Cybersecurity Research Consortium Point Man Outlines Efforts

June 21, 2011
FedCyber Wire, Solution Providers
No Comment

via Bank Info Security

Northrop Grumman Cybersecurity Research Consortium’s Robert Brammer says IT security researchers should think like Wayne Gretzky, the National Hockey League hall of famer: Skate to where the puck will be.

“Most people, when they think about computer security, think about getting virus signatures on their PCs, updating passwords and so forth; all of that’s very important,” says Brammer, vice president of advance technology at Northrop Grumman Information Systems. But that’s the here and now, and Brammer knows the IT environment is rapidly changing, and researchers must skate ahead to where computing will be, not necessarily where it’s now. As nearly everything gets computerized – such as automobiles, he cites – researchers must think differently about how to tackle cybersecurity.

Brammer is the company’s point man with Northrop Grumman Cybersecurity Research Consortium that includes three of the nation’s top computer security research institutions: Carnegie Mellon University, the Massachusetts Institute and Technology and Purdue University.

The solutions aren’t always in specific products or services that protect data or systems, but in the processes of building those products or services, Brammer says in an interview with Information Security Media Group.

Brammer points to work being performed by consortium researchers that delves into automating parts of the design and security certification processes tied to the creation of new applications, developing techniques to identify vulnerabilities by analyzing code behavior. If successful, he says, such new processes should significantly cut costs by requiring fewer experts from working on new applications and speed the software to market.

In the interview with’s Eric Chabrow, Brammer addresses consortium research projects that includes:

  • Developing ways to prevent data leakage from organizations sharing cloud computing services.
  • Watermarking data to assure their authenticity.
  • Seeking new ways to employ encryption in environments such as the cloud.

Continued here.