Applied Research

Cybersecurity is critical to scientific collaboration and the integrity and trust of resulting data. It supports and enables workflows and choices made by science teams, while affecting their work as little as possible. But scientific cyberinfrastructure, which features large and complex data sets and rich, collaborative ecosystems, brings unique challenges for cybersecurity.

The Center for Trustworthy Scientific Cyberinfrastructure (CTSC) works to improve the cybersecurity of science and engineering projects funded by the National Science Foundation. CTSC draws on expertise from multiple internationally recognized institutions, including Indiana University, to provide usable, high-quality solutions suited to the needs of those communities. It also advances cybersecurity practices across the communities by:

• Analyzing gaps in technology to provide guidance to researchers and developers
• Addressing the application of software assessment to complicated cyberinfrastructure software stacks
• Fostering broadly the transition of cybersecurity research to practice

There are many still reluctant to recognize the dangers of digital threats. As a result, they are not adequately prepared to handle them. Security Matters, a 12-episode series created by the CACR starting in 2010, worked to address that.

Security Matters discussed specific security threats or vulnerabilities through brief audio and video how-to segments. The series aired on public radio station WFIU and was available online.

Balancing transparency and privacy can be difficult, particularly in the face of the sheer volume of data generated each day. For the average user, the implications arising from the use of their personal information may not be immediately clear.

CACR explores today’s public, private, and homeland security needs with two goals in mind:

• Understanding the modern security landscape
• Fostering an information-rich atmosphere that is fair but secure

We face increasing threats of cyberattack and a shortage of lawyers prepared to address related issues. Educating and training current and future attorneys is a growing priority in the field of law.

The CACR is one of only a few facilities across the country that has been named an NSA and DHS National Center of Academic Excellence in both Information Assurance Education and Information Assurance Research.

The CACR uses its powerful and unique cybersecurity resources to provide security assistance to many national groups, including the federal government, which received policy advice from the CACR during the White House’s 60-day cybersecurity review in 2009.

Cybersecurity awareness shouldn't be limited to the experts. The CACR works to create a more cyber-intelligent world by hosting events that educate both cybersecurity professionals and the general public.

The CACR fosters and participates in policy discussions that shape the cybersecurity landscape. As an NSA Center of Academic Excellence in both Information Assurance and Education, CACR experts are frequently asked to meet with senior government officials in areas of cybersecurity law and policy, personal privacy, and civil liberties.

In the wake of the Edward Snowden leaks, the National Security Agency met with five CACR representatives, as well as with other academic groups.

Cybercrime is an estimated $100 billion industry in the United States. Attackers have an arsenal of weapons that penetrate weak security protocols and exploit software vulnerabilities. The CACR helps lead the development of tools and solutions that form the foundation for a more secure Internet.

The latest example is the Software Assurance Marketplace (SWAMP)—a state-of-the-art facility that serves as an open resource to help improve the safety and quality of software ecosystems by creating access to assurance tools, testing, and reporting. SWAMP is supported by a $23.4 million grant from the Department of Homeland Security’s Science and Technology Directorate.

CACR Director Von Welch serves as the principal investigator for IU’s work with SWAMP, which won Information Security Executive North America Project of the Year Award honors in the academic/public sector category in 2014.