Download our in-depth report: The Ultimate Guide to IT Security Vendors
The U.S. Army Research Laboratory (ARL) recently established a Cybersecurity Collaborative Research Alliance (CRA) between the ARL, the U.S. Army Communications-Electronics Research, Development and Engineering Center (CERDEC), academia, and industry researchers, to explore cybersecurity issues around Army networks (h/t Infosecurity).
Participants include Pennsylvania State University, Carnegie Mellon University, Indiana University, the University of California at Davis, and the University of California Riverside.
The Army will fund the CRA for five years with an optional five-year renewal, at $3.3 million to $5.2 million a year, totaling a potential $48.2 million over 10 years.
"We generally enter into these kinds of alliances with complex problems in mind," Dr. John Pellegrino, director of the ARL directorate that manages the CRA, Computational and Information Sciences Directorate, said in a statement. "The fundamental science of cybersecurity is a long-standing challenge that will take a long time to solve."https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
The CRA will focus on three key areas -- detecting adversaries and attacks in cyberspace, measuring and managing risk, altering the environment to achieve best results at the least cost -- along with a fourth area, which willl be integrated into the other three: developing models of human behaviors and capabilities that enable understanding and predicting motivations and actions of users, defenders and attackers.
According to Carnegie Mellon lead investigator Lorrie Cranor, director of the CyLab Usable Privacy and Security Laboratory, Carnegie Mellon researchers will focus particularly on psychosocial activities.
"One of the salient aspects of our proposed research is in the realization that humans are integral to maintaining cyber security and to breaches of security," Cranor said in a statement. "Their behavior and cognitive and psychological biases have to be integrated as much as any other component of the system that one is trying to secure."