US science fund pumps $20 million into cybersecurity research

Filed Under: Data loss, Featured, Malware, Privacy

NSF_Logo 170America's National Science Foundation (NSF) last week announced an investment of $20 million into three academic cybersecurity research projects.

The studies cover cloud security, privacy issues, and improving the security of health-related systems and networks.

The NSF supports over 100 research projects related to cybersecurity, but their 'Frontier' awards are among the biggest they grant, supporting major multi-discipline, multi-institution projects.

The largest award of this round, of $10 million, went to a project called Trustworthy Health and Wellness (THaW), a five-year collaboration between researchers from Dartmouth College, Johns Hopkins University, the University of Illinois and the University of Michigan at Ann Arbor, which hosts the Archimedes Center for Medical Device Security.

Their research covers all things medical, including improving secure access to patient data from modern mobile devices, safely using cloud technology for data storage and analysis, and allowing patients to control the personal data gathered by hi-tech medical scanners and sensors.

The THaW team will work to develop usable authentication and privacy tools, trustworthy control of medical devices and effective methods to detect malware, compute trust metrics and audit medical information systems and networks.

The medical world is a particularly important area for cybersecurity, with the personal information gathered, stored, shared and analysed by doctors and hospitals on a par with that held by police and lawyers in terms of sensitivity.

Despite this sensitivity, medical institutions have a rather poor record of leaking patient data, through easily penetrated networks or through lack of encryption or improper transportation or disposal of data.

Cybercriminals pay particular attention to medical systems as they tend to be rather low-hanging fruit; either sprawling, heterogeneous networks with many entry and exit points, or small, underfunded and underskilled setups.

Doctor on iPad. Image courtesy of ShutterstockThey can yield not only rich streams of the standard PII useful for identity theft, but also additional health-specific details which can be used for blackmail, or to help identify particularly vulnerable people. Medical insurance info is also easily turned into cash.

There are also regular issues noted with the security of medical devices, such as insulin pumps and even baby monitors. Even if not specifically targeted, serious danger can be posed to patients if the systems that run the medical devices monitoring or scanning them are infected with malware, and thus rendered less reliable than they should be.

So, it's good to see some dedicated research into improving things in this area, although some of the ideas being looked at - such as spotting malware infections based on fluctuations in power drain - may seem a little off-the-wall at first glance.

New ideas and techniques developed for specific purposes often end up having more general applications too, so as well as helping protect out health systems and records, some of the improvements may one day add to our overall security.

The other two projects included in the NSF funding round are a six-organisation team looking at leveraging the cloud to provide more secure computing environments, and a group from three universities investigating improving privacy policies so that people can actually understand their implications. Perhaps these will produce some good things too.

Image of doctor on iPad courtesy of Shutterstock.


You might like

One Response to US science fund pumps $20 million into cybersecurity research

  1. i read and watch here related to Cyber Security system. every day increase the cyber attacks and never save every thing but mostly sites provides cyber security.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

John Hawes is Chief of Operations at Virus Bulletin, running independent anti-malware testing there since 2006. With over a decade of experience testing security products, John was elected to the board of directors of the Anti-Malware Testing Standards Organisation (AMTSO) in 2011.