Securing Government Research: Staying Vigilant Against Cyber Theft and Heartbleeds

As millions of companies and users worldwide scramble to fix vulnerabilities caused by the Heartbleed bug, the federal government might also look to reassess the cybersecurity of its own data. While it’s natural to think first of the risks surrounding personally identifiable information that citizens entrust to federal agencies—social security numbers, tax data, or health records—the U.S. government also owns the world’s largest trove of government-funded research.

Every year, executive branch agencies fund several billion dollars worth of research and development (R&D) programs, with the vast majority allocated toward projects within the Department of Defense, National Institutes of Health, Department of Energy, NASA, and the National Science Foundation. Loss of intellectual property created by these programs, which total $135.4B in funding under President Obama’s FY2015 budget request, would be devastating.

While all organizations must guard and prevent the loss of confidential trade secrets, the theft or misuse of federally funded research could potentially threaten national security, American competitiveness, and even public safety:

• Defense: U.S. military leaders have publicly and repeatedly denounced foreign state actors (such as the state-backed cyber division of the People’s Liberation Army of the People’s Republic of China) for continuous and coordinated attacks on defense organizations and American companies that provide products and services to DoD and other national security agencies. Pentagon officials have admitted that the design plans for several advanced weapons systems on ships and aircraft have been compromised by attacks coming from Chinese IP addresses and China’s newest stealth planes suspiciously include features available previously only in Lockheed’s F-35 fighter jets.
• Nuclear: Nuclear espionage has been a concern since the Cold War era of atomic spies and the Soviet Union, but the theft of secrets by foreign countries with fledgling nuclear programs (such as Iran or North Korea) are viewed as an increasing risk to national security and the balance of foreign affairs.
• Biomedical: While multi-billion dollar research efforts by geneticists, such as the Human Genome Project’s transition toward big data genome analytics, may be seemingly innocuous relative to defense or nuclear data, U.S.-owned proprietary research data should remain in American hands. Furthermore, biomedical research, such as data on vaccines or infectious diseases that could be used in biological warfare must not be put into the wrong hands.

As research agencies look to secure their data, they may implement higher standards of biometrics for identity and access management, or consider using big data cyber analytics to continuously monitor suspicious network activity. To learn more, read the recent GBC issue brief that highlights three big concerns for government-funded research and development organizations.