The first cybersecurity advances to emerge from ’s research partnership with three leading U.S. universities could be fielded within the next year or so, depending on government acquisition cycles, the company says.
Advances in cloud-computing security, application software for mobile devices and forensic capabilities are among the first products to emerge from the 18-month-old Cybersecurity Research Consortium involving Carnegie Mellon University, the Massachusetts Institute of Technology and Purdue University.
“All have the potential to be fielded in the next year or two,” says Robert Brammer, vice president and chief technology officer for Northrop Grumman Information Systems. “We have submitted initial proposals to customers.”
The five-year collaborative-research partnership was launched in 2009 to tackle some of the toughest problems in cybersecurity, “and we are beginning to get encouraging results,” he says. Research is focused on protecting large-scale networks and critical infrastructure such as the control systems for power grids.
Cloud security for government computing is a high priority, Brammer says, and MIT is researching the use of low-cost “trusted” processors performing specialized encryption to protect data in the cloud and reduce the security risk in sharing information-technology infrastructure.
Several research projects have reached the stage of testing on Northrop cyber-ranges to evaluate their effectiveness. Digital watermarking to authenticate and track data in the cloud “has shown an ability in the lab to resist cybersecurity attack, so we are testing it on a large scale in cyber-ranges,” he says.
One of the research areas is in developing ways to automate cybersecurity certification testing of systems to reduce time and cost. “Initial testing shows excellent potential,” Brammer says.
“We are now doing research on selected operational systems to see how it scales up.”
An approach being developed by Purdue to automate the testing of large Internet-scale networks involves breaking them into smaller pieces, testing them on the cyber-range and then recombining them with confidence that the results will remain accurate.
Another area of research is into ways to automate recovery from network intrusions. An approach being developed by MIT is to “re-execute” – to store all computing data and, after an attack, remove any malware and roll back any file to a point just before the attack, then re-execute all legitimate computations. This is moving into lab testing.