IU-led cybersecurity team nabs $12.5M to help protect federally funded research

In just the past few days, the National Science Foundation has released research findings that offer new hope for dying coral reefs, could help scientists predict the size of wildfires from the moment of ignition and provide doctors a way to measure the healing of aneurysms.

The discoveries come from just a few of the 10,000 research projects supported by more than $8 billion in funding from the foundation, an independent federal agency created by Congress in 1950 to promote research and science.

But with all that research comes millions of data points processed by thousands of computers at universities and research labs across the country, all with differing levels of security—and all at risk of being hacked or attacked.

Enter Trusted CI—also known as the NSF Cybersecurity Center of Excellence—which is headquartered at Indiana University and operated in cooperation with other universities and research facilities.

Von Welch is director and principal investigator of Trusted CI and director of the IU Center for Applied Cybersecurity Research. (Photo courtesy of IU)

On Thursday, NSF announced that it was giving Trusted CI a $12.5 million grant to help researchers over the next five years keep their data and their projects secure from cyberattacks. The “CI” in Trusted CI stands for cyberinfrastructure, a recognition that modern research doesn’t exist without computer hardware and software to process it.

“The people at NSF are not cybersecurity experts,” said Von Welch, director and principal investigator of Trusted CI and director of the IU Center for Applied Cybersecurity Research.

But, he said, “as with the internet broadly, scientific cyberinfrastructure continues to be negatively impacted by cybercrime and other cyberattacks.”

And those attacks can be devastating. Hackers could infiltrate and alter data that’s part of climate-change research, leading to incorrect conclusions about the planet’s future. They could use ransomware to make computers that control satellites or telescopes inoperable, making it impossible for astronomers to see once-in-a-lifetime occurrences in space. Or they could steal medical data that is part of a program that examines how various treatments impact long-term health outcomes.

Still, finding a way to secure such disparate data produced in so many different places is daunting, even for the NSF. “It’s very difficult to herd all those cats,” Welch said. Trusted CI is charged with figuring out how to move the herd.

It has been in operation since 2012, when IU and its partners pitched the idea to the science foundation. The goal was not to actually build software or hardware to keep NSF-funded research safe. That already existed. In fact, researchers told Welch and his colleagues that they were “up to their eyeballs” in software and applications, with vendors constantly trying to hawk their new products.

What the researchers needed was advice and leadership from experts who didn’t want to sell them anything. So Trusted CI actually serves more as a consultant, adviser and educator, a collection of experts who can offer training and best practices to those thousands of researchers who are working independently on very different projects with very different needs.

NSF initially funded Trusted CI as a pilot for three years, and then renewed for another three. The latest grant, however, ups the grant’s time frame and the money.

The IU-led coalition is currently receiving about $1.6 million annually for its work. When the new grant takes effect on Jan. 1, it will receive about $2.5 million annually.

Welch said that will allow CI to tackle several new projects. Among them:

– Working with cybersecurity experts to commercialize their findings and create products that will help other researchers keep their data safe. Just this summer, Trusted CI hosted workshops to try to connect cybersecurity researchers with funders who can bring their ideas to life.

– Developing a fellowship program—which just got underway—that allows six scientists from different genres to work for a period of time with cybersecurity experts and then take their newfound knowledge back to their research communities.

– Launching a “very focused effort on data integrity,” Welch said. Trusted CI has already made progress in the area, but the new funding “will help with ramping it up this year,” he added.

So far, Trusted CI has directly helped researchers with more than 250 projects improve their strength in cybersecurity. But it distributes information more widely through webinars and publications. At its annual NSF Cybersecurity Summit this year, more than 100 researchers attended to share their own experiences and learn from experts and each other.

“Trustworthiness is at the heart of scientific discovery and reproducibility,” said Manish Parashar, director of NSF’s Office of Advanced Cyberinfrastructure and a computer science professor at Rutgers University, said in a prepared statement.

“As a result, cyberinfrastructure enabling scientific research and discovery must be trustworthy,” Parashar said. “The Trusted CI project is a key investment by NSF toward realizing a more trustworthy scientific cyberinfrastructure and research landscape.”

Trusted CI’s other partners include the National Center for Supercomputing Applications at the University of Illinois, the Pittsburgh Supercomputing Center, the University of Wisconsin-Madison, Internet2 and the U.S. Department of Energy’s Lawrence Berkeley National Laboratory.

IU has been receiving about $1 million per year from the National Science Foundation grant. The money pays for 12 IU staff members, most of whom work part time on the project.

Please enable JavaScript to view this content.

Editor's note: IBJ is now using a new comment system. Your Disqus account will no longer work on the IBJ site. Instead, you can leave a comment on stories by signing in to your IBJ account. If you have not registered, please sign up for a free account now. Past comments are not currently showing up on stories, but they will be added in the coming weeks. Please note our updated comment policy that will govern how comments are moderated.