Cybersecurity expert on computing as a calling

21 May 2024

Image: Kevin Curran

Cybersecurity expert Prof Kevin Curran charts his computing career from a Commodore Vic 20 to the latest advances in generative AI.

Click here for more Cybersecurity Week stories.

With nearly 30 years’ experience as a cybersecurity researcher, Prof Kevin Curran credits a Commodore Vic 20 with starting his computing career.

The self-professed “pure-born geek” bought the Commodore in 1984. “It had 3.5k of memory which is basically just enough storage nowadays for a standard news article,” Curran says. But he knew from a young age that a career in computers was his calling. He studied computer science at university and completed a PhD in distributed systems.

Curran joined Ulster University as a lecturer in 1999 and is now a professor of cybersecurity. He has authored several books, is the recipient of various patents, and has advised the British Computer Society on computer industry standards.

‘Balancing innovation with caution will be key to navigating the future cybersecurity landscape shaped by AI’

Tell us about your current research.

My research is in the domain of cybersecurity. The amount of information being processed and shared online continues to grow. As do the security and privacy concerns which arise. Companies are aware of the cost-savings to be achieved in moving to cloud platforms but are cautious due to the exposure of data on external machines. To date, there are simply too many instances of cloud services being compromised. My research therefore concentrates on implementing technology which facilitates both privacy and functionality simultaneously, resulting in new application areas specifically with regards cloud computing.

The traditional approach to securing information is simply to encrypt it. The resulting ciphertext should not only be impossible to decipher (except of course for the key owner), but it is typically also impossible to process the underlying plaintext solely by manipulating the ciphertext. What is therefore needed for functional privacy applications is a technology that supports computation on encrypted data. These technologies naturally bridge the fundamental divide between privacy restrictions on the one hand and functionalities on the other hand. Our team believe that functional encryption is such a technique which can be applied to solve modern real-world cybersecurity problems.

In your opinion, why is your research important?

The area my research focuses on is privacy-preserving technology. If users can be confident that their data will be encrypted, and remain encrypted despite computation being carried out upon their data, then they will be more likely to trust services which require them to host their data. This is true of both commercial applications and governmental applications, even where different countries have different trust levels.

Privacy-preserving technologies, therefore, support the development of resilience metrics and benchmarks that can be shared across organisations and industries, enabling a better understanding of vulnerabilities and resilience levels without revealing sensitive information. Overall, the adoption of these technologies is pivotal in building digital economies that are robust against cyberthreats, facilitating quick recovery, and ensuring data privacy and security.

Ultimately, privacy-preserving computing is crucial for managing cybersecurity risks in the economy because it ensures data protection, enhances trust, aids in regulatory compliance and bolsters economic resilience against cyberattacks. It enables the secure processing and analysis of sensitive data without exposing it, thereby safeguarding personal, business and national security information.

This technology supports innovation and competitiveness by allowing safe data sharing and analysis, crucial for sectors like healthcare and finance. Furthermore, it reduces insider threats and aligns with global data protection laws, ensuring that organisations can leverage the benefits of digital transformation securely and responsibly. In essence, privacy-preserving computing is a foundational element in fostering a secure, trustworthy and innovative digital economy.

What inspired you to become a researcher?

My journey towards becoming a researcher was simply a progression from being a diligent undergraduate student. I adored my courses and never took for granted that I was sitting in lectures and lab classes and diving into subjects which I cared passionately about. I was a pure-born geek. I recall the moment vividly when I saw a computer for the first time in Seamus McFadden’s house in Creeslough, Co Donegal. Incidentally, Seamus is a first cousin of Brian McFadden from Westlife … I knew from that moment that I wanted to pursue a future working with computers. I used to feel so sorry for fellow students who did not have the same ‘calling’ as me. Remaining in academia as a researcher suited my personality. I was tempted into industry many times especially during the dot com era in the early 2000s but I liked the flexibility in academia which allows you to conduct pure research whilst also collaborating with industry on applied research.

What are some of the biggest challenges or misconceptions you face as a researcher in your field?

