Ensuring Cyber-Physical Security in the Digital Built Environment

  • Application end date: 11th February 2018
  • Funding Availability: Funded PhD project (EU/UK/International)
  • Department: School of Computing
  • PhD Supervisor: Prof Debi Ashenden, Dr Sepehr Abrishami

Project code: CCTS4200218

Project description

Buildings are now often planned, designed and the data shared online using building information modelling (BIM). When operational, buildings are increasingly being managed through digital building management systems (BMS). As cyberspace and physical space are increasingly enmeshed, the need to secure both the digital built environment and its assets has given rise to the concept of cyber-physical security. Cyber-physical vulnerabilities include BIM documentation that is insecurely transmitted and gives attackers the ability not only to understand physical weaknesses in a building but can also facilitate the insertion of fake building materials into the supply chain. Similarly, outsourcing of facilities management and security exacerbates these problems as we saw in 2014 when the US retailer Target was subject to a cyber attack via its BMS which resulted in the theft of 40 million credit cards.

While there has been an increased focus on developing organisational cyber security, with an associated boost in the status of such professionals, there is often a disparity between cyber and physical security personnel, functions and policies in organisations. In a cyber-physical environment this leads to increased vulnerability for the organisation overall. The examples given of cyber-physical vulnerabilities in the digital built environment demonstrate the need for organisations to develop processes that will ensure cyber-physical security. To this end, this research proposes to undertake a user-centred design methodology to develop cyber-physical security interventions.

Initial investigations will use a mixed-methods approach (interviews, surveys, focus groups) to understand how cyber and physical security personnel currently cooperate, their awareness of the appropriate protective measures required from each other, the gaps between the two approaches, and barriers to collaboration. This initial research will enable the identification of the roles of different stakeholders, from the security teams themselves, to outsourced teams, manufacturers and construction companies and the Board. This will help identify who the audience for any intervention should be.

Findings from this will help guide the development of cyber-physical interventions. At present it is proposed that scenario-driven interventions will help facilitate communication between different stakeholders, particularly in relation to more critical situations. 2 Security teams are familiar with table-top simulations and red team testing, so this approach will be explored alongside these methods, with the intervention itself facilitating the required communications rather than being a document to digest and apply.

A student undertaking this work could expect to find employment in protective security (in either the public or private sector) or a career in academia.

Supervisor profiles

Prof Debi Ashenden

Dr Sepehr Abrishami

Admissions criteria

You’ll need a good first degree from an internationally recognised university (depending upon chosen course, minimum second class or equivalent) or a Master’s degree in an appropriate subject. Exceptionally, equivalent professional experience and/or qualifications will be considered. English language proficiency at a minimum of IELTS band 6.5 with no component score below 6.0.  


Informal enquiries are encouraged and can be made to Debi Ashenden at debi.ashenden@port.ac.uk (02392 846382) or Dr Sepehr Abrishami at sepehr.abrishami-shokooh@port.ac.uk (02392 842905).

For administrative and admissions enquiries please contact tech-enquiries@port.ac.uk.

How to Apply

We welcome applications from highly motivated prospective students who are committed to develop outstanding research outcomes. You can apply online at www.port.ac.uk/applyonline. You are required to create an account which gives you the flexibility to save the form, log out and return to it at any time convenient to you.

A link to the online application form and comprehensive guidance notes can be found at www.port.ac.uk/pgapply.

Applications should include:

- Full CV including personal details, qualifications, educational history and, where applicable, any employment or other experience relevant to the application

- Contact details for two referees able to comment on your academic performance

- Research proposal of 1,000 words outlining the main features of a research design you would propose to meet the stated objectives, identifying the challenges this project might present and discussing how the work will build on or challenge existing research in the above field.

- Proof of English language proficiency (for EU/ International students)

When applying, please quote project code: CCTS4200218

Interview date: TBC

Start date: October 2018.

Funding notes

UK/EU students -  The fully-funded, full-time three-year studentship provides a stipend that is in line with that offered by Research Councils UK of £14,553 per annum.

International students - International students applying for this project are eligible to be considered for the Portsmouth Global PhD scholarships.

Research at The School of Computing

Discover more about our research areas on our webpages.

Visit us

Visit us at a Postgraduate Information Day to discover more about the research programmes we offer. Book your place at www.port.ac.uk/pginfoday