Centre for Sustainable Cyber Security (CS2)


Our vision

With digital systems, and the data they store, now integral to the everyday functioning of modern societies, the need to protect them from attack has never been greater. In the UK alone, the cyber security market is likely to exceed £18 billion by 2028. Yet traditional solutions to digital threats are monodisciplinary in their focus, causing them to fail over the long term as technology, business or the human context evolves. The Centre for Sustainable Cyber Security (CS2) takes a fundamentally different approach by drawing on multidisciplinary expertise to build effective, efficient and evidence-based solutions that work now and long into the future – These lead to sustainable cyber security.

We aim to:

  • Conduct collaborative research and knowledge exchange on sustainable cyber security.
  • Create societal and commercial impact through adoption of sustainable cyber security practices and technologies.
  • Prepare PhD students and postdocs that will become internationally recognised for their contribution to cyber security science or industry.
  • Continue being a vibrant research environment that attracts and keeps global talent in cyber security.

Our impact on the world

Almost every aspect of modern life, from energy, transport and business networks to the provision of healthcare, food and education, depends on well-functioning and reliable digital systems. Emerging technologies such as artificial intelligence, robotics and Internet of Things, are also critically important as we seek to address the myriad urgent challenges now facing us in the 21st century, including climate change, sustainable development, transnational organized crime, pandemics and conflict.

The Centre for Sustainable Cyber Security (CS2) exists to ensure that current and future digital technologies remain protected and trustworthy, so that the digital transformation can enable positive change in the world.

Our primary objectives, aligned with the UN Sustainable Development Goals (SDGs) are to:

  • Ensure reliability, resilience and sustainability of current and emerging industries, innovation and infrastructure (SDG9).
  • Contribute to decent work and economic growth (SDG8) by ensuring sustainable entrepreneurship and high technology innovation through protection against cyber and data risks.
  • Develop technologies for cost-efficient prevention of cyber crime and online harms in the context of sustainable cities and communities (SDG11).
  • Develop digital forensics technologies and innovative practice in the context of peace, justice and strong institutions (SDG16).

Our research

Focus on Impact from day one

From day one, all research conducted at CS2 is designed to deliver real-world positive impact. We ensure this by co-developing all projects in close partnership with the end-users, prioritising cost and process efficiency, and involving multiple disciplines. To maximise the industrial relevance of our work, its medium to long-term targets are also validated by our steering board for knowledge exchange and impact.

Our current research is grouped into four strands:

  • Secure Cyber-Physical Systems
  • Trustworthy AI
  • Improving Efficiency of Digital Forensics
  • Certified Sustainable Security and Privacy

Secure Cyber-Physical Systems

This work addresses the sustainable cyber security of modern and future critical digital and industrial infrastructures, as exemplified currently by the Internet of Things (IoT) paradigm. Topics covered include helping people protect themselves and their communities against cyber-physical attacks in XR by providing them with machine learning-derived information and context; sharing information efficiently in complex IoT environments with forecasting and optimisation techniques; and defending Industrial Control Systems from cyber threats and human errors through applied cryptography.

Among recent activities relevant to this strand of research is the C4IIoT project (Cyber security 4.0 - Protecting the Industrial Internet of Things), which builds and demonstrates a novel and unified Industrial IoT cyber security framework for malicious and anomalous behaviour anticipation, detection, mitigation and end-user informing.

Trustworthy AI

With AI fast becoming a part of daily domestic life, this work conducted at CS2 focuses on protecting users automatically as well as ensuring they themselves can tell when their AI is misbehaving or has been maliciously manipulated. Topics covered include protecting AI and machine learning (ML) applications through adversarial modelling, anomaly detection and prevention; studying different humans’ ability to recognise malicious AI through personal profile context and experimental evaluation of brain activity; and assessing legal and ethical challenges of AI from an international law perspective.

A current example of our work on trustworthy AI is the CHAI project (Cyber Hygiene in AI-enabled Domestic Life), which seeks to guard non-expert users against AI security breaches. Funded by the EPSRC, CHAIimproves the transparency of AI design empowering users to protect themselves and develop new training programmes to enhance their “defending” skills.

Improving Efficiency of Digital Forensics

Combining technological, legal and psychology expertise, we explore novel approaches to support digital investigations in a manner that preserves privacy and is cost-efficient. Topics covered include identifying criminal profiles through visual evidence, whether from cyber or physical sources; improving outcomes in community-led missing person projects through digital forensic and open-source intelligence analysis tools; and admissibility of digital forensic techniques and tools in prosecuting digital crimes.

TRILLION (Trusted Citizen-LEA collaboration over social networks) is a project relevant to this strand of research in which we developed an innovative socio-technical platform fostering effective collaboration between citizens and law-enforcement agencies.

Certified Sustainable Security and Privacy

This important strand of research looks at safeguarding the security and privacy of those using digital technologies in a manner that is verifiable. Topics covered include sustainable protection of software through inductive and deductive verification; legal challenges to assure fairness and digital rights in modern software; studying resilient personalised healthcare services; and threat modelling and strategic decision support through cyber security modelling and game theory.

A recent example of our work on certified sustainable security and privacy is ENSURESEC. Funded by the European Commission,, we developed a sociotechnical solution for safeguarding the EU’s Digital Single Market’s e-commerce operations against cyber and physical threats.


CS2 members produce around 40 journal and conference publications per year. Examples related to each research strand are:

Teaching and training

As well as supporting postgraduate students exploring a range of cyber security topics, the CS2 offers continuing professional development. A recent example is a CPD course on digital forensics for law enforcement agencies.