GCHQ Announces £4.5m Vulnerability Research Unit

UK intelligence agency GCHQ has announced a Cyber Research Institute, which will attempt to create fresh technologies that effectively detect vulnerabilities.

Software flaws continue to be a serious cause for concern. Hackers are sharing vulnerability information at a rapid pace, leading to widespread compromises. So-called “zero-day” Java flaws, for instance, have been widely exploited in recent months, with malicious websites running code to take over people’s machines via vulnerabilities in the Oracle software.

A group of private firms, known as exploit sellers, have emerged in recent years, flogging flaws to customers for hundreds of thousands of pounds. As vendors are often not told what those flaws are, most Internet users remain unprotected.

GCHQ after automated flaw finders

But GCHQ wants the UK to create automated technology that looks for bugs in commonly-used software, making it easier for vendors to get patches out. The aim of the institute, which is backed by a £4.5 million grant, will be to provide businesses, individuals and government with more confidence that the software they are using is safe.

The unit will be based at Imperial College London, but another five universities have been chosen to work on future vulnerability detection tech. They include the University of Edinburgh, University College London, University of Kent, the University of Manchester, and Queen Mary University.

They will work alongside industry experts and researchers from across the globe. The overall aim, as set out by the government’s National Cyber Security Strategy, is to make Britain a safe place to do business and create a vibrant security industry in the UK.

David Willetts, minister for universities and science, said the institute would build on the UK’s “global reputation for cyber security research and innovation”.

Private industry has welcomed the institute too. Raj Samani, CTO for McAfee in EMEA, said a strong public-private partnership was “critical towards fighting cyber threats”.

“The role of academia is critical towards this,” he told TechWeekEurope. “It is still early days, but further investment into such collaborative efforts should be applauded.”

David Emm, senior security researcher at Kaspersky Lab, commended the focus on vulnerabilities. “Cyber attacks of all kinds typically start by exploiting vulnerabilities in common applications,” he added.

“Any research that can help to reduce this, and raise the level of awareness of the need to close up this window of opportunity for cyber criminals, is positive.”

This is the second such institute announced by GCHQ in the past year. Another, announced in September 2012, was a virtual body, designed to look at the “science of cyber security”.

The intelligence agency has ramped up its cyber efforts in recent months. In November, it announced a Cyber Incident Response scheme, which will recruit private companies to offer advice on cyber attacks.

Are you a security pro? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Is the Digital Transformation of Businesses Complete?

Digital transformation is an ongoing journey, requiring continuous adaptation, strong leadership, and skilled talent to…

6 hours ago

Craig Wright Faces Contempt Claim Over Bitcoin Lawsuit

Australian computer scientist faces contempt-of-court claim after suing Jack Dorsey's Block and Bitcoin Core developers…

7 hours ago

OpenAI Adds ChatGPT Search Features

OpenAI's ChatGPT gets search features, putting it in direct competition with Microsoft and Google, amidst…

8 hours ago

Google Maps Steers Into Local Information With AI Chat

New Google Maps allows users to ask for detailed information on local spots, adds AI-summarised…

8 hours ago

Huawei Sees Sales Surge, But Profits Fall

US-sanctioned Huawei sees sales surge in first three quarters of 2024 on domestic smartphone popularity,…

9 hours ago

Apple Posts China Sales Decline, Ramping Pressure On AI Strategy

Apple posts slight decline in China sales for fourth quarter, as Tim Cook negotiates to…

9 hours ago