Lending to Small and Medium Sized Enterprises (SMEs), including micro businesses, remains at the top of the agenda for governments around the world. With various political and economic incentives introduced to support SMEs, it is important not to overlook the practicalities of institutional arrangements for access to finance, especially in the environment of prudent lending. This proposed seminar series brings together practitioners and academics in order to discuss the most pertinent issues of SME finance and of credit risk, with a view to setting a research agenda relevant to lenders and regulators. The government reports that the current support scheme appears to be working well, but banks have been criticised for their reluctant handling of the scheme. Critics emphasise that the uptake is far below the last year's Small Firms Loan Guarantee Scheme, but the British Banker's Association confirmed that total lending to SMEs rose. The government scrutinises the scheme and it was noted that banks were increasing charges and fees and require more personal security. New initiatives include the launch of the British Business Bank, local banks and credit unions. The German partners will contribute a comparative element for the institutional environment drawing upon. The German Kreditanstalt fuer Wiederaufbau (KfW) is considered to be a successful role model. Participants will engage in debate and invite keynote speakers from academia, government agencies and industry. Social science research will be promoted by drawing on leading researchers and through interaction of speakers and attendees, which will include breakout sessions related to sub-schemes such as micro finance, the role of regional funds, gender and development agencies. There has been a string of reports on SME lending, funding and equity gaps. Now is the time to take stock, draw it all together and make a preliminary assessment of the various initiatives in light of those reports. There is an abundance of academic literature related to the context of the project, see for example the seminal article by Thorsten Beck and Asli Demirguc-Kunt (2006), of which a brief review is attached in the Case for Support document.

The great majority of the CDT's research will fit into the four themes listed below, whether focussed upon application domains or on underpinning research challenges. These represent both notable application areas and emerging cyber security goals, and taken together cover some of the most pressing cyber security challenges our society faces today. 1. Security of 'Big Data' covers the acquisition, management, and exploitation of data in a wide variety of contexts. Security and privacy concerns often arise here - and may conflict with each other - together with issues for public policy and economic concerns. Not only must emerging security challenges be ad-dressed, new potential attack vectors arising from the volume and form of the data, such as enhanced risks of de-anonymisation, must be anticipated - having regard to major technical and design challenges. A major application area for this research is in medical re-search, as the formerly expected boundaries between public data, research, and clinical contexts crumble: in the handling of genomic data, autonomous data collection, and the co-management of personal health data. 2. Cyber-Physical Security considers the integration and interaction of digital and physical environments, and their emergent security properties; particularly relating to sensors, mobile devices, the internet of things, and smart power grids. In this way, we augment conventional security with physical information such as location and time, enabling novel security models. Applications arise in critical infrastructure monitoring, transportation, and assisted living. 3. Effective Systems Verification and Assurance. At its heart, this theme draws on Oxford's longstanding strength in formal methods for modelling and abstraction applied to hardware and software verification, proof of security, and protocol verification. It must al-so address issues in procurement and supply chain management, as well as criminology and malware analysis, high-assurance systems, and systems architectures. 4. Real-Time Security arises in both user-facing and network-facing tools. Continuous authentication, based on user behaviour, can be less intrusive and more effective than commonplace one-time authentication methods. Evolving access control allows decisions to be made based on past behaviour instead of a static policy. Effective use of visual analytics and machine learning can enhance these approaches, and apply to network security management, anomaly detection, and dynamic reconfiguration. These pieces con-tribute in various ways to an integrated goal of situational awareness. These themes link to many existing research strengths of the University, and extend their horizon into areas where technology is rapidly emerging and raising pressing cyber security concerns. The proposal has strong support from a broad sweep of relevant industry sectors, evidenced by letters of support attached from HP Labs, Sophos, Nokia, Barclays, Citrix, Intel, IBM, Microsoft UK, Lockheed Martin, Thales, and the Malvern Cyber Security Cluster of SMEs.

Fraud can be broadly defined as trickery used to gain a dishonest advantage, usually financial, over another person or organisation. Mass-marketing fraud (MMF) is a type of fraud that exploits mass communication techniques (e.g., email, Instant Messenger, bulk mailing, social networking sites, telemarketing) to con people out of money. It is a scam that targets victims in most countries. The 419 or 'Nigerian' scam is one example. In this scam the fraudster requests upfront fees with the promise that the victim will recover large sums of money in return for little effort. However, not all mass-marketing frauds con the victim with the promise of making large sums of money. In the romance scam, for example, the criminal pretends to develop a romantic relationship with the victims and later requests money to help them, especially in a crisis. In the charity scam, victims believe they are giving money to a genuine charity. The proposed project will develop novel techniques to detect and prevent MMF. Through its multi-disciplinary approach and close focus on co-designing the solutions with its range of project partners and testing them in-the-wild during live MMF-detection settings, the project will lead not only to new scientific understanding of the anatomy of MMF but also to tools and techniques that can form the basis of practical interventions in tackling such fraud. Working with partners outside of academic is crucial to the success of this project. Over the years various types of organisations have worked hard to detect and prevent MMF (often in silos) - with some methods appearing to be somewhat effective. Nonetheless, the numbers of victims do not appear to be dissipating. Awareness campaigns have succeeded in alerting the public to this particular crime; however, it is difficult to know if they have reduced the potential number of victims (especially, given that many victims are aware of the crime prior to becoming victims; see Whitty, 2013, in press). Prosecution for this particular crime is very resource intensive, and its effects on crime reduction are unknown. We have chosen partners (national and international) who have specialities in different fields including: law enforcement, intelligence, third sector, and industry. They have different knowledge to share and also can potentially tackle the problem using different methods (e.g., industry can screen out and detect fraudsters, law enforcement can trace criminals and raise awareness, third sector can implement methods to protect citizens and to make them more resilient). From an academic perspective, a multi-disciplinary approach increases our chances of detection and prevention of this crime. Understanding the types of people susceptible, the situational conditions that make a person more vulnerable, and the methods and materials (e.g., online profiles, messages, communication methods) used to convince the target that the interaction is authentic and persuade them into giving up their money to a fraudster is crucial in the development of methods to combat this problem. Combining this knowledge with more technical knowledge provides us with a much greater capability to detect and prevent. For example, technical indicators, such as phone numbers, IP addresses, links to stolen identity material, stylistic patterns of persuasive messaging provide a much richer understanding of the crime and provides a greater number of variables to assist in detection. In addition, any tool developed in detection of MMF needs to convince the end-user of the likelihood that they are being scammed (which is especially difficult when the criminal is attempting to persuade the victim to believe otherwise). Given this an HCI approach is crucial when developing usable approaches and messages that persuade the potential victim that they are interacting with a criminal. Finally, we need to consider the ethics of the type of personal data we might utilise to detect and prevent MMF.

