Archive, News

PETRAS 1st Strategic Research Fund (SRF) Call for Expressions of Interest (NOW CLOSED)


This call is now closed. Thank you for your interest.



The PETRAS National Centre of Excellence for IoT Systems Cybersecurity invites proposals from eligible UK higher education institutions (HEIs) for collaborative projects in the cybersecurity of devices and networks at the edge of the internet research to be undertaken jointly with user partners.

Funded by UK Research and Innovation (UKRI) through Engineering and Physical Sciences Research Council (EPSRC), this second phase of the PETRAS programme ( aims to strengthen an already established and successful platform which, since 2016, has coordinated and convened twelve universities and 110 industrial and government User Partners in cross-disciplinary collaboration. PETRAS has created a dynamic shared research agenda that incorporates social and physical science challenges in equal measure and has worked across a broad range of Technology Readiness Levels. Our new ambition is to make a step change in scope, enabling trustworthy Artificial Intelligence (AI) embedded in IoT networks to deliver safe and highly functional solutions.

This call provides an opportunity for the Centre to build upon this foundation to establish an inclusive national centre open to all and to identify and execute the best and the most transformative and impactful projects in this area, which will enable it to continue actively engaging with the user community and effectively responding to the Internet of Things (IoT) developments.


The PETRAS (privacy, ethics, trust, reliability, acceptability, and security) Centre aims to build the UK national capacity needed to create a comprehensive and systematic understanding of the opportunities and threats that arise when edge computing nodes are deployed, and when AI and Machine Learning (ML) technologies are migrated to the periphery of the internet and into local IoT networks. These challenges are socio-technical, and the Centre organisation is designed to accommodate transdisciplinary research. Personal perceptions of risk and trustworthiness as a result of machine agency, which interact with regulation, standards and policy on the one hand and design and engineering on the other, span the physical and behavioural sciences.

PETRAS strives to create an inclusive Centre that can attract and closely connect experts and organisations, together forming a strategic national research capability in the cybersecurity of devices and networks at the edge of the internet. Hence, the Centre is designed to provide flexible and responsive national capacity in the area of security and the connected world. In its current phase, the Centre has 12 academic partners working on 14 catalyserprojects to kick-start its research programme, providing instances linking four challenge-based Lenses and to six application-focussed Sectors (Table 1). The Centre’s academic partner numbers and research focus coverage will be expanded through two openStrategic Research Fund (SRF) Calls. This document covers the details of the 1stSRF call. The Centre plans to launch the 2ndSRF call towards the final quarter of 2020.

PETRAS Lenses and Sectors

The Centre’s four lenses are research challenge domains, which encapsulate internal tensions: Securing the Edge, Useful, Usable Decentralisation, Law & Economics at the Edge, and Building Public Value at the Edge.

The Sectors have specific application-focussed context in terms of technology, regulation, economics, interventions, industries: Ambient, Supply Chains and Control Systems, Infrastructure, Health and Well-being, Agritech, and Transport and Mobility.

Lenses and sectors are units of synthesis of findings, points of contact for accessing the Centre’s programme and expertise, as well as special groups of interest.

Hence, each proposal must be associated with at least one challenge and apply its findings in at least one sector.

Table 1– Catalyser Projects by Lens and Sector. Secondary project positions are in light italics.

The research-challenge Lenses focus on:

