When everything from government to commerce takes place online, how do we keep businesses, consumers and citizens safe? What information are we collecting and how can we use it to improve our lives? Will the rise of AI make it easier for the scammers, the phishers and the bots? And can quantum computers break even the most complex of today’s security systems? We asked Queen’s leading experts for the answers.
If big data is a killer business advantage, how come so few industries are reaping the benefits? Is the Internet of Things really a major sacrifice of privacy and security in exchange for the lazy convenience of control-it-from-your-phone? And how long do we have before quantum computing unlocks every password on the planet? Queen’s is a global centre of expertise in cybersecurity – and here’s what’s keeping our experts awake at night.

Máire O’Neill, Professor of Information Security, argues that security is centre stage in the battle to ensure the internet can continue to function safely and effectively.
Network-connected devices can communicate with each other – your smartphone with your heating system, for example. And now those devices are starting to communicate with each other autonomously – without human interaction. This development – the Internet of Things era – brings great opportunities. But having billions of connected devices also poses significant security risks. All those devices in your home are access points for attackers. That home network is also where you connect to access your online banking, or other services which require confidential information. And most of us don’t have the time to worry about security. We just want to turn a device on and know that it’s secure.
This is an incredibly active area of research, and much of our work at the Centre for Secure Information Technologies (CSIT) is focused on the needs of industry, government, academia and the public sector. Sometimes that’s advice we offer rather than technology. For example, technology companies are no longer permitted to ship devices that have default passwords, such as 0000 – because it’s one of the most common ways for attackers to get access to consumer devices.
But we’re also looking at new technology. Physical unclonable function (PUF) technology, for example, picks up on underlying variations that occur during the manufacturing process of devices. It gives each product its own unique identity – like a fingerprint. If someone clones my device, the fingerprint changes – so I can detect whether that is the genuine device or a cloned one. This tech can be applied to applications such as the anti-counterfeiting and tamper-proofing of devices, and we’re working with several companies and organisations to evaluate it.
We’re also getting ever closer to quantum computing, which will represent a huge leap forward in the capability and complexity of computing. That’s going to be a massive advantage for applications such as genetic sequencing. But it will also have a significant impact on today’s security systems, because quantum computers will be able to break most of them.
At this point, that’s probably about ten years away. So we need to develop new, quantum-resilient techniques now. Our €3.8m EU project, H2020 SAFEcrypto, is developing just such a quantum-resilient technique called lattice-based algorithms. We’ve worked out how we could achieve physically secure and practical quantum-resilient solutions for a range of different applications. Once quantum is a reality, we can replace those systems with seamless overlap – the user won’t notice and systems will continue to work.
Security of hardware is another big issue. We all know about malware in software – but we’re starting to see vulnerabilities in hardware, too. Imagine if someone embedded a virus at the underlying hardware stage and those components were then put into devices that were sent all over the world. You can’t create a patch for that, and I’m currently leading a Research Institute in Secure Hardware and Embedded Systems initiative to ensure the security of the UK’s semiconductor supply chain.
Looking to the future, our next frontier could be space security. In the past, satellite systems were very much single access, single user and single application. But now we see a blurring between the use of satellite systems for military and civil applications. Satellite systems have newer applications, and are all communicating with each other – just like our devices. If there’s a security breach, the consequences could be very significant. It’s a critical and emerging area of cybersecurity activity. And with our expertise in post-quantum security, AI and physical infrastructure security, we’re in a great place to influence and have impact in that sector.
Professor Máire O’Neill is Director of the Centre for Secure Information Technologies (CSIT) and the Research Institute in Secure Hardware and Embedded Systems (RISE).

Dr Paul Miller, Deputy Director of the Centre for Secure Information Technologies (CSIT) says that security technologists are endlessly inventive. Which is bad news for hackers but good news for cybersecurity and Northern Ireland’s economy.
Our work is all about translating cybersecurity into the real world. From airports to traffic management systems, electricity power stations to hospitals, there are a whole host of soft targets out there – and they’re being systematically targeted by bad actors. Add to that the Internet of Things, and the untold numbers of devices that are on the internet, and it’s clear we need to automate protection, using artificial intelligence and deep learning techniques.
For example, we’ve recently developed an artificial intelligence app for the Android operating system, which is used by lots of different devices, from phones to cars. If you download our app, it will identify and analyse a piece of malware in about 0.38 seconds.
It’s different from antivirus software, which looks for signatures of known malware. If the app you download has malware without known signatures, the antivirus software won’t pick it up. But our AI has the capacity to analyse malware code and identify it as malicious, even if it’s new.
Companies are very interested in technology like this. They may have thousands of potential entry points: company phones, for example. They want to make sure that their products and their systems are properly protected. And over time, as our technology develops, it will get more sophisticated – just like the attackers.
We’re always trying to anticipate where the next threat will come from. AI and deep learning models can also be attacked: hackers will try to extract the data used for training them, or to make the models give the wrong result. So that’s our next big challenge: the security of AI. And we need to remember that good security should be invisible: if it makes demands of the user, it probably won’t be used. We need to consider security by design – an essential part of the design process, inherent in the final architecture.
All this makes the work incredibly interesting – and it’s a growth industry for NI. When we started in 2009, there were no jobs in cybersecurity here. Today, there are around 2,300, with 5,000 targeted for 2030 – and Northern Ireland is now the go-to place for cybersecurity in the UK.

