Companies and governments are investing heavily in securing their networks and fortifying against future cybersecurity threats. Universities are tasked with both readying the next generation of talent to defend against cyber attacks and contributing solutions to the challenges the industry faces. Ball State University is a pioneer that is tackling these issues head-on, and has been doing so long before cybersecurity became a buzzword.
Ball State houses the Security and Software Engineering Research Center (S2ERC), a multi-university center dedicated to an industry-university cooperative research initiative that spans the globe. Now into its fourth decade, the $3.3 million center brings together university faculty and students with industry partners to create research-based solutions to industry challenges. Whether it’s protection for the software running multimillion-dollar manufacturing machines, a biometric lock for electronic devices based on the unique way a person swipes a pattern on a touchscreen, or a game to teach players the basics of cybersecurity, the center tackles some of the most pressing issues facing tech companies today.
How does it work?
S2ERC is an Industry/University Cooperative Research Center (I/UCRC) funded in part by the National Science Foundation (NSF). Industry and government affiliate fees, as well as Ball State’s and the other universities’ support, cover the rest of the costs of the center. Of the 83 active I/UCRCs, the S2ERC program is the second-oldest in operation in the country. The center’s chief staff members are Ball State computer science professors and husband-and-wife team Wayne and Dolores Zage. Wayne, the director, was the recipient of 2008’s Mira Award for Education Contributing to Technology; Dolores, the research coordinator, was a nominee for the same award. Supported by a few other staff members, the center handles responsibilities for an international consortium of universities, companies and governmental entities.
Originally, the center was simply the SERC: the Software Engineering Research Center. Between 2009 and 2010, however, SERC combined with another program at Iowa State University and added their focus on security. Supported by the NSF and industry partners, Ball State became the lead institution for the newly formed S2ERC. A multi-university partnership constitutes the center’s core, including schools like Ball State University, Purdue University Fort Wayne, Virginia Tech, Georgetown University, University of Texas (Dallas), and the University of Oulu in Finland. Currently, the center is in its fourth year of Phase II funding; NSF funding tapers off over time in order to encourage centers’ self-sufficiency.
S2ERC’s primary activity is research on projects within their scope of security and software engineering, especially technological solutions to resolve issues of cybersecurity. Project investments have ranged from $10,000 to $939,000, covering an expanse of industry, military and governmental applications. Company size varies greatly, from longtime partner Raytheon to a three-person startup in Valparaiso, Ind. Benefits to companies come in reducing research and development costs and staff overhead, in turn contributing to a lucrative ROI multiple. “A company can invest $40,000, $80,000, or more, but not have to hire someone along with all the fringe benefits, recruiting and HR costs,” said Wayne. “For a minimal cost, the center can get this work started, and the company can take it from there.” Currently, the center is managing 28 projects ranging in duration from a semester to two or more years.
What’s in a project’s lifecycle?
Initiating a project through the center requires communication between the industry and government affiliates and the universities. University researchers can propose ideas, which are then voted on by the center’s affiliates. The funded projects are then initiated and researchers and students begin working with companies. Alternatively, companies can approach the center’s university partners with research ideas and projects of their own. “They submit to us a one-page document called an industrial request for proposal (IRFP),” said Wayne. We then broadcast the IRFP to all of our researchers in our network of universities, and then the companies receive research proposals and ultimately choose which research direction, if any, they wish to pursue.”
Selected projects are then carried out by the research teams at the member universities. “At our semi-annual showcases, companies talk to you about your research and if they are interested in your research direction can say, ‘I really like what you’re doing. I think that we want to work together,’” said Dolores. Because each project is different, you may need only one grad student, you may need two, you may need a different type of data set, or you may need a different tool. Faculty then self-direct the project, with the company and faculty member determining schedules for milestones and updates in conjunction with the center.
The center is selective about the students who participate in tandem with the faculty—they’re committing to a long-term research project in addition to their normal coursework. While many are studying computer science or other technical fields, some bring viewpoints from majors like architecture that they apply to their work. To date, the center has worked with hundreds of students—both undergraduate and graduate levels—to implement these projects. This offers students a unique addition to their CVs once they complete their academic programs and potential internships or jobs with some of the biggest names in the cybersecurity industry.
Twice each year, one of the member universities hosts a showcase; the latest showcase took place at Ball State in May. During these showcases, industry and university partners flock to a campus for two days of presentations and poster reviews on projects. In the spirit of collaboration, everyone learns about all of the center research, encouraging new avenues of thoughts and ideas. While competition may have been the name of the game in the past, Wayne finds that’s no longer the case. “For the first few years of the center, two companies that were in competition wouldn’t talk to each other. They wouldn’t want to give anything away,” said Wayne. “That’s not the case anymore.”
What’s in store for the center’s future?
Throughout projects’ lifecycles, the center is responsible for reporting their results back to the NSF, industry and government partners, and all the center’s stakeholders. Showcases offer supporters a chance to see the research in action and understand the impact their investments have made. Companies are also kept apprised of developments and milