CyberASAP Industry Challenges

A dual programme that moves your cyber security idea out of the lab, into the commercial market and aligns it to industry demand. 

Applications open

Now in its 8th year, CyberASAP provides academics with the expertise, knowledge and training needed to convert their research into technologies, products and services in this key sector of the global economy. The programme creates a pipeline to move great cyber security ideas out of the university lab and into the commercial market. 

CyberASAP Industry Challenge-led strand is a new, additional stream to the CyberASAP programme. It’s designed for academics whose ideas could provide solutions to current challenges faced by industry.  

When applying for CyberASAP, academics whose ideas focus on software supply chain security, AI model security or IIOT/OT security are invited to also apply for CyberASAP Industry Challenge-led strand. 

Successful participants will join the Industry Challenge-led strand which includes learning modules designed with industry experts, mentoring tailored to your specific challenge area and a programme of events to network, practice pitching and engage with experts.  

HOW IS THE PROGRAMME DELIVERED?

CyberASAP and CyberASAP Industry Challenge-led strand are both delivered as a mix of virtual and in person. 

Successful applicants are expected to attend all sessions including events held nationally.

WHAT YOU’LL GET

  • Grant funding 
  • Skills in product development, POC development, market validation and more  
  • Business acumen 
  • Industry mentoring and networking  

CyberASAP and CyberASAP Industry Challenge-led strand are funded by the UK Department for Science, Innovation and Technology and delivered by Plexal and  Innovate UK KTN .

Apply for CyberASAP and CyberASAP Industry Challenges

THE CHALLENGES

CHALLENGE 1: AI MODEL SECURITY  

The National AI Strategy recognises the power of AI to increase resilience, productivity growth, and innovation. Elsewhere, the National Cyber Strategy highlights both the significance of threats to AI as a “technology vital to cyber power” and the importance of the opportunity for the UK to uphold democratic values through AI standards. Work to address threats and shape standards relates not only to the careless or malicious use of AI, but also to the security of the AI models themselves. The risks are particularly critical in AI systems used in national security, CNI, and cyber security, where utility and trust fundamentally underpin the interests of both businesses and citizens. Threats to AI models include “data poisoning”, adversarial introduction of blind spots, model theft, and inadvertent introduction of bias. A key challenge is therefore to ensure that AI employed across industry sectors continues to evolve as a valuable and trustworthy tool by addressing these threats to AI models.  

 

CHALLENGE 2: SOFTWARE SUPPLY CHAIN SECURITY  

The 2020 SolarWinds supply chain attack compromised sensitive data across tens of thousands of organisations, including US federal agencies, by targeting a key IT supplier to those organisations. The attack highlights the trend for bad actors to attack softer supply chain targets as higher profile organisations tighten their own security perimeter. The threat is compounded by the rise in “as-a-service” type attacks that enhance attack scale and sophistication. And whilst direct targets may not themselves be considered critical industries (e.g. feedstocks, refrigeration, enterprise software), their ultimate customers span UK CNI. The risk is further increased by the complexity and spread of global supply chains, which make visibility, governance, and vulnerability management, difficult. In this area there is a compelling industry need to enhance cyber resilience through supply chain visibility, assurance, monitoring, protection, and cyber risk management.  

 

CHALLENGE 3: INDUSTRIAL INTERNET OF THINGS (IIOT) AND OPERATIONAL TECHNOLOGY (OT) SECURITY  

Whilst IoT has enhanced industrial efficiency and consumer experience, security remains a key concern. The NCSC estimates that 98% of IoT data traffic is unsecured, motivating new DSIT principles addressing the security of connected places, and legislation on secure by design. The convergence of industry and IoT, called industrial IoT (IIoT) and smart control systems for industry, known as operational technology (OT) promise to provide further benefits but also new cyber vulnerabilities. On one hand this development supports levelling up (enabling new regional smart manufacturing hubs) and net zero (through IIoT-enabled low-waste industry, efficient smart logistics). On the other hand, the introduction of unsecured and unregulated infrastructure risks new vulnerabilities. Space-based IIoT devices, critical to civilian and military concerns, are especially vulnerable: they suffer particularly from legacy vulnerabilities, being difficult to maintain and expensive to upgrade. Overall, the safeguarding of UK industries, from its most innovative (e.g. semiconductors) to its most traditional (e.g. food manufacturing) relies on the security of IIoT/OT. Furthermore, enabled by powerful new quantum sensors, AI and big data analysis, IIoT/OT is only set to advance in sophistication and value. The size and complexity of industry security vulnerabilities in IIoT and OT is likely to grow exponentially as these next generation connected technologies are deployed. The challenge will therefore address both existing and emerging vulnerabilities, to ensure that the UK is at the forefront of sustainable secure connected places technology. 

Key dates

05 February

Applications open.

06 February

Join our online briefing event here.

06 March

Applications closed.

15 March

Successful applicants notified.

April – May: Phase 1a Value Proposition

If we award you funding, you must be dedicated to the project for the two month value proposition building activity from 1 April 2024.

June – July: Phase 1b Market Validation

If we decide you can continue to the market validation activity you must be dedicated for the additional two months until 31 July 2024.