Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Articles

9/2/2020
07:00 AM
Curtis Franklin Jr.
Curtis Franklin Jr.
Edge Features
50%
50%

Hypothesis: Cyber Attackers Are After Your Scientific Research

From COVID-19 treatment to academic studies, keeping research secure is more important than ever. The ResearchSOC at Indiana University intends to help.

Industrial espionage has been around long before companies needed to protect the identity of 13 herbs and spices or the cola recipe locked in an Atlanta pharmacist's safe. And scientists, being human after all, have sought to know what their "colleagues" are working on since Archimedes experimented with levers and fulcrums.

Today, however, the stakes and activity levels seem higher than ever, leading to serious interest in how to secure research and the instruments of experimentation.

Recent examples underscore why. In the early days of the coronavirus pandemic, for one, the US government accused China of spying on vaccine research. And incidents like the ransomware attack on the University of California at San Francisco, which was working to develop a COVID-19 treatment or vaccine, show that attackers are having a serious impact on some research institutions.

The question for cybersecurity professionals is how they can help keep their organizations' research capabilities from joining the list of victims.

"Right now, any research related to a cure for COVID-19 is the primary target for threat actors," says Hank Schless, senior manager, security solutions at Lookout.

The research for that critical topic shares qualities with research activities across the board, according to experts.

"When you're talking about research, and when you're crossing different types of entities, whether it's industry, academia, or others, you do have to have a baseline level of security," says Kiersten Todt, managing director of The Cyber Readiness Institute.

And those baselines can define research-oriented security in a number of ways.

"When it comes to research, there has to be best practices so that everyone knows where the baseline is and also where the ceiling is," Todt explains.

An Academic Approach
Defining the baseline and ceiling for research security is part of what the ResearchSOC at Indiana University intends to do. 

"The goal of the research is to provide scientific projects with the cybersecurity services that they really need in these modern times but are challenged to provide themselves," says Von Welch, principal investigator for the ResearchSOC project.

One of the reasons for the challenge is that most research projects are not staffed by cybersecurity experts -- they're made up of scientists. And the majority of research teams are small.

"Very few of these projects are on the scale of something like CERN [the European Organization for Nuclear Research], where they can have a dedicated computer security team," Welch says.

He explains that the ResearchSOC builds on the activity of the OmniSOC, a collaboration of schools in the Big 10. OmniSOC is a full production SOC that supports research projects across member universities and activities that range from scanning device logs to full security consulting on platform and architecture issues, Welch adds.

Support from a SOC that specializes in research is important, Welch says, because the needs and architectures of research projects can differ significantly from those supported by most enterprise SOCs.

"You see a lot of command-and-control or data infrastructure for controlling the test equipment," he says. "You see a lot of high-performance, high-end sort of unicorn infrastructure for processing data. And you tend to see a lot of collaboration. A lot of the projects we deal with are national, even global in scope in terms of their collaboration."

Beyond the extent of collaboration, other issues make securing research projects a challenge.

"In most situations, people equate data security to preventing unauthorized access. But one of the most insidious threats to data is its integrity," says Mounir Hahad, head of Juniper Threat Labs at Juniper Networks. "Therefore, having a DLP [data loss prevention] solution in place, as good as it may be, is not enough. You have to ensure no one with malicious intent is able to tamper with the data and make ever-so-slight modifications that the results are no longer trusted or lead to the wrong conclusion."

But even within the issue of data integrity, many roads lead back to the challenges posed by collaboration.

"The old stereotype of a scientist sitting alone in a room and making a discovery is just no longer true," Welch says. "It's massive collaboration, whether it's the Higgs boson [particle] or a gravity wave. "You know, these are now global collaborations with thousands of people."

And that makes the old defense model of a "walled garden" adequately protected by a well-engineered firewall no longer true either.

(Continued on next page.)

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio
Previous
1 of 2
Next
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Flash Poll