The three universities involved in the security consortium put together this week by Northrop Grumman will have wide latitude to pursue research projects as they see fit and will be under no obligation to work only on technology that fits Northrop’s future plans. The researchers, in fact, will be able to work on the kind of long-range projects that often go unfunded because they don’t show short-term commercial promise.
“The sweet spot for us is what’s coming down the line, five, seven or ten years. We’re not a product development shop,” said Gene Spafford, the executive director of the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University, one of the schools involved in the consortium. “There hasn’t been a lot of money available for longer term research from anyone. Industry has products they want to sell.”
The Northrop Grumman Cybersecurity Research Consortium, announced earlier this week, comprises Purdue, MIT and Carnegie Mellon University. Its goal is to accelerate the transfer of new technologies from the research phase to utility, but Spafford emphasized that Northrop will not be directing the research projects or preventing the researchers from publishing their findings. The company will have the opportunity to license technologies that come out of the three universities.
“This isn’t complete altruism on their part, because they’re going to possibly gain some competitive advantage from it,” Spafford said. “But that’s years down the road. They’re doing it in such a way that we can do real research. The problem has been that we’re resource-constrained, and that’s true of many institutions.
“The federal government doesn’t put any money into basic research. It’s almost all applied research. They see a problem that already exists and want a solution for it. But there are larger problems that might be coming a few years out, and those need addressing.”
Technology transfer–getting innovative technologies from the research environment into the marketplace–often is a long and expensive process. And many technology companies invest large amounts of money in research projects or joint ventures with universities in order to develop the next generation of technology. The universities, in turn, can serve as feeder systems for new engineers, developers and other employees for the technology companies.
IBM and Microsoft both have large research organizations focused on security and privacy research, some of it done privately and some done in collaboration with universities or other outside groups.
To begin, CERIAS has four projects in the works that will become part of the consortium’s work: a look at ways of embedding information into a digital signal to help with information attribution; a project researching attacks and defense on cloud-like distributed systems; a project concerned with experiments on Internet-scale models; and research on improving the speed and fidelity of forensics in field on devices such as PDAs and cell phones.
The goal is for the researchers at MIT, Purdue and Carnegie Mellon to work together and share ideas and projects. Spafford said that in addition to the four projects that will be funded, CERIAS alone has about another 50 in progress, some with funding, some without, and another 40 or so that could be started if enough money was available.
“This is not an exclusive arrangement with Northrop. We still have 10 industry partners and we’re still working with them,” Spafford said. “It’s a matter of people being willing to put some skin in the game and step up. I’m hoping other people will too.”