Belfast-based unit aims to reduce vulnerability to cyber threats

New unit at Queen’s University aims to improve internet-connected hardware security

The Research Institute in Secure Hardware and Embedded Systems at Queen’s University is one of four linked cybersecurity institutes in the UK.
The Research Institute in Secure Hardware and Embedded Systems at Queen’s University is one of four linked cybersecurity institutes in the UK.

Prof Maire O'Neill is a Queen's University, Belfast cybersecurity expert who knows that even something as innocent as a toy doll can be corrupted by internet hackers to cause criminal mischief.

An electronics engineer from Glenties, Co Donegal, Prof O'Neill has been given a mission to try to make the increasingly vulnerable world of the internet safer for users.

She has taken over as director of a new £5 million (€5.5 million) research unit at Queen's University's Centre for Secure Information Technologies based at the Northern Ireland Science Park in the Titanic Quarter in Belfast.

As director of the new research unit   at Queen’s University, Prof Maire O’Neill is tasked with improving hardware security and reducing vulnerability to cyber threats.
As director of the new research unit at Queen’s University, Prof Maire O’Neill is tasked with improving hardware security and reducing vulnerability to cyber threats.

The world has changed, she points out, and smart devices can be used so that house owners can remotely switch lights on and off, turn on ovens, put on kettles, open front doors. “You are thinking of future smart homes where everything will be network connected.”

READ MORE

She instances one controlled test on a smart talking doll which was hacked into to record and then issue the household command for opening the remotely controlled front door of the house. “The dolls also could be hacked to make them say anything to children, which is not a great idea.”

High achiever

She will hardly be daunted by the big test ahead of her. Now 40, she is the youngest ever engineering professor at Queen's, appointed when she was 32. She is the youngest to be elected a fellow of the Irish Academy of Engineering and she previously won the "British" Female Inventor of the Year award for work on high-speed data security.

A very high achiever, she was inspired by her late father, John McLoone, in her career. He was a vice-principal and maths teacher at Glenties comprehensive school. He created his personal hydro-electric system on the Owenea river so the family had their own electricity. “I get down to Glenties as often as I can; I love getting back home,” she says.

Her two brothers are electronic engineers and her two sisters are doctors. Her husband Shane, from Omagh, Co Tyrone, is also an electronic engineer and they have three children, Aodhan (aged eight), Niamh (five), and Eoin (one).

Work-life balance is a tough “but we just manage it somehow”.

As to her current work she highlights how so many household items and devices now are network connected and therefore susceptible to criminal exploitation.

She says that recent attacks against personal computers, mobile devices, smart meters, home automation devices and network-connected cars have posed serious security and privacy issues. Prof O’Neill, who was one of the experts to address a cyber-security industry conference in Belfast on Wednesday, says a major threat is that hackers can use such devices to gain access to a household’s or even a company’s wifi system.

“It would certainly allow hackers to monitor your activity online, to download malicious software to your computer, to see where you are going and what you are doing and to use that information for more targeted attacks,” she adds.

"Ericsson predicts that by 2022 there will be 29 billion connected devices in existence. That volume of devices communicating directly with each other implies that we no longer have direct control over with whom or what our devices are communicating. That enables new attack methods for hackers and criminals to exploit," she warns.

As director of the Research Institute in Secure Hardware and Embedded Systems (Rise) Prof O'Neill's job is to improve hardware security and reduce vulnerability to cyber threats.

It is one of four linked cybersecurity institutes in the UK and will be a global hub for research and innovation in hardware security over the next five years. The Queen’s institute is connected to universities in Cambridge, Bristol and Birmingham.

Prof O'Neill refers to how an incident in 2016 brought down a major internet provider in the US leading to Amazon, Twitter, Netflix and other services being unavailable. The attack was carried out by hacking into a vast number of network-connected video cameras that weren't hardware secure.

She cites another controlled test where one of the new driverless cars was taken over by attackers hacking into the vehicle’s internet-connected entertainment system.

Her work will have vital practical implementation if she and her team can devise systems to keep one step ahead of the hackers.

Microprocessors

The smart devices, she explains, contain small electronic chips called microprocessors which provide the remotely-controlled heating system or bulb or cooker with network connection. But unless security is included in the hardware device – that is in the microprocessor – they can be hacked into.

What she is attempting is to make the hardware impregnable from the get-go. “In our research institute what we are trying to look at really is going down to device level and looking at securing devices from the very initial design right the way through to their operational environment,” she explains.

Many of these devices are relatively cheap and part of the challenge is the “trade-off between cost and how secure you want device to be”, she adds.

“Can we build attack-resilient microprocessors? Is that feasible? Can we then look at maintaining confidence in security throughout that product life cycle?”

Prof O’Neill makes clear that there is also a hard-edged commercial element to the work of the institute. Belfast now has 38 companies employing 1,200 people and all with a cyber security focus.

Queen’s estimates that the industry in Northern Ireland is on course to generate salaries of £60 million per annum. Prof O’Neill hopes that ultimately her work will create even more revenue and jobs: “For me the economic impact is a key end-goal of what we achieve at the end of the five years.”

There will be no great surprise if she meets all those ambitions.