CyLab hosts top cybersecurity researchers

On Sept. 4-5, more than 500 of the world’s leading cyber-systems researchers convened in Pittsburgh for the 2024 National Science Foundation Secure and Trustworthy Cyberspace Principal Investigators’ Meeting (NSF SaTC PI), hosted by Carnegie Mellon University’s CyLab Security and Privacy Institute.

The biennial event, which was co-chaired by Alessandro Acquisti, professor of information technology and public policy at the Heinz College of Information Systems and Public Policy, took place at the David L. Lawrence Convention Center.

During the proceedings, leading experts from academia, industry, and federal agencies gathered to share their research and discuss game-changing security and privacy challenges resulting from the global adoption of cyberspace.

Carnegie Mellon University also hosted an on-campus dinner and reception for the SaTC PIs at the Tepper School of Business on the evening of Tuesday, Sept. 4. At the reception, SaTC PIs enjoyed live entertainment and networking opportunities, while learning about Carnegie Mellon’s cross-disciplinary security and privacy research initiatives and academic offerings.

The NSF established the SaTC program in 2011 under the leadership of Farnam Jahanian, then associate director of NSF’s Directorate for Computer and Information Science and Engineering (CISE), with the goal of protecting cyber-systems including host machines, the internet and other cyber-infrastructure from malicious behavior, while preserving privacy and promoting usability. 

Jahanian, who now serves as president of Carnegie Mellon University, expressed gratitude for this “full-circle” moment when he shared opening remarks during the introductory session of the 2024 SaTC PI Meeting.

“This community and the CISE Directorate are very close to my heart,” Jahanian said. “The National Science Foundation represents the gold standard for research and education.” 

In his remarks, Jahanian discussed the interconnected nature of the internet and the vulnerabilities it creates, emphasizing the importance of cybersecurity in protecting the political, economic, and social fabric of the global community.

“As new paradigms and platforms emerge, future security and privacy challenges will always follow internet and technology adoption patterns,” Jahanian said. “Cybersecurity is a multidimensional problem that requires computer scientists, mathematicians, economists, social and behavioral scientists, business, and policy people to come together.”

More than 20 Carnegie Mellon faculty members participated in this year’s SaTC PI Meeting, sharing their research and exchanging strategies via poster sessions, breakout discussions, and research highlight talks.

Several CMU researchers also served as featured panelists during the two-day event.

Norman Sadeh, professor in the Software and Societal Systems Department, participated in a panel discussion on “Cybersecurity and Privacy: Closing the Gap Between Theory and Practice,” where he spoke about his experiences as founding chief executive officer, chairman, and chief scientist of Wombat Security Technologies, a company he co-founded to commercialize anti-phishing technologies he developed as part of research with several of his colleagues at CMU. The company was acquired for $225 million by Proofpoint in February 2018.

In sharing his experiences as a researcher and entrepreneur, Sadeh highlighted the need for academics to differentiate themselves in competitive cybersecurity markets by offering unique solutions, as opposed to incremental improvements. He noted that while government funding can be beneficial, it may not always be the fastest route to market, especially with the abundance of venture capital currently available.

“I wouldn't recommend taking a detour to do something that you were not originally planning to do just for the sake of getting money,” Sadeh said. “My advice to anyone who starts a company is go to market as quickly as possible, find that minimum viable product, and start selling to customers.”

Acquisti moderated a panel on the subject of “SaTC Research, Public Policy, and Regulatory Compliance.” The discussion also featured Lorrie Cranor, director of CyLab, as a panelist.

In responding to a question from an audience member about measuring the impact of research beyond publications, Acquisti addressed the difficulty of changing institutional cultures to prioritize real-world impact over quantitative metrics like the h-index.

“The culture at CMU is open to defining impact in many different ways,” Acquisti said. “My hope is that discussions and communities like this can, over time, similarly facilitate a more encompassing approach to measuring research impact at an increasing number of institutions.”

While discussing the value of academic research in influencing public policy decisions and regulations, Cranor emphasized the importance of aligning research questions with policymakers' needs, citing examples like the California Consumer Privacy Protection Act (CCPA) and her research on FCC broadband internet labels.

“From listening to policymakers, there are lots of calls for public comments that are made at the federal and state levels,” Cranor said. “I have found that paying attention to those can be useful for launching research projects in areas that I am already interested in or would like to further explore.”

The two-day meeting served as a showcase of the promising research that SaTC PIs from academic institutions across the United States are conducting and transitioning into practice on a daily basis.

“I want to urge you to leverage the deep expertise that you have in this room to reframe every cybersecurity challenge into an opportunity, and to continue to advance the great work that all of you do,” Jahanian said.