U Computer Scientists Working with Department of Defense on Cybersecurity

Apr 19, 2015

Computer scientists at the University of Utah are working on fighting the next generation of cyberattacks. The US Department of Defense has awarded 3 million dollars to researchers at the U and at the University of California, Irvine to develop a new tool to detect future threats to security.

Associate Professor Matthew Might is in the School of Computing at the University of Utah. He says we already have a cybersecurity crisis, but what keeps him up at night is that fact that it hasn’t caused a real disaster yet.

“I mean the fact that anything works at all given how vulnerable everything is, kind of amazes me,” Might says.  He says many computer scientists are working to get a handle on the current crisis, but the Department of Defense has awarded his team a grant to anticipate the next threat coming down the line.

“A lot of the work that I do right now for cyber security is really just trying to clean up the mess that we already have, but for once, I see this as a chance to get ahead,” Might says. “So in five years’ time, we won’t be playing catch-up anymore.”

Might and his colleagues are working on software to combat the next generation of computer vulnerabilities, attacks that are sophisticated and hard to detect. The military is anticipating that these attacks would be based not on flaws in security systems, but on exploiting the algorithms, the very rules or calculations that a computer must follow to solve a problem. Might’s group will be tested every 6 months by a military team of simulated adversaries.

“They’re essentially playing the role of a Russia or a China in this case, and they’ll be attacking us and we have to use our tools to defend against them,” he says. “I think making sure that we actually engage and win these engagements is going to be both fun, but somewhat nerve-racking,”

Might is holding what he calls hackathons every week with his team of about 10 researchers, to make sure that they’re ready for the next simulated attack.