From the director
Dear friends of the Center for Applied Cybersecurity Research,
When we think back on 2020, we will recall it as the year of COVID-19, working from home, masks and hand sanitizer, and countless Zoom meetings.
We will also recall it as a year in which the cybersecurity threat to research and education escalated dramatically. In May, the Wall Street Journal quoted the FBI and the Cybersecurity and Infrastructure Security Agency—the cyber wing of the Department of Homeland Security—that Chinese state actors were targeting American universities and pharmaceutical and other health-care firms in a bid to steal intellectual property related to coronavirus treatments and vaccines, and that the intrusions may be jeopardizing progress on medical research. Ransomware attacks also stalked higher education and research with at least 30 colleges and school districts becoming victims in the first five months of 2020. Known ransom payments exceeded $3.1M, and in June, the University of California San Francisco School of Medicine paid a $1.14M ransom.
Against the backdrop of the global pandemic and its new rules, limitations, and threats, the CACR team and the organizations it leads continued to excel, progressing the work of enhancing cybersecurity for the nation, the state of Indiana, and Indiana University. Trusted CI pivoted to provide needed information on reducing the risk of ransomware attacks, held a COVID-19 issue-centric town hall, and offered priority support to projects supporting COVID-19-related research. The Research Security Operations Center (ResearchSOC) began onboarding three National Science Foundation (NSF) major facilities. The Principles-based Assessment for Cybersecurity Toolkit (PACT) team delivered their cybersecurity assessment in collaboration with Naval Surface Warfare Center, Crane Division (NSWC Crane) and U.S. Coast Guard to the Virginia International Gateway terminal. The state of Indiana engaged CACR to provide election cybersecurity training in advance of the 2020 elections, with officials from 32 counties participating. The newly launched SecureMyResearch team engaged over 90 IU research projects, while CACR staff led outreach efforts to IU students, faculty, and staff to combat Zoombombing.
CACR’s work also continued to catalyze collaborations across IU. Most notably, CACR facilitated IU obtaining a $2.25M CyberCorps Scholarship for Service award, a collaboration between the Luddy School of Informatics, Computing, and Engineering; University Information Technology Services (UITS); Kelley School of Business; and Maurer School of Law. The award will provide students with internship opportunities in CACR, UITS Information Security, and the OmniSOC. Other collaboration examples abound. The ResearchSOC award pulls together IU operational cybersecurity expertise with faculty from the Luddy School. The PACT project draws on expertise from the IU School of Education. CACR’s collaboration with the Maurer School exposes law students to legal issues in the cybersecurity domain. The new SecureMyResearch project, supported jointly by the IU Office of the Vice President for Information Technology (OVPIT) and the IU Office of the Vice President for Research (OVPR), catalyzes research with cybersecurity and compliance requirements across IU. The CACR Fellows program reaches across five IU schools, IUPUI, and beyond.
In this challenging year, we relied on the collaboration and support of our many partners, Fellows, and supporters for our success. These include the NSF, NSWC Crane, the Department of Homeland Security, IU OVPR, IU OVPIT, an extensive list of partner universities, and IU’s researchers and operational cybersecurity staff.
I cannot speak highly enough about the members of CACR’s staff. They delivered results that would be remarkable in ordinary times; during this year, their performance was simply extraordinary.
As we look to 2021 and beyond, we see a changed world with new challenges and new opportunities. I am proud of CACR’s accomplishments and confident that our service and leadership will meet those challenges and take advantage of those opportunities, and so present our 2020 Annual Report.
Executive Director for Cybersecurity Innovation
Associate Vice President, Information Security