Government needs to work with academia to head off cybersecurity gaps early

Under the current “system”, the government attempts to legislate or regulate cybersecurity after the problem has already been introduced into the market. Instead, government should involve academia on an ongoing basis so cybersecurity issues can be fixed before the product is deployed on critical systems, Flynn told Infosecurity.

Flynn, along with colleagues from Northeastern University, briefed Congress last week about this issue, along with other cybersecurity issues of concern to law makers and regulators.

“To a large extent, the cybersecurity effort of the US government…does not make the university community a partner”, he said.

Academia is actively involved with industry in developing technology in such regional incubators as Silicon Valley in California, the Route 128 corridor in Massachusetts, and Research Triangle in North Carolina.

“As soon as people are thinking up new ideas, working with new materials, or coming up with new concepts, somebody is trying to figure how to commercialize them and push those out. Then, government comes in after the fact and says, ‘There are some vulnerabilities here that might need to be safeguarded’. Ideally, the time to have the conversation about…the potential risks…would be in the development stage”, Flynn observed.

Government should figure out how to interact with the academic community to mitigate cyber risks in an “open research realm where so much of the cyber applications are being developed”, he said.

“Right now, there is virtually no market incentive at the incubation stage” to consider putting in place safeguards to prevent exploitations by attackers, Flynn noted. Instead the thinking is, let’s get this product to the market as quickly as possible and work on the security bugs as they come up, he added.

Flynn is the codirector, along with Peter Boynton, of a newly established research institute at Northeastern University founded to do just that – to include government, academic, and industry experts at an early stage of technology development.

Located in Burlington, Mass., the building where the George J. Kostas Research Institute for Homeland Security is housed has three floors: the first floor is for the research community, the second floor is for industry incubators, and the third floor is a secure facility for government, Flynn explained. “We are trying to create a place where the trilateral cooperation of industry, government, and academia can all physically happen in the same space”, he said.

What’s Hot on Infosecurity Magazine?