Where can research take us?
Kevin Poulsen
31

Funding Multidisciplinary Research Is A Must

Research isn’t just for academics — it’s a business development opportunity

In the research world, there’s plenty to keep an interested reader (and stakeholder in security) busy on both vulnerability and protection fronts. Though I follow the vulnerability research with interest, I tend to focus more on the broader issues.

I’m encouraged by a lot of the research initiated in the behavioral role users play in security. I especially like Angela Sasso’s (University of London) work on human factors in security mechanisms and protections. Her research results make an often-neglected point that when security measures are hard to use, users will devote a great deal of time and effort to circumventing or subverting them. I think this work should be required reading for anyone involved in designing security measures that involve user interaction.

Rebecca Bace, CEO / Infidel, Inc.

On the quantum front, there are several fundamental approaches that appear to be viable in dealing with post-quantum cryptography. However, as our experiences with current cryptographic protections have taught us, there are a lot of details that need to be researched and then implemented to fit these approaches to the specific systems they’ll be expected to protect.

On the privacy front, there is a great deal of research underway on the impact that IoT can have on user privacy, along with a lot of ways to resolve issues that arise.

I believe that this is an area that will be colored as much by legal and regulatory controls as it is by technical measures, which increases the importance of funding multidisciplinary research.

The area of secure design and implementation is ongoing and encouraging. This is an area where research on more applied fronts is useful and progress will likely be more evolutionary than revolutionary.

On research funding, it’s a stark reality that given the current political climate in the U.S., industry will need to play a major role in underwriting research, especially in more applied research fronts. I’d love to see policymakers recognize that such research is increasingly a business development issue, not a purely academic investment. Significant advances are coming from nations other than the U.S. — and given the size and growth of security-dependent markets, maintaining a presence in the security research world will be critical for us to stay competitive.

The Future of Security Roundtable is a Google-sponsored initiative that brings together thought leaders to discuss how we can best protect ourselves from the data breaches and security risks of tomorrow. Panelists are not affiliated with Google, and their opinions are their own. Read the post that kicked off the roundtable here and feel free to join in the conversation.