Research group to tackle cybersecurity threats

Northrop Grumman joins with three universities to fund research on problems in information security

Government security contractor Northrop Grumman has joined with three leading cybersecurity research universities to launch a research consortium focused on fixing the most vexing problems in information security.

Northrop Grumman will distribute "millions" of dollars over more than five years to Carnegie Mellon University in Pennsylvania, Purdue University in Indiana, and the Massachusetts Institute of Technology on projects to counter the most complex problems in cybersecurity, said Robert Brammer, chief technology officer of Northrop Grumman's information systems division.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

The company created the Northrop Grumman Cybersecurity Research Consortium for two reasons, Brammer said at a press conference Tuesday in Washington, D.C. "First, the values of information services and systems have never been greater," he said. "Second, the cybersecurity threats also have never been greater."

Brammer called large-scale cyberattacks a "credible threat" in the coming years. "We require leap-ahead technology developments in order to improve the posture of our defenders," he added. "We need significant new technology developments, combined with improved security education, global standards, and understanding of security economics and psychology."

Northrop Grumman, which has worked on cybersecurity for 20 years, chose the three universities for their long-term, cutting-edge cybersecurity research, Brammer said. "No one organization has the capabilities necessary to address all cybersecurity threats," he added. "No matter how large and functional your organization is, it's certainly obviously true that most of the smart people in the world do not work for you."

The consortium will work on a number of projects, including dependable software analysis, secure computer design, next-generation secure networks, computer forensics and improved software, participants said.

Northrop Grumman plans to use the research to improve its own cybersecurity product offerings, which are tailored to government agencies. University researchers will be able to publish papers on their research and will own the intellectual property on projects solely developed at the universities. Northrop Grumman and the universities will share intellectual property developed jointly.

Participants said they hoped the consortium would help raise awareness of cybersecurity problems, in addition to providing useful research.

Cybersecurity problems are not new, said Eugene Spafford, executive director of the Center for Education and Research in Information Assurance and Security at Purdue.

"It's one that many of us have been warning about for nearly three decades," he said. "The problems have been anticipated and seen in advance. Unfortunately, none of the warnings have been taken seriously, particularly by government."

Instead of addressing problems proactively, many government agencies and private companies have been fixing cybersecurity problems after they have happened, Spafford added.

In some cases, universities have competed against each other for limited cybersecurity research dollars, Spafford said. He called the new consortium a "wonderful" opportunity for cybersecurity researchers to work together.