Fraud can be broadly defined as trickery used to gain a dishonest advantage, usually financial, over another person or organisation. Mass-marketing fraud (MMF) is a type of fraud that exploits mass communication techniques (e.g., email, Instant Messenger, bulk mailing, social networking sites, telemarketing) to con people out of money. It is a scam that targets victims in most countries. The 419 or 'Nigerian' scam is one example. In this scam the fraudster requests upfront fees with the promise that the victim will recover large sums of money in return for little effort. However, not all mass-marketing frauds con the victim with the promise of making large sums of money. In the romance scam, for example, the criminal pretends to develop a romantic relationship with the victims and later requests money to help them, especially in a crisis. In the charity scam, victims believe they are giving money to a genuine charity. The proposed project will develop novel techniques to detect and prevent MMF. Through its multi-disciplinary approach and close focus on co-designing the solutions with its range of project partners and testing them in-the-wild during live MMF-detection settings, the project will lead not only to new scientific understanding of the anatomy of MMF but also to tools and techniques that can form the basis of practical interventions in tackling such fraud. Working with partners outside of academic is crucial to the success of this project. Over the years various types of organisations have worked hard to detect and prevent MMF (often in silos) - with some methods appearing to be somewhat effective. Nonetheless, the numbers of victims do not appear to be dissipating. Awareness campaigns have succeeded in alerting the public to this particular crime; however, it is difficult to know if they have reduced the potential number of victims (especially, given that many victims are aware of the crime prior to becoming victims; see Whitty, 2013, in press). Prosecution for this particular crime is very resource intensive, and its effects on crime reduction are unknown. We have chosen partners (national and international) who have specialities in different fields including: law enforcement, intelligence, third sector, and industry. They have different knowledge to share and also can potentially tackle the problem using different methods (e.g., industry can screen out and detect fraudsters, law enforcement can trace criminals and raise awareness, third sector can implement methods to protect citizens and to make them more resilient). From an academic perspective, a multi-disciplinary approach increases our chances of detection and prevention of this crime. Understanding the types of people susceptible, the situational conditions that make a person more vulnerable, and the methods and materials (e.g., online profiles, messages, communication methods) used to convince the target that the interaction is authentic and persuade them into giving up their money to a fraudster is crucial in the development of methods to combat this problem. Combining this knowledge with more technical knowledge provides us with a much greater capability to detect and prevent. For example, technical indicators, such as phone numbers, IP addresses, links to stolen identity material, stylistic patterns of persuasive messaging provide a much richer understanding of the crime and provides a greater number of variables to assist in detection. In addition, any tool developed in detection of MMF needs to convince the end-user of the likelihood that they are being scammed (which is especially difficult when the criminal is attempting to persuade the victim to believe otherwise). Given this an HCI approach is crucial when developing usable approaches and messages that persuade the potential victim that they are interacting with a criminal. Finally, we need to consider the ethics of the type of personal data we might utilise to detect and prevent MMF.

Recent reports from the Royal Society, the government Cybersecurity strategy, as well as the National Cyber Security Center highlight the importance of cybersecurity, in ensuring a safe information society. They highlight the challenges faced by the UK in this domain, and in particular the challenges this field poses: from a need for multi-disciplinary expertise and work to address complex challenges, that span from high-level policy to detailed engineering; to the need for an integrated approach between government initiatives, private industry initiatives and wider civil society to tackle both cybercrime and nation state interference into national infrastructures, from power grids to election systems. They conclude that expertise is lacking, particularly when it comes to multi-disciplinary experts with good understanding of effective work both in government and industry. The EPSRC Doctoral Training Center in Cybersecurity addresses this challenge, and aims to train multidisciplinary experts in engineering secure IT systems, tacking and interdicting cybercrime and formulating effective public policy interventions in this domain. The training provided provides expertise in all those areas through a combination of taught modules, and training in conducting original world-class research in those fields. Graduates will be domain experts in more than one of the subfields of cybersecurity, namely Human, Organizational and Regulatory aspects; Attacks, Defences and Cybercrime; Systems security and Cryptography; Program, Software and Platform Security and Infrastructure Security. They will receive training in using techniques from computing, social sciences, crime science and public policy to find appropriate solutions to problems within those domains. Further, they will be trained in responsible research and innovation to ensure both research, but also technology transfer and policy interventions are protective of people's rights, are compatible with democratic institutions, and improve the welfare of the public. Through a program of industrial internships all doctoral students will familiarize themselves with the technologies, polices and also challenges faced by real-world organizations, large and small, trying to tackle cybersecurity challenges. Therefore they will be equipped to assume leadership positions to solve those problems upon graduation.