Connected Nation - Interview: John Baird, EPSRC

Supplementary content information

John Baird is Head of the UK Research and Innovation Digital Economy Theme at the EPSRC.

You must select the video player for these keys to function.

Keyboard shortcut Function
Spacebar Play/Pause when the seek bar is selected. Activate a button if a button has focus.
Play/Pause Media Key on keyboards Play / Pause.
K Pause/Play in player.
Stop Media Key on keyboards Stop.
Next Track Media Key on keyboards Moves to the next track in a playlist.
Left/Right arrow on the seek bar Seek backward/forward 5 seconds.
J Seek backward 10 seconds in player.
L Seek forward 10 seconds in player.
Home/End on the seek bar Seek to the beginning/last seconds of the video.
Up/Down arrow on the seek bar Increase/Decrease volume 5%.
Numbers 1 to 9 on the seek bar (not on the numeric pad) Seek to the 10% to 90% of the video.
Number 0 on the seek bar  (not on the numeric pad) Seek to the beginning of the video.
Number 1 or Shift+1 Move between H1 headers.
/ Go to search box.
F Activate full screen. If full screen mode is enabled, activate F again or press escape to exit full screen mode. 
C Activate closed captions and subtitles if available. To hide captions and subtitles, activate C again. 
Shift+N Move to the next video (If you are using a playlist, will go to the next video of the playlist. If not using a playlist, it will move to the next YouTube suggested video).
Shift+P Move to the previous video. Note that this shortcut only works when you are using a playlist. 

John Baird, EPSRC

My name's John Baird. So I head up the Digital Economy theme in EPSRC, which is a Cross-Council challenge theme, which involves not just the EPSRC taking the lead, but also the Economic and Social Sciences Research Council, ESRC, and the Arts and Humanities Research Council, AHRC. I also head up another cross-council aspect to do with cyber security as part of the - and this is a bit of a mouthful - part of the Partnerships for Conflict, Crime and Security. So EPSRC again leads on the cyber security bits, AHRC leads on conflict, and the ESRC lead on crime. So, two cross-council themes; one EPSRC leads, one ESRC leads.

The panel today was all around issues of cybersecurity and the societal dimensions, including aspects related to privacy and trust, and identity. So we had quite a good discussion, actually a very lively panel discussion as well. So a really good panel, that's excellent panel members on there. This is a really, really exciting and topical area for society at the moment. Lots of government reports coming out at the moment, lots of EU reports to do with people's privacy, data protection, national security issues as well; driven really by the whole digitization of society.

More and more devices are being connected, how are they being connected? What sort of consent do you give to certain things, if you’ve agreed to have your data shared with a company and then they reuse it and reposition it; how far do you go? How far can a company go? So it’s almost as if the technology is driving things faster than the legislation is driving it. There are things we don't know that are going to be problems in the future, maybe some things we do know are problems, and we should try and tackle them, and some things we don't. But there's a big national security agenda as well, so a couple weeks ago there was the National Strategic Defence review; that's promised something like £1.8 billion pounds over the next few years. So EPSRC, as a leading research council, we’re thinking, how can we get our hands on some of that money to build on some of the work we've been doing already in supporting the doctoral training skills, and the research agenda to do with the broad issue of cybersecurity, which entails a broad area to do with trust, identity, privacy and security?

Well there were several messages, really, that came out. I think it’s probably worth just summarising one; particularly the balance between - in a digital society that’s ever more connected - the balance between people's personal privacy and their security. So in order to develop services, you might have to give people a bit more information than you perhaps feel comfortable about, but then maybe you’d get better service as a result of it. There are lots of business opportunities that could be exploited through that. But one of the big, big issues, if you like, that came out - not just in this panel, but on other agendas - is the whole skills dimension.

So, I think, there was an article in today's Times, saying that there’s a huge shortage of people who've got the necessary skills in tackling cyber security. And we’ve seen lots of cyber breaches from Sony, Ashley Madison, TalkTalk recently. So companies are scrambling to try and make their defences better, make sure that they're not working on old, sort of, critical sort of software that's able to be hacked into and disrupted. So companies have a massive shortage of people they can go to, so the people who know, the experts in the area, can charge a lot of money. So I think that as a Research Council, one of our agendas is to find out if we can somehow increase - not just the number of people coming through high-level training, doctoral training - but also, particularly, to get a more diverse population.

So in Computer Science, which is the bedrock of all this cryptography and things, I think it's something like five or seven percent of people studying computer science at UK universities are women; so we need to try and get more women into a better, more diverse population. One of the panel members made the particularly interesting comment that the way to do this, and I think it was the lady from Hewlett-Packard said, that one of the things that attracts women perhaps was to sell or promote the attractiveness of the societal benefit of it. You know, here's you actually tackling something for the national good; a societal benefit; and that you don't just need techy people, you don’t just need the computer scientists and the mathematicians. You need psychologists and people who study people's behaviour, as we know that a lot of cyberattacks at the moment are, well, perpetrated by people who then exploit vulnerabilities; it’s how people behave and respond to things, like ‘Oh, why should I click on this particular link?’ and so on.

So you have to train people to, perhaps, look at why they're not doing better passwords, or why they are feeling that they're led down certain pathways to expose themselves to, say, phishing attacks. So there are lots of things we could do to intervene with people, and make the people skills better, and I think companies would benefit from that, and I think that that would make it more attractive to bring a wider gender diversity into the skills base. Why’s research in this area important? Well, I think, we’re not starting from ground zero. Already in various programmes within the Research Councils; through the ICT theme for example, in EPSRC, and also the Cross-Council Partnership in Conflict, Crime and Security, where we’ve adopted more of an interdisciplinary approach. We’ve already worked with other agencies like GCHQ, like CPNI, the security agencies, Dstl, for example; to try and harness some of the joint funding opportunities to co-create solutions to problems.

So, for example, some of the research institutes we’ve set up that are jointly funded with GCHQ and CPNI have attracted equal funding from them. We also then have the Academic Centres of Excellence in cybersecurity, which mean that GCHQ and ourselves jointly accredit these universities. We don't put too much money in, but it taps into, and opens up access to some people from GCHQ, who then can add studentships, doctoral studentships, and also the expertise and interaction from GCHQ. So you leave a lot more influence to a wider field, than you would do with just EPSRC acting alone. So I think one of the secrets is to act and work together with other people, and I think it's not just the security people but it’s agents like the Digital Catapult as well, the Home Office who’ve obviously got an agenda for homeland security, terrorism, anti-terrorism-type stuff. So the agenda is really massive; it’s not just cyber security, it’s cyber-crime, conflict and that kind of stuff.