Share

Top 5 Stories

News

Government needs to work with academia to head off cybersecurity gaps early

29 March 2012

Government should work more closely with academia to address cyber vulnerabilities at an early stage of technology development, rather than waiting until flaws are discovered once the products hit the market. This argument was made by Stephen Flynn, codirector of Northeastern University’s George J. Kostas Research Institute for Homeland Security.

Under the current “system”, the government attempts to legislate or regulate cybersecurity after the problem has already been introduced into the market. Instead, government should involve academia on an ongoing basis so cybersecurity issues can be fixed before the product is deployed on critical systems, Flynn told Infosecurity.

Flynn, along with colleagues from Northeastern University, briefed Congress last week about this issue, along with other cybersecurity issues of concern to law makers and regulators.

“To a large extent, the cybersecurity effort of the US government…does not make the university community a partner”, he said.

Academia is actively involved with industry in developing technology in such regional incubators as Silicon Valley in California, the Route 128 corridor in Massachusetts, and Research Triangle in North Carolina.

“As soon as people are thinking up new ideas, working with new materials, or coming up with new concepts, somebody is trying to figure how to commercialize them and push those out. Then, government comes in after the fact and says, ‘There are some vulnerabilities here that might need to be safeguarded’. Ideally, the time to have the conversation about…the potential risks…would be in the development stage”, Flynn observed.

Government should figure out how to interact with the academic community to mitigate cyber risks in an “open research realm where so much of the cyber applications are being developed”, he said.

“Right now, there is virtually no market incentive at the incubation stage” to consider putting in place safeguards to prevent exploitations by attackers, Flynn noted. Instead the thinking is, let’s get this product to the market as quickly as possible and work on the security bugs as they come up, he added.

Flynn is the codirector, along with Peter Boynton, of a newly established research institute at Northeastern University founded to do just that – to include government, academic, and industry experts at an early stage of technology development.

Located in Burlington, Mass., the building where the George J. Kostas Research Institute for Homeland Security is housed has three floors: the first floor is for the research community, the second floor is for industry incubators, and the third floor is a secure facility for government, Flynn explained. “We are trying to create a place where the trilateral cooperation of industry, government, and academia can all physically happen in the same space”, he said.
 

This article is featured in:
Application Security  •  Industry News  •  Internet and Network Security  •  Malware and Hardware Security  •  Public Sector

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×