Hans Vandierendonck, Professor of High Performance and Distributed Computing, says that big data has big potential – but only if we develop the tools to manage it.
Big data isn’t just about volume. It’s also about data that moves fast, or has a large variety of different types or shapes, such as text or video. But whatever the type, big data touchpoints have the potential to touch almost every aspect of our lives, from health and energy to commerce.
But for big data to be useful, you need to be able to analyse it – and that’s hard. Spreadsheets on a laptop won’t cut it! The challenge is that the data sets are very large, and the nature of the computations is very small. In many cases, you end up in a situation where the time that it takes to do the analysis is dominated by the time it takes to transfer data between the memory and the processor. Normally, that isn’t the case: systems are designed with all the data available locally, to process. Fetching it from the memory takes time. So we’re looking at ways to circumvent that pattern.
To see how this kind of big data project might apply to the real world, we are working with the Royal Victoria Hospital in Belfast to set up a real-time system analysing respiratory data from patients in ICU. Previously, that data was only collected by a nurse, every half an hour. A real-time system will help clinicians to identify medical issues more accurately.
We’re also examining areas such as transprecision – trying to understand the relationship between the precision by which a computation is performed and other factors such as execution, time, power consumption and accuracy. There’s a difference between precision and accuracy. Traditionally, we think of a piece of computing as being precise: either correct or incorrect. But there are many applications where this isn’t the case. If you watch HDTV, for example, a few pixels will be off – but you won’t notice.
We want a program that allows us to set a certain level of precision to get the accuracy we desire. The benefit of doing that means that we could do computations faster, with less power consumption, and longer battery lifetimes for portable devices. Or cheaper phones, with weaker processors, that can do the same thing as fancier models. Data is all around us: there are vast amounts being created and used all the time. We’re ensuring we have the tools to learn something meaningful from it.
Professor Hans Vandierendonck is Director of the Centre for Data Science and Scalable Computing.

Professor Roger Woods, Dean of Research at the School of Electronics, Electrical Engineering and Computer Science, says that innovation needs enterprise – and enterprise needs innovation.
As a researcher, there’s nothing like getting your hands dirty. In 2007, I co-founded Analytics Engines Ltd, a spin-off from the work I was doing at Queen’s. We enable organisations to view their data in one place and ask the right questions of it, allowing us to become a successful university spinout.
Data analysis can benefit society in so many ways. One of the company’s most recent projects has been with the broadcaster RTE. We were looking at ways to improve their investigative journalism and help them expose political corruption and bad practices in state bodies. The idea is to scrape the internet to gather information on everything that’s available on government sources about a person, and then investigate activities where a conflict of interest might exist.
The right data can save money, too. We also worked with Dublin City Council to detect illegal dumping and fly-tipping, which is a massive cost to the public purse. They were able to exploit their existing information on illegal dumping and publicly available information on housing occupancy to predict where illegal dumping was most likely to occur, enabling the council to take steps to reduce it.
But improvements in the technology that we use to gather and process this data is now stalling and becoming increasingly challenging to build. One of our major projects at Queen’s is focused on building hardware for monitoring the structural health of the bridges in the UK. Bridge collapses are hugely dangerous and disruptive, so their structures need to be constantly monitored.
If we could locate low-cost monitoring stations on each bridge, then we could continuously send back structural information. This would allow us to predict which bridges were in the worst shape and advise the authorities where to prioritise their limited repair budget. This is particularly challenging for bridges in remote locations where data coverage is limited and renewable energy sources need to be used. The ability to locate computers in remote areas offers us considerable potential to solve problems in all kinds of areas.
Meanwhile, as the name suggests, big data just keeps getting bigger and more interesting. In 2012, we held the first Big Data Belfast gathering, attended by about 60 people. The most recent attracted more than 700 attendees, establishing Northern Ireland as a hotbed for big data solutions.
Top of Page