Cybersecurity researchers face some challenges due to the ever-evolving nature of technology and threats. For instance, as new technologies such as IoT devices, 5G, cloud computing and artificial intelligence become more integral to our daily lives and businesses, they also create new vulnerabilities. Cybersecurity researchers must continuously learn and adapt to secure these technologies against potential threats.

Cyberattackers are also becoming more sophisticated, using advanced techniques such as machine learning, artificial intelligence and complex social engineering tactics to bypass security measures. The sheer number of threats and their varieties – from ransomware and phishing to more advanced persistent threats (APTs) and state-sponsored attacks – make it challenging for researchers to keep up with and effectively address each new threat.

Cyberthreats also evolve at an incredibly fast pace. What may be a robust security measure today could become vulnerable tomorrow. This rapid evolution pressures researchers to continuously update and patch systems, often in a reactive rather than proactive manner.

Finally, as governments around the world implement new regulations to protect consumer data and ensure privacy, cybersecurity researchers must ensure compliance while still effectively combating threats. This can be particularly challenging when regulations vary significantly between regions. Ultimately, the dynamic and high-stakes nature of these challenges ensures that the field of cybersecurity remains highly demanding and critically important.

What are your thoughts on the emergence of generative AI?

Some of the positive aspects of GenAI are enhanced threat detection where AI can analyse vast amounts of data much faster than humans can, enabling it to identify threats and anomalies that might be missed otherwise. Machine learning models can be trained to recognise patterns indicative of malware, phishing attempts or unusual network traffic, improving the overall effectiveness of security systems.

AI systems can also automate responses to security incidents, speeding up the containment and mitigation processes. This can be crucial in preventing the spread of attacks and minimising damage.

Click here to listen to Future Human: The Series.

AI can handle repetitive and time-consuming tasks, freeing up human resources to focus on more complex problems, eg automating routine checks, managing patches and monitoring network health.

Finally, AI models can predict future attack trends based on data from past incidents. This predictive capability can help organisations prepare better defences and proactively address potential vulnerabilities.

On the negative side, however, sophisticated AI tools can develop malware that adapts to evade detection, automate social engineering attacks at scale, or exploit vulnerabilities more efficiently. The use of AI in cybersecurity leads to an arms race between attackers and defenders. Each side continually develops more advanced AI tools to outmanoeuvre the other, which could lead to increasingly severe cyberthreats. It could be argued that integrating AI into cybersecurity solutions adds complexity to security infrastructures, making them harder to manage, and using AI in monitoring and responding to cybersecurity threats would lead to overreach, where the use of AI in monitoring could infringe on individual privacy rights.

Ultimately, while AI presents significant opportunities for improving cybersecurity, it also introduces challenges that need to be managed so balancing innovation with caution will be key to navigating the future cybersecurity landscape shaped by AI.

How important is collaboration between industry and academia for cybersecurity innovations?

Collaboration between industry and academia is essential for innovation in cybersecurity, as it combines the strengths of both sectors to address rapidly evolving threats. Academia conducts extensive research and develops theoretical frameworks, while industry possesses practical experience and insights into real-world cybersecurity challenges. By collaborating, both parties can exchange knowledge, leading to a deeper understanding of cybersecurity threats, vulnerabilities and potential solutions.

Basically, here industries provide resources like advanced technologies and real-world data, while academia contributes rigorous methodologies and the freedom to innovate without immediate commercial pressures.

This partnership not only accelerates the commercialisation of research and development of cutting-edge technologies but also enhances workforce development through joint education programmes. Academia plays a vital role in educating and training the next generation of cybersecurity professionals. Collaboration with industry ensures that academic curricula and research are aligned with industry needs, better preparing students for careers in cybersecurity.

Personally, I have learned a great deal about cybersecurity regulations from working with Cyber Club London which has many of the leading chief cybersecurity information officers (CISOs) in the UK as members. This knowledge would have been very hard to attain without access to CISOs who are driven by adherence to government cybersecurity regulations. Additionally, collaboration helps ensure that advancements comply with regulatory standards and reflect diverse perspectives, which is crucial for effective policy development and creative problem-solving in the complex field of cybersecurity.

Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.