The research of the Institute is focused on the three essential elements of building and maintaining secure cyber enabled systems: hardware, software and human. The entity generates interdisciplinary research with multidisciplinary inputs from computer science, cyber security, psychology, education, health, law and AI principally. It should be noted that not all research in the Institute is cyber 10111011 centric psychology and education disciplines have the lead on several significant cyber security research projects.
The core research focii of the entity are the three research pillars of secure systems (SS), critical infrastructure security (CIS), and cyber enabled crime (CEC).
Secure Systems - is about investigating the cyber security of systems we use to power our lives and the economy. These means everything from legacy some of which are 30 years old supervisory control and data acquisition (SCADA) systems and operational technology (OT) systems. Through to the latest IT platforms, cloud environments and the Inernet of Things (IOT).
Critical infrastructure security - is about investigating the elements required to maintain and assure the cyber security of systems of the national critical infrastructure. These critical systems include but are not limited to energy, mining, water, ports and transportation. Protection of these elements are critical to the functioning of our modern society and our survival as a species on the planet.
Cyber enabled crime - is about investigating the who, what, where, when and why of cyber enabled crime. This theme will involve utilising existing strong core skills in digital forensics, cyber investigation, law, victim and offender psychology and AI to aid investigation of cyber-crimes. We have worked for over two decades with law enforcement and security agencies at a State, Federal and International level.
Critical Infrastructure Security
ECUs leadership in this area is evinced through the recent commercial spin off called Sapien Cyber. Sapien Cyber is an OT/SCADA security platform designed to protect these often arcane and fragile environments the underlying systems were developed by ECU.
SCADA/OT are the engine rooms of our industrial based economies, much of Australias key export industries rely 24/7 365 on the safe and secure operation of OT. It powers or drives core parts of our national economy these include mining, electricity, oil, gas, water, manufacturing, ports, airports, industrial processing, refinement and production of goods and any place where physical automation is used.
ECU has extensive purpose-built laboratories for SCADA research and training. These include but are not limited to specialist SCADA/OT, Wireless, MQTT, SDN facilities and network cyber ranges. ECU also provides consultancy and research to various critical infrastructure providers about their security and provides services such as penetration testing, vulnerability assessment and critical review of security projects.
ECU also has recently produced a realistic security operations centre (SOC) through a 2 million dollar investment in specialist infrastructure. This allows significant exploration of research into IoT, SCADA and IT incidence response and remediation.
Cyber Enabled Crime
ECU has a worldwide reputation in cybercrime. Cyber-crime is a national and international research priority. Two members of the ECUSRI Professor Craig Valli and Professor Andrew Woodward are members of the INTERPOL Cyber Crime Expert Group. Professor Valli is additionally a member of the INTERPOL Digital Forensics Expert Group. Locally ECUSRI collaborates with WA Government and contributes significantly to the state’s cyber security capability through provision of expertise to the Office of Digital Government, the Office of the Auditor General and WA Police aimed at reducing cyber crime. We also actively work with other WA government departments in improving their cyber security posture and making WA a bad place to be a cyber criminal.
We work very closely with the WA Police and this has been further cemented in place when WA Police Cybercrime and high-tech crime investigation squads co-located on campus in September 2020. ECU has been actively collaborating with WA Police since 2001 and with the WA Office of Auditor General since 2008.
We have specialised digital forensics capabilities and purposed built facilities. We do and have done forensic analysis of conventional IT systems, GPS, mobile devices, game consoles, network traffic, wireless devices, OT/SCADA devices, embedded devices and emergent IoT devices and new digital technologies.
We collaboratively worked with WA Police from 2006 to 2013 to develop a bootable triage tool for the forensic capturing of illegal images and files from desktop and laptop computer systems. This system was in the form of a bootable Linux based DVD or USB drive. The project was called Simple Image Preview Live Environment (SImPLE) and was widely used by WA Police during the period 2008 – 2015 to triage suspects computer systems. It helped WA Police rapidly intercede in matters relating to child exploitation and allowed the entire police force with minimal training to acquire evidence for presentation in front a judge or justice of the peace when charges were preferred allowing significant predators to be placed into custody rather than being re-released to offend in the community.
ECU continues to provide material and research support to WA Police and other law enforcement and intelligence agencies.
This theme focuses on secure systems which is relatively broad in focus. It covers hardware and software, IT systems and systems of systems, cloud, embedded systems, operating systems, application systems and middleware. It also covers authentication, authorisation, monitoring, logging, auditing and implementation of cyber security countermeasures. There is also a large focus on the human factors or “wetware” the third element of any “system”. This includes cyber security education, psychology, health, law and business research. ECU has purpose built labs for secure systems research and also an abundance of infrastructure for use in research this includes traditional IT networks and infrastructure, SCADA/OT, IoT, Human Factors specific assets.