sports Aid, Cathie Group, ART Health Solutions Ltd, and 3Dental. In 2022 a new partnership was announced with Lockheed Martin, that included a £630,000 investment (forming part of a wider £7m investment into engineering facilities for research and teaching). 

Regarding policy initiatives, we have worked with the NCSC, Home office, Cabinet Office and DCMS (note that the DCMS report ‘Secure by Design: Improving the cyber security of consumer Internet of Things’ explicitly acknowledged the influence of our EPSRC funded cSALSA project as the source of findings that helps Government ‘to design more effective cyber security advice and educational materials that are tailored for different audiences’. Currently, we have an excellent relationship with Ofcom (we conducted a two-day workshop with Ofcom in the summer of 2023, targeting the implications of the ongoing Online Safety Bill and are currently working with them to set up PGR placement opportunities). We have recently contributed to a 2023 Scottish Government report on age differences in cybersecurity behaviour (in press) and in 2022 worked with UK Government and London-based company ThinkCyber Security on the SBRI project Reducing Public Sector Risk through Culture Change, with the aim of informing a new code of practice for Government Standard GovS 007 (Security).

In addition to these activities, members of NCSRG ensure their research findings benefit members of the public through two initiatives. Firstly, we run a Cyber Guardians programme, drawing on our research into the vulnerabilities of older adults and the effectiveness of peer learning in the cybersecurity sphere. Many senior citizens are aware of online risks but are often not sure how to protect themselves, which sometimes impedes their use of online tools altogether. In the North East of England, the NCSRG team has so far enhanced the cybersecurity awareness of over 1,000 older people. Working with University of Third Age (U3A) in the North East of England, we have organised practical workshops that effectively translate our research into meaningful action for older adults, covering password management, social engineering, online privacy, social media and online banking.