By GREGORY ZELLER //
Virtually speaking, Stony Brook University is on the front lines of national defense.
The mission of the university’s National Security Institute, which launched in 2014 and resides inside the university’s gleaming new 70,000-square-foot Computer Science Building, is simple, according to Director Radu Sion: “We want to protect our country, nothing more, nothing less.”
“Simple” doesn’t always translate to “easy,” of course, and that’s certainly the case at the NSI, a multi-disciplined effort to shield U.S. infrastructure, data caches and citizens from cybercrimes ranging from ID thefts to massive data breaches.
Cybercriminals are smart and can often do more damage than a terrorist with a gun or IED. So the faculty – including six core university professors and six affiliated researchers, all experts in distributed-systems security, online privacy, regulatory compliance, hardware fortification and other security-based areas – must be smarter.
“We have multiple areas of research, ranging from mobile security to applied cryptography,” said Sion, an SBU associate computer science professor who submitted the original NSI proposal to university administrators. “We want to provide defense from a fundamental research point of view.”
In the pantheon of SBU incubators, centers and institutes, that’s an important distinction. Where many SBU programs are focused on turning science into commercialized commodities, the NSI’s primary focus is research and education. Commercialization, Sion noted, can come later.
“This is not industrial R&D,” he said. “We don’t do proprietary work. We want to get there, and we have a plan to get there, but we’re about doing fundamental research first.”
That said, even the director can’t dismiss the commercial potential of R&D that delves deep into holistic socio-technological solutions for securing an increasingly digital global society. As an educator of future professionals in the defense, assurance, healthcare and business-policy industries, among others, the NSI packs a fairly obvious and wide-ranging economic punch.
One example is Private Machines Inc., a cloud-computing security firm Sion launched in 2013 and has nurtured through his NSI connections. Funded by the U.S. Department of Homeland Security, the startup is already providing services to the National Science Foundation and the U.S. Air Force, among other government clients, and is now looking to beef up its private-sector deployments.
Other public-private partnerships through the institute also set a quasi-commercial tone. For instance, Long Lu, an assistant SBU computer science professor and NSI staffer, is using a $1.6 million NSF grant to better understand malware distribution systems, in collaboration with researchers at the University of Illinois and the nonprofit SRI International, a California-based economic booster managed by Stanford University trustees.
Sion, meanwhile, is personally involved in two research efforts rich with commercial promise. Alongside Donald Porter, another assistant SBU computer science professor, he’s engaged in a collaborative international study of “practical plausibly deniable encryption,” a potentially powerful tool for protecting data on lost or stolen devices.
Working closely with researchers at Florida International University, Sion is also leveraging NSF and Pentagon stipends to study hardware-enforced authentication for mobile systems – essentially, developing new technologies that increase what’s called “integrity assurances” on mobile data. One possible application: proving that audio and video files captured on mobile devices are the real deal, and not clever forgeries.
The institute, meanwhile, enjoys “a very good relationship” with other, more commercially focused SBU programs, Sion said, including multiple collaborations with managers and startup clients at the university’s Center of Excellence in Wireless and Information Technology.
Commercialization of the NSI’s top-level research initiatives is certainly a long-term goal, according to Sion.
“Researchers publish and other people build on their work, and eventually it becomes a product, and then things become more secure because of that,” the director noted. “That’s the societal impact, the economic impact. But exactly who is going to pick up the research and turn it into commercial reality?
“This transition to practice is a challenge,” Sion added. “And this is the gap we’re working on bridging at the NSI.”
For now, the research-first mantra holds sway, with high-profile projects like the Cyber-Attack Automated Unconventional Sensor Environment program – a federally funded effort to develop cyber-attack early-detection systems – front and center.
The institute is also working to add faculty and “expand our expertise,” according to Sion. Which scientific discipline a new faculty member will bring to the table “depends on the applicants we get,” he added, “because we only want the best of the best.”
That can be difficult, since adjunct research positions are often funded by what the director called “soft money” – a combination of university funds and grants brought in by the researcher – and many top researchers will only consider tenure-track positions.
“We’re understaffed, and it affects the amount of funding we can bring in,” Sion noted. “We have to turn away work because we don’t have enough staff to handle all of these projects.
“There’s so much work to be done, especially with our nation trying to get on track securing infrastructure,” he added. “We would probably double our throughput if we had more faculty.”
