Why you can’t decide (And what to do about it)
May 27, 2016
Commentary: The rapidly changing digital world can leave tech executives feeling overwhelmed when they're faced with charting the course of their company's cybersecurity strategy.
The National Science Foundation issued Thursday three large awards to university researchers hoping to solve significant cybersecurity challenges in numerous areas.
Totaling nearly $20 million, the three awards — the Frontier projects — are a subset of nearly 110 new cybersecurity research projects that recently received funding anywhere from $100,000 to $1 million. NSF’s Secure and Trustworthy Cyberspace program, founded in 2011, granted the awards as part of the government's 2011 Strategic Plan for the Federal Cybersecurity Research and Development Program. The three large awards span the areas of health care, cloud computing and Web privacy.
“NSF’s investments in foundational research will transform our capacity to secure personal privacy, financial assets and national interests,” Farnam Jahanian, NSF's assistant director for computer and information science and engineering, said in a statement. “These new Frontier awards will enable innovative approaches to cybersecurity, with potential benefits to all sectors of our economy.”
Dartmouth College's Institute for Security, Technology and Society will lead one of the projects, which will investigate how health care can be improved through secure information systems.
"Our research is motivated by the rapid deployment of mobile and cloud information technologies in healthcare, both in clinical settings and at home," David Kotz, lead investigator and a Dartmouth computer science professor, said in a statement.
Kotz’s team will focus on creating secure access to health records, malware detection programs and reliable audits of medical information systems and networks.
"We aim to help these technologies reach their full potential by ensuring they can protect the integrity of medical data and the privacy of patient information," Kotz said.
A second research team will explore how to enhance cybersecurity in the more nebulous area of cloud computing. While authentication and monitoring for desktops and land-line connected systems is a well-researched field, these security measures have not necessarily been effectively replicated in the cloud computing space. Mike Reiter, a computer science professor at the University of North Carolina, hopes to change that with this research project.
“The vast majority of cloud-related research in the computer security research community casts the move to cloud computing as intensifying the threats to which data and services are vulnerable,” he said in a statement. “Instead, we see new opportunities for improving security of data and services by moving them to the cloud, and we plan on pursuing an aggressive research agenda to realize these opportunities.”
The researchers will also enlist the help of the private industry through a number of Cloud Security Horizons summits.
Another research team will tackle that ubiquitous problem: clicking “Accept” on those muddled and inaccessible privacy policies (often buried within the “Terms and Conditions”), which every Internet user has had to do at some point.
"If you read privacy notices, you quickly realize that they contain a lot of boilerplate text and that people seem to often be recycling entire sentences and even larger text fragments from one another," Norman Sadeh, lead investigator and a computer science professor at Carnegie Mellon University, said in a statement. "This project will aim to exploit these types of patterns."
The team hopes to create a technology to scan for, and lift, the key privacy portions from these policies. Then, it will translate the legalese into accessible content for the user.
These three projects represent just under 3 percent of the entire cadre of new projects funded under this most recent round of NSF awards. But they give an idea of the broad swath of areas the organization is hoping cybersecurity research can improve.