X Close

UCL Department of Science, Technology, Engineering and Public Policy


Applied in Focus. Global in Reach


A holistic approach to reasoning about the security of critical infrastructure systems

By , on 13 February 2020

By Dr Uchenna D Ani, Post-Doctoral Research Fellow with the PETRAS National Centre of Excellence for IoT Systems Cybersecurity, UCL STEaPP

Security designs should not consider technical details alone but should capture the bigger picture of the co-interacting participants that provide critical services.

Critical National Infrastructure (CNI) systems need cybersecurity, physical security and personnel security.  CNI systems use networks of diverse technologies (hardware and software) to enable the exchange of data and information. Generally, this involves socio-technical systems (STS) – people interacting with the technology and working together as a single system structured to achieve operational objectives.


Integrating the internet and the Internet of Things (IoT) with CNI systems enable greater capabilities for remote, autonomous sensing. Integration supports smarter control, monitoring, predictive maintenance, safety, and security management, but the convergence brings new security risks that demand serious attention. Geoff E, of the UK National Cyber Security Centre (NCSC), highlights the need to consider such systems as a whole rather than the sum of individual components. A holistic perspective is therefore necessary to achieve more all-embracing security.

Read the rest of this entry »

Data Protection Day

By , on 28 January 2020

By Dr Jose Tomas Llanos, Research Fellow in PACE (Privacy Aware Cloud Ecosystems) at UCL STEaPP

Data Protection Day (or Data Privacy Day outside Europe) is an international holiday held every year on 28 January. The declared purpose of this holiday is “to give everyone a chance to understand what personal data is collected and processed and why, and what our rights are with respect to this processing.”[1] The date was not randomly chosen: it is the anniversary of the opening for signature, in 1981, of Council of Europe’s Convention 108 for the Protection of individuals with regard to automatic processing of personal data.[2]

Convention 108 introduced the concept of ‘protection of personal data’, as well as important data protection principles that were later enshrined in the Data Protection Directive[3] and included (in a somewhat more elaborate fashion) in the General Data Protection Regulation (GDPR)[4]: personal data must be obtained and processed fairly and lawfully (lawfulness and fairness); stored for specified and legitimate purposes and not used in a way incompatible with those purposes (purpose limitation); adequate, relevant and not excessive in relation to the purposes for which they are stored (i.e. data minimisation); accurate and, where necessary, kept up to date (accuracy); and preserved in a form which permits identification of the data subjects for no longer than is required for the purpose for which those data are stored (storage limitation).[5]

Read the rest of this entry »

In the era of SDGs and Grand Challenges should all innovation be ‘social innovation’?

By , on 20 January 2020

By Joanna Chataway, Rebecca Hanlin and Julius Mugwagwa

Geoff Mulgan, newly appointed Professor of Collective Intelligence, Public Policy and Social Innovation at UCL STEaPP, has an impressive new book out entitled ‘Social Innovation: How societies find the power to change’.  His ideas about social innovation made us wonder: In this era of changing goalposts for technological innovation, should we think about all innovation as to some degree being social innovation?

Innovation image

All innovation aimed at delivering social and environmental targets requires us to think about social factors, organisational change and other contextual realities. It could therefore be thought of as social innovation.  On the face of it, that would seem fine as a premise but with further reflection we concluded that things weren’t so simple.  It is certainly true that in the overwhelming majority of cases, technology alone won’t achieve social and environmental goals.  But, the difference between ‘innovation’ and ‘social innovation’ seems to us to relate to starting points and how technological innovation is conceptualised in relation to broader societal change.  Technological innovation, even when it is related to social and environmental goals, could be thought of as beginning with a scientific and technical focus, whereas social innovation does not.  The nature of this difference is worth exploring in more detail because the policy implications are important.

Read the rest of this entry »

Tech community has role to play in improving efficiency of cyber norms

By Madeline M Carr, on 16 December 2019

The United Nations Internet Governance Forum (IGF) took place last month in Berlin with opening addresses from both the German Chancellor Angela Merkel and UN Secretary General António Guterres.

Thousands of people from all over the world from the deeply technical to highly political, many NGOs and a smattering of industry gathered to discuss the ‘state of the net’. Some of the big recurring conversations revolved around the geopolitics of the Internet, emerging technical challenges related to the Internet of Things, and cyber norms – a very interesting area that we have been working on for many years now.

United Nations Internet Governance Forum (IGF) © IGF-Internet Governance Forum via Flickr

Cyber norms seek to clarify misunderstandings

Discussions about cyber norms began in the United Nations way back in 1998 when Russia called for an international action to address the potentially destabilising effects of the Internet. This led to the formation of a UN ‘Group of Governmental Experts’ (UNGGE) that has now convened, in different configurations of a small number of states (but always the P5), several times over the course of the last decade.

In 2015, the UNGGE proposed 11 norms that states [hopefully] agree constitute proper behaviour. They’re quite wordy so I won’t reproduce them here but they refer to things such as information sharing, working to stop attacks emanating from within one’s borders and responsible reporting of vulnerabilities.

The objective of the UNGGE process has not actually been to ensure the smooth functioning of the Internet. Rather, it has been to avoid the possible escalation to a dangerous, kinetic conflict that might be brought about by misunderstanding, miscommunication or even deception through cyber incidents. By agreeing some ‘rules of the road’ for cyberspace, states hope to maintain international peace and security through those foundational principles of diplomacy – predictability and transparency.

While most dialogue about cyber norms focuses on the political dimension, we’ve been particularly interested in the response from the technical community – particularly the Cyber Security Incident Response Teams (CSIRTs or CERTs). These people really are the firefighters of the Internet, operating on the frontlines of global cyber incident response.

Within a much larger community, there is a small group of highly skilled, highly experienced people who operate in an informal network of deep trust and personal relationships. They work across borders, across sectors and without prejudice. And they have some significant concerns about the formulation and expected execution of some of the UNGGE norms.

Read the rest of this entry »

Delivering on the promise of the creative workspace?

By Siobhan Pipa, on 29 November 2019

What innovative organisations and cities can learn from the case of Second Home

In this critical article, Tuukka Toivonen examines how Second Home, a celebrated London-based workspace company that now has a global presence, seeks to stimulate creative work communities, with important lessons for work organisations and city governments around the world.

*Tuukka Toivonen (PhD Oxon.) is a UCL STEaPP Honorary Senior Lecturer and member of the Urban Innovation and Policy Lab at STEaPP. He also directs the MA in Innovation Management at Central Saint Martins (UAL) and works as the Lead Strategist at Creative Friction.

Second Home London Fields – residents floor by Tuukka Toivonen

Since the opening of its first workspace in Spitalfields in 2014, Second Home has been celebrated for its many seductive, unusual design features. Its curved transparent walls, abundant potted plants, unique vintage furniture pieces and statement-making facades have inspired observers from around the world to re-imagine the future of the office and the creative city.

However, flourishing work communities and urban creative environments are hardly created through design alone. What is Second Home’ actual strategy, one needs to ask, for turning groups of innovative people who occupy its quirkily designed spaces into genuinely innovative, inclusive collectives? What can other work organisations and cities learn from the ways it tries to stimulate connections and interactions that support members’ progress towards valued goals?

Spending two months (April-May 2019) as a full-time member at Second Home London Fields  – the company’s newest UK base – gave me a perfect opportunity to explore these questions as a participant, building on prior research. I discovered three community-producing tactics as well as critical weaknesses in Second Home’s community strategy. These offer important lessons for the future of the innovative urban workspace, at a time when dominant industry models (such as WeWork’s) are coming under much scrutiny.

Read the rest of this entry »