New Consortium Formed for Cybersecurity ResearchNorthrop Grumman Partners with Carnegie Mellon, MIT, Purdue
The Consortium will essentially span collaborative research on areas such as protection of information systems and information systems on networks, hardware and software security, privacy; critical infrastructure; and defending against computer attacks. The research will be conducted on state-of-the-art cyber labs through out the country.
"We created the cybersecurity consortium for 2 main reasons," says Robert Brammer, CTO of Northrop Grumman, one of the largest contractors to the defense and intelligence communities in the United States. "One, the value of our information systems and services has never been greater; second the cybersecurity threats have also never been greater. And often greater value implies greater threats."
The group outlined 10 cybersecurity research projects it will conduct under a five-year grant from Northrop Grumman., The results of the research will be turned over to the operations of Northrop Grumman's major customers who will largely benefit from this initiative. Also each participating university will be able to patent any intellectual property developed as part of the consortium.
Each of these universities has been chosen because of its long history of involvement with cybersecurity research and innovation capabilities, Brammer says. All members will coordinate research projects, share information and best practices, develop curricula, author joint case studies and other publications, and provide a greater number of learning opportunities and applications for students and the defense community.
"The Cybersecurity Research Consortium is a wonderful new initiative for CERIAS," says Eugene Spafford, director of the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University. "The protection of our cyber infrastructure and processing capabilities is not a new problem; we've been warning about them for three decades now, but they have not been taken seriously by government and much of industry. Problems are addressed after they've occurred, and not proactively. Part of the problem is the limited resources in academia often force us to compete against each other. That is an aspect of this consortium that is most gratifying, and we are looking forward to working with a great team." Spafford says CERIAS' participation in the consortium involves four projects:
- embedding information into a digital signal and origins of data streams for information attribution;
- decomposing Internet-scale models to accurately perform constrained experiments;
- cloud computing and developing context-based adaptable defenses against attacks on distributed systems;
- an initiative to develop tools that would allow forensic investigators to speed up research by performing analysis on mobile devices.
"Our project focuses on designing a new type of computer to minimize vulnerabilities and our goal is to make this type of computer the norm," says Howard Shrobe, principal research scientist in MIT's CSAIL.
Carnegie Mellon's CyLab, meanwhile, will contribute three projects: detection of mechanisms, minimizing attack windows through automated vulnerability management, and real-time execution trace recording and analysis to track attacks.
"We often ignore the human element involved in security -- people often make mistakes," says Adrian Perrig, technical director of CyLab. "We will focus in building systems that will provide security properties despite human error."
Brammer says Northrop Grumman will soon approach other companies as well as federal agencies about participating in the consortium.