Northrop Grumman Creates Cybersecurity Research Forum
A new cybersecurity research consortium will focus on solving anticipated problems and transferring the research results into practical applications, participants said. Northrop Grumman announced Tuesday it’s funding the consortium, which will support 10 research projects at three university labs -- Carnegie Mellon’s CyLab, MIT’s Computer Science and Artificial Intelligence Lab, and Purdue University’s Center for Education and Research in Information Assurance and Security. The company is committed to at least a five-year term for the consortium and expects to spend millions, although representatives wouldn’t disclose the exact dollar amount.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
Prof. Eugene Spafford at Purdue, CERIAS executive director, said researchers have warned about cybersecurity threats for the past three decades, but they've never been taken seriously. Instead, threats are addressed after the fact, he said. “This is a case where we're looking ahead to the future for a change,” he said. It’s also a unique opportunity to work together, he said. Although each lab is conducting its own research projects, the members will assemble a few times a year to compare research and to build lines of communication, said Robert Brammer, vice president for advanced technology and CTO of Northrop Grumman Information Systems. Spafford said collaboration will help as the researchers look for solutions for the future. “We're not trying to build a solution to an existing problem,” he said.
The results of the research will give Northrop Grumman a competitive advantage, Brammer said. The company is a leading security provider to the public sector, services agencies on the civil as well as defense and intelligence sides, and is expanding internationally, he said, having just won a contract to build a cyber range in the U.K. The universities will have the freedom to publish their results, he said, and would retain intellectual property rights to anything developed solely by university researchers. Intellectual property rights will be dealt with on a case-by- case basis for anything developed jointly with Northrop Grumman researchers, he said.
Much of the research at Carnegie Mellon’s CyLab attempts to overcome the human element of vulnerability, said Prof. Adrian Perrig, technical director of CyLab. CyLab has three projects as part of the consortium, including a real-time execution trace recording and analysis project. Sometimes a vulnerability becomes known after the fact, Perrig said, but it isn’t known if that vulnerability was actually used to attack a system. This project attempts to allow users to go back in time to see if attackers did exploit the vulnerability and what operations they performed.
At MIT’s CSAIL, one of the three projects is attempting to build a new style of computer that will determine whether an action should be allowed. Right now, said Howard Shrobe, principal research scientist at CSAIL, computers don’t know what they're doing. They have no sense of right and wrong and just do as they're told, he said. His project would tag all data with metadata, then add a parallel unit in the processor that would look at the metadata to see if an operation is allowed or not. “Our goal is to make this kind of computing the norm,” he said.