America’s National Science Foundation (NSF) last week announced an investment of $20 million into three academic cybersecurity research projects.
The studies cover cloud security, privacy issues, and improving the security of health-related systems and networks.
The NSF supports over 100 research projects related to cybersecurity, but their ‘Frontier’ awards are among the biggest they grant, supporting major multi-discipline, multi-institution projects.
The largest award of this round, of $10 million, went to a project called Trustworthy Health and Wellness (THaW), a five-year collaboration between researchers from Dartmouth College, Johns Hopkins University, the University of Illinois and the University of Michigan at Ann Arbor, which hosts the Archimedes Center for Medical Device Security.
Their research covers all things medical, including improving secure access to patient data from modern mobile devices, safely using cloud technology for data storage and analysis, and allowing patients to control the personal data gathered by hi-tech medical scanners and sensors.
The THaW team will work to develop usable authentication and privacy tools, trustworthy control of medical devices and effective methods to detect malware, compute trust metrics and audit medical information systems and networks.
The medical world is a particularly important area for cybersecurity, with the personal information gathered, stored, shared and analysed by doctors and hospitals on a par with that held by police and lawyers in terms of sensitivity.
Despite this sensitivity, medical institutions have a rather poor record of leaking patient data, through easily penetrated networks or through lack of encryption or improper transportation or disposal of data.
Cybercriminals pay particular attention to medical systems as they tend to be rather low-hanging fruit; either sprawling, heterogeneous networks with many entry and exit points, or small, underfunded and underskilled setups.
They can yield not only rich streams of the standard PII useful for identity theft, but also additional health-specific details which can be used for blackmail, or to help identify particularly vulnerable people. Medical insurance info is also easily turned into cash.
There are also regular issues noted with the security of medical devices, such as insulin pumps and even baby monitors. Even if not specifically targeted, serious danger can be posed to patients if the systems that run the medical devices monitoring or scanning them are infected with malware, and thus rendered less reliable than they should be.
So, it’s good to see some dedicated research into improving things in this area, although some of the ideas being looked at – such as spotting malware infections based on fluctuations in power drain – may seem a little off-the-wall at first glance.
New ideas and techniques developed for specific purposes often end up having more general applications too, so as well as helping protect out health systems and records, some of the improvements may one day add to our overall security.
The other two projects included in the NSF funding round are a six-organisation team looking at leveraging the cloud to provide more secure computing environments, and a group from three universities investigating improving privacy policies so that people can actually understand their implications. Perhaps these will produce some good things too.Follow @NakedSecurity