  • Securing the Edge: An IoT-augmented physical reality is open to adversarial behaviours that are yet unchartered and poorly understood, and that span the sociotechnical dimensions. The impact of compromise needs to be evaluated in terms of its resulting consequences on end system provision and its safety implications. The resilience of systems in their physical, digital and social dimensions needs to be ensured. How can systems adapt to continue to operate safely and securely when they have been compromised? How do they recover and become more robust? How can AI help defend, adapt and recover systems in response to adverse events? How can we assure systems that continuously adapt and employ AI techniques and how can we understand and mitigate the vulnerabilities of such techniques? How do users and autonomous systems interact with each other to ensure system resilience? How do we maintain security and resilience with legacy devices? What are the social and technical routines needed to stress-test systems for complex attacks?
  • Useful, Useable Decentralisation: There is a gap between autonomy on paper that decentralised systems promise to edge-users, and the control that edge users feel capable and able to exert, particularly given the number of decisions they are expected to make in this data-saturated world. Research in psychology and human-computer interaction is needed to point to how decentralised systems can be useful and useable in practice, rather than only in theory. This in turn is likely to trigger new questions for security researchers, for example in areas such as identification and interoperability. What can and should the users’ roles in securing systems be, and how do technical aspects of IoT security interact with these human factors? Further to this, how do users work together to achieve their goals in a decentralised system? What methods of collaboration, both online and offline, can help individuals achieve their varied goals in their home environments, workplaces, and urban surroundings?
  • Law and Economics at the Edge: Business models for IoT systems, particularly those undertaking decentralised analytics, are still emerging. What are the main considerations in areas such as measurement, transactions and demand management in these systems? Which new marketplaces and financing mechanisms might they in turn open up the opportunities to create? Emerging business models and IoT systems with analytic components are also likely to touch upon a wide array of legal and governance provisions, such as data protection law, competition law, liability and platform regulation. How do these regimes cope with these systems, and what are the major tensions they highlight or changes they would require to succeed? What does, should, and could standardisation of these systems look like in national and international policy fora?
  • Building Public Value at the Edge: Connected IoT devices provide many avenues for public good, including increased understanding of the world to support policy interventions; new innovative goods and services; and information to help safeguard individuals. Many of these insights come from the combination of IoT with AI but new challenges emerge in processing the data at the edge in a way that preserves privacy, security and trust yet yields the same benefits. How can we secure, decentralised computing or ‘AI’ applications in realistic IoT deployments? Do users trust these systems and approaches, and in which contexts? How can we defend against new threats such as poisoning of sensor data or exploiting the vulnerabilities of AI? How do privacy and security preserving approaches affect other tasks such as anomaly detection, or repurposing data for entirely novel applications? How can important information such as around measurement quality or data provenance, be obtained and combined with data from sensors themselves? Finally, how do and might approaches to building public value using these new technologies coexist with existing and emerging legal frameworks?

The application-focussed sectors cover:

  • Ambient (Built Environment / Homes / Cities / Public Spaces): Measure the impact of ambient technology on user perceptions of security and privacy issues. Linking sensed data to higher level decisions and perceptions. Determine the value of aggregated information considering provenance, quality. Contextualise and influence user behaviour. Convey picture of dynamic risk & trust in a meaningful way.
  • Supply Chains and Control Systems (Industrial / Buildings / Utilities): Understanding integrity: mapping observed data flows and device activity to expected outcomes. Understanding assurance: How do we provide security and privacy assurances in critical SCCS systems? Understanding interdependence/complexity: How might information be shared and used in at the edge for risk mitigation? Understanding change: How does regulation keep up with rapid technological change?
  • Infrastructure: Digital Infrastructures: How does edge computing help us rethink responsibility in data sharing? How to achieve trust; even when systems are working correctly, people can lose confidence in them? Critical Infrastructures: Failing gracefully and bouncing back quickly: how can systems cope well with unanticipated shocks? Are current security methods able to cope with adversarial attacks and AI-based inference, and if not, how might they be altered? Supply Chains and Control Systems(Industrial / Buildings / Utilities) Understanding integrity: mapping observed data flows and device activity to expected outcomes. Understanding assurance: How do we provide security and privacy assurances in critical SCCS systems? Understanding interdependence/complexity: How might information be shared and used in at the edge for risk mitigation? Understanding change: How does regulation keep up with rapid technological change?
  • Health and Wellbeing (Critical care to leisure wearables): Can storing sensitive data generated by devices at the edge mitigate vulnerabilities? How do wearable and implantable sensors combine in secure infrastructures? How do vulnerabilities in facilitating technologies, such as WiFi, Bluetooth and potentially 5G, impact these systems? Can AI at the edge help patientsthat currently have difficulties with deployed technologies? What are the potentials for helping designers make usable systems? What are the technical, ethical and legal challenges of these systems in employment contexts?
  • Agritech: What types of vulnerabilities exist in currently deployed Agritech? What are realistic threat models? What are the dynamics of Agritech adoption? Can users reliably estimate risks &trade-offs? How do interdependencies between Food and Agriculture and other Critical National Infrastructure (CNI) sectors factor into cyber attacks? Can the food and agriculture sector be treated similarly to other CNIs, taking into account its fragile nature?
  • Transport and Mobility: What are the security and privacy requirements emerging from the interplay between humans, vehicles and infrastructure? Can we develop trustworthy and resilient AI systems for Connected and Autonomous Vehicular systems? Can we understand the emerging motivations and future crime scenarios in transport and mobility? Can we understand interdependencies and impact in complex dynamical systems?


Total PETRAS funding available for the 1stSRF call is £1.8 M Full Economic Cost (fEC), or £1.4 M @ 80% fEC. We expect to fund approximately nine projects. This is roughly based on an 18-month project employing a post doctorate research associate (PDRA) fulltime with associated Principal Investigator (PI) costs, consumables and travel. Equipment over £10,000 in value (inc. VAT) is not available through this call. Smaller items of equipment (individually under £10,000) are allowable.

Duration: Up to 18 months (whilst PETRAS will not mandate the precise duration of projects, it is anticipated that projects will have an approximate duration of 18 months, as 18 months is the maximum duration permitted).

Applicants: Each project should involve at least one, ideally two or more, User Partner(s) from industry and/or public sector with strong background in the Centre’s research programme. Proposals must be co-created with the User Partner(s) and be convincing of the depth of the partner commitment. Whilst matched funding by user partner(s) is not required, it is highly recommended. Projects must be led by a PI from an EPSRC eligible UK research institution. He/she will be responsible for the development and delivery the project, and for reporting on the outcomes and budget.

All applicants should cost their projects using the same process as they would cost an EPSRC grant. Successful proposals will receive 80% fEC of their budget from PETRAS. It must be recognised that an application to this call requires a commitment to provide the remaining 20% of fEC from their own resources. All costs should be inclusive of VAT and/or any other applicable tax. A guide of fEC and the EPSRC’s position on its payment is available at: and

Eligible costs:
Costs under a new project may include UK-based staff time for PIs and Co-Investigators (CoIs) (up to 0.1 FTE equivalent combined) and postdoctoral research associates (PDRA), associated indirect costs, travel and subsistence, and consumables and equipment for the project, all subject to EPSRC rules and requirements.

Grant Management:
Details on how to access funding will be provided to those departments that have received awards. Awardees will be expected to manage the accounts as per normal EPSRC rules.

Themes for the 1stSRF Call
Proposals are encouraged which include themes that address IoT systems research challenges at the intersection of any two PETRAS Centre ‘Lens’ and ‘Sector’ descriptors (see below), and which include emerging technologies (e.g., AI and ML) that support IoT deployed at the ‘edge’ of the internet. PETRAS embodies a socio-technical approach to cross-cutting challenges, so (without exclusivity), proposals are welcomed that take a cross-disciplinary viewpoint. For the avoidance of doubt, those that address purely technical or social dimensions will also be considered. In all cases, proposals should embody a cybersecurity perspective.

‘Lenses’ – cross-cutting, policy orientation:

  • Securing the Edge;
  • Useful, Useable Decentralisation;
  • Law and Economics at the Edge;
  • Building Public Value at the Edge.


  • Ambient (Built Environment / Homes / Cities / Public Spaces);
  • Supply Chains and Control Systems (Industrial / Buildings / Utilities);
  • Infrastructure (including Digital);
  • Health and Wellbeing (Critical care to leisure wearables);
  • Agritech;
  • Transport and Mobility.

The call themes listed above are indicative, and not exclusive. The Centre will consider other themes relating to proposers’ research interests or those of user partners, where these pertain to themes not covered in the existing suite of PETRAS Centre and Hub projects.

Review and Selection Process
As part of a suite of demand management measures, to help alleviate pressure on all involved with our review process, applicants may only apply once, either as a PI or CoI. The 1stSRF will follow a two-stage submission process.

Overall Assessment process
Applications will be assessed via a two-stage process:

  • Stage 1 – the Expression of Interest (EoI) Stage; and
  • Stage 2 – Full Proposal Stage.

The review process is a paper exercise based solely on the completed application form and will not involve interviews. The review process will be led by the PETRAS Leadership Team, and each stage will have its specific review mechanisms as described below.

Activity Date
Call launched 17 June 2019
Deadline for questions and queries (stage 1) 8 July 2019
Closing date for EoI submissions (stage 1) 15 July 2019 (09.00 UK time)
EoIs reviewed Mid-End of July
Applicants notified of their EoI application outcomes – progression to full stage for shortlisted EoIs End of July 2019
Deadline for questions and queries (stage 2) 26 August 2019
Closing date for full proposal submissions (stage 2) 3 September 2019 (09.00 UK time)
Full proposals reviewed September –  late October 2019
Stage 2 applicants notified of outcome Mid-late October 2019
Expected start of awarded projects January – March 2020

Table 2 – 1stSRF Call for Proposals timetable

Stage 1 EoI Review and Selection process

  • EoIs may be submitted by eligible researchers only, with proposed contributions from a single institution or a consortium (see the eligibility section);
  • Proposals must be novel. Any proposals that have been previously submitted for EPSRC funding, which are currently waiting for confirmation on their application outcome must declare this in the EoI form;
  • The EoI application will need to conform to the information requested in the EoI application form ( and respond to the call’s requirements as specified in this document.

The EoIs received will go through PETRAS Leadership Team triage for compliance (i.e., correct completion of the application forms and meeting eligibility requirements), and the expert panel review by the Prioritisation Panel, which will be undertaken simultaneously for efficiency.

The Prioritisation Panel will identify and shortlist applications to be invited to submit full proposals. The Panel members will be brought together from the PETRAS Leadership, its Governing Board, and external experts from academia, industry and public sector. The members who submitted applications themselves and/or conflicted in proposals received will take no part in their assessment.

At the EoI stage, the Centre is looking for convincing evidence of relevant expertise and experience of the applicant teams, approach to their chosen research problem, and demonstrable integration of user partners in proposed activities. Hence, assessment of the EoIs will be done against the eligibility and project requirements listed above and the EoIs alignment to the following criteria:

  • Track record and expertise of the proposed team, with respect to its ability to undertake the proposed research and extend the expertise of the PETRAS Centre;
  • Quality and relevanceof the proposed research including novelty, ambition and interdisciplinarity;
  • Engagement with User Partners and Research Impact.

Next Steps
Successful EoIs will be invited to submit full proposals. Guidance on full proposals will be provided upon invitation at the next stage.

Declined EoI bids and requests for modification
Feedback to unsuccessful bidders will only be provided in the cases where the triage process or panel members note specific comments to be conveyed to the investigators.

Stage 2: Full proposals from selected EoIs
Having gone through the EoI shortlisting process, a limited number of EoI applications will be invited to submit full proposals. Further details of which will be provided upon invitation to the next stage.

Grant conditions
Successful applicants not already party to the PETRAS Centre collaboration agreement will join by accessioning to the PETRAS Centre agreement, which imposes EPSRC/ UKRI conditions on the consortium.They will be expected to participate in Centre activities and duties, including reporting, dissemination and communication activities.

Further Information

How to Apply

All applications to be done electronically via the following submission system by the call deadline:

Applicants must seek approval from their organisation prior to submission. 


Applicants may only apply once as a PI orCoI (i.e. an individual may not be involved in more than one proposal) and must demonstrate they meet the following requirements:

  1. Projects must be led by a PI eligible to hold an EPSRC grant. The PI will be responsible for the delivery of the project work and required reporting requirements. For information on the eligibility of organisations and individuals to receive EPSRC funding, see the EPSRC Funding Guide:
  2. Projects must be novel, address intellectually inspiring challenges in the cybersecurity of devices and networks at the edge of the internet and provide improvements upon the state of the art (see Call Themes section above for further details).
  3. Projects must be co-created with and involve, user partners.
  4. Projects must be able to demonstrate how beneficiaries will be engaged, and describe how they will make a real difference to IoT security at the periphery.

In addition, it is highly desirable for project proposals to demonstrate the following: