New Consortium Formed for Cybersecurity Research

Northrop Grumman Partners with Carnegie Mellon, MIT, Purdue Northrop Grumman Corporation has invited three of the nation's leading research institutions -- Carnegie Mellon, The Massachusetts Institute of Technology (MIT), and Purdue University -- to join a Cybersecurity Research Consortium to advance research in this field and develop solutions to counter the complex cyber threats that face the nation, including threats to critical infrastructure, public safety and ecommerce.

The Consortium will essentially span collaborative research on areas such as protection of information systems and information systems on networks, hardware and software security, privacy; critical infrastructure; and defending against computer attacks. The research will be conducted on state-of-the-art cyber labs through out the country.

"We created the cybersecurity consortium for 2 main reasons," says Robert Brammer, CTO of Northrop Grumman, one of the largest contractors to the defense and intelligence communities in the United States. "One, the value of our information systems and services has never been greater; second the cybersecurity threats have also never been greater. And often greater value implies greater threats."

The group outlined 10 cybersecurity research projects it will conduct under a five-year grant from Northrop Grumman., The results of the research will be turned over to the operations of Northrop Grumman's major customers who will largely benefit from this initiative. Also each participating university will be able to patent any intellectual property developed as part of the consortium.

Each of these universities has been chosen because of its long history of involvement with cybersecurity research and innovation capabilities, Brammer says. All members will coordinate research projects, share information and best practices, develop curricula, author joint case studies and other publications, and provide a greater number of learning opportunities and applications for students and the defense community.

"The Cybersecurity Research Consortium is a wonderful new initiative for CERIAS," says Eugene Spafford, director of the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University. "The protection of our cyber infrastructure and processing capabilities is not a new problem; we've been warning about them for three decades now, but they have not been taken seriously by government and much of industry. Problems are addressed after they've occurred, and not proactively. Part of the problem is the limited resources in academia often force us to compete against each other. That is an aspect of this consortium that is most gratifying, and we are looking forward to working with a great team." Spafford says CERIAS' participation in the consortium involves four projects:

  • embedding information into a digital signal and origins of data streams for information attribution;
  • decomposing Internet-scale models to accurately perform constrained experiments;
  • cloud computing and developing context-based adaptable defenses against attacks on distributed systems;
  • an initiative to develop tools that would allow forensic investigators to speed up research by performing analysis on mobile devices.
MIT's Computer Science and Artificial Intelligence Lab (CSAIL) is involved in three projects in this initiative. First is dealing with information flow and secure logging. The second is on dependable software analysis, and the third on novel computer architecture to improve security on network nodes.

"Our project focuses on designing a new type of computer to minimize vulnerabilities and our goal is to make this type of computer the norm," says Howard Shrobe, principal research scientist in MIT's CSAIL.

Carnegie Mellon's CyLab, meanwhile, will contribute three projects: detection of mechanisms, minimizing attack windows through automated vulnerability management, and real-time execution trace recording and analysis to track attacks.

"We often ignore the human element involved in security -- people often make mistakes," says Adrian Perrig, technical director of CyLab. "We will focus in building systems that will provide security properties despite human error."

Brammer says Northrop Grumman will soon approach other companies as well as federal agencies about participating in the consortium.

About the Author

Upasana Gupta

Upasana Gupta

Contributing Editor, CareersInfoSecurity

Upasana Gupta oversees CareersInfoSecurity and shepherds career and leadership coverage for all Information Security Media Group's media properties. She regularly writes on career topics and speaks to senior executives on a wide-range of subjects, including security leadership, privacy, risk management, application security and fraud. She also helps produce podcasts and is instrumental in the global expansion of ISMG websites by recruiting international information security and risk experts to contribute content, including blogs. Upasana previously served as a resource manager focusing on hiring, recruiting and human resources at Icons Inc., an IT security advisory firm affiliated with ISMG. She holds an MBA in human resources from Maharishi University of Management, Fairfield, Iowa.

Around the Network