DHS S&T Awards $1.27M to 2 Universities for Cybersecurity Research
Thursday, November 08, 2018 | Comments

The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) awarded more than $1.27 million across two universities to develop new solutions to improve the capability of organizations to understand and improve their cybersecurity control investment decisions.

The University of California San Diego received $1.045 million for a multiyear effort to develop threat intelligence tools and techniques for measuring the reliability and value of a threat intelligence source to an enterprise. The project will include four kinds of metrics — technical, comparative, operational and risk — to allow end users to compare different threat intelligence products reliably, increasing transparency and incentivizing more effective controls within the threat intelligence marketplace.

The University of Illinois Chicago was awarded $227,305 for a 12-month effort to develop a cyberattack economic impact model, and a tool to automate data collection and analysis to provide near real-time estimates of cyberattack outcomes. The model and reference implementation will provide a standard baseline against which organizations can evaluate and quantify estimated economic impacts of cyberattacks for cybersecurity investment decision support.

“Research in cyber risk economics is an important element in S&T’s cybersecurity portfolio,” said William N. Bryan, senior official performing the duties of the under secretary for S&T. “S&T is working to improve cybersecurity practices, particularly in the areas of risk management and investment decision making, through improved models and metrics that will help organizations make informed acquisition and deployment decisions about cybersecurity products on the market today.”

The Cyber Risk Economics (CYRIE) project intends to improve the value-based decision-making of those who own, operate, protect and regulate the nation’s vital data assets and critical infrastructure. CYRIE research and development (R&D) supports empirically based measurement, modeling and evaluation of investment into cybersecurity controls; impact of investment on the probability, severity and consequences of actual risks; value correlation between business performance measures and cybersecurity investments and impacts; and incentives to optimize cybersecurity risk management.

Would you like to comment on this story? Find our comments system below.



 
 
Post a comment
Name: *
Email: *
Title: *
Comment: *
 

Comments

No Comments Submitted Yet

Be the first by using the form above to submit a comment!

Site Navigation

Close