Twenty years ago, Indiana University created the Center for Applied Cybersecurity Research (CACR) – a hub of technology and policy excellence providing organizations, practitioners and scholars with the essential education and skills to manage cybersecurity risks in a rapidly changing landscape.
Since then, the center has become a state and national leader in cybersecurity innovation for the research community, the public sector and defense establishment. Experts in the center have worked collaboratively with partners to help secure communities, large research facilities and other critical infrastructure providers and are a regular presence at major conferences such as the American Medical Center Conference on Privacy and Security and the National Science Foundation Cybersecurity Summit.
"IU is a global thought leader in cutting-edge, interdisciplinary cybersecurity research," said Scott Shackelford, executive director and professor at the IU Kelley School of Business. "The Center of Applied Cybersecurity Research is at the core of this mission and has been for 20 years now by putting theory into practice as it assists critical infrastructure, research and national security communities across Indiana and beyond."
On February 23, the Center for Applied Cybersecurity Research center will celebrate its anniversary with an event at Whittenberger Auditorium in the Indiana Memorial Union on the IU Bloomington campus. The event will include two panels of leading cybersecurity experts, two keynote speeches, and a reception in the IMU Georgian Room at 4:45 p.m.
The half-day event includes presentations focused on the center's beginnings and future. Panels of leading cybersecurity experts will discuss emerging cybersecurity technological and regulatory trends along with how the center will adapt to the changing shape of global cybersecurity policy.
Internationally renowned security technologist Bruce Schneier will present the closing keynote. Rear Admiral Heidi Berg, director of plans and policy from U.S. Cyber Command, will be providing the opening keynote, with panels featuring former CACR executive directors Fred Cate and Von Welch.
The Center for Applied Cybersecurity Research was founded in 2003 to contribute expert knowledge and leadership in applied cybersecurity technology, education and policy. Over the years, the suite of services has expanded, including cybersecurity assessments, consulting and resources for researchers, National Science Foundation-funded research, cybersecurity assessments and training and education.
One of the first successful ventures of the center was launching "How to Spot a Scam" in 2010, a YouTube series aimed at educating the public on good cyber hygiene at a time when society did not have the tools or knowledge to protect their privacy online. The series produced 63 videos with 153,634 total views.
"President McRobbie created the Center for Applied Cybersecurity Research with a simple, important mission: to advance the practice of cybersecurity by being an essential bridge—a bridge between pure and applied research, a bridge between industry, government and academia, and a bridge between the many disciplines necessary for effective cybersecurity," said Fred Cate, the center's founding director and now vice president for research at IU. "Today we all recognize the need to bring together these critical elements, but in 2003 the focus was unusual, and I believe the center has succeeded in large part because of its commitment to engaging with all of the skills and experiences necessary to developing practical, workable, innovative approaches to cybersecurity."
Since 2003, the Center for Applied Cybersecurity Research has received more than $47 million in external awards, including $4 million from Lilly Endowment Inc. in 2008 which was essential in building the center's capabilities early on in the center’s history.
When partnering with Naval Surface Warfare Center Crane, they developed PACT: the Principles-based Assessment for Cybersecurity Toolkit and received $2 million in Congressional support for pilot assessments. The methodology is based heavily on assessments conducted in 13 prior engagements through the National Science Foundation Cybersecurity Center of Excellence and US Navy. It has been proven by two Congressionally funded pilots and recently used at the Port of Virginia in collaboration with the United States Coast Guard.
Another center-created methodology is the Trusted CI Framework, a one-of-a-kind structure that sets the reasonable minimum standard for cybersecurity programs across the nation. The goal is supporting organizational missions, governance and resources, filling a gap left by cybersecurity regimes that focus on technology and a long checklist of "controls." It was built for organizations of all kinds and has seen strongest adoption to date in the large research facilities.
To accelerate research and remove the compliance burden from researchers at IU, the Center for Applied Cybersecurity Research launched SecureMyResearch. This initiative provides researchers access to consulting and necessary resources to protect research data, while complying with cybersecurity requirements in grants, contracts and data use agreements. It was the first of its kind nationally when it launched in 2020.
Last year, the Center for Applied Cybersecurity Research received a joint award with Purdue University’s cyberTAP to build the State of Indiana's cybersecurity assessment program for local governments. This $4 million grant allows the center to assist Indiana local government in how to best prioritize cybersecurity efforts and will help drive the state's policy.
"As a field of practice and a societal problem, cybersecurity is daunting," said Craig Jackson, deputy director of the Center for Applied Cybersecurity Research. "But the complexity and danger are part of what drives us forward and has us very focused on direct practical impact on the institutions, communities and people we serve. We know we're making a dent in this problem because we look to our partners and see change, trust and gratitude. We need to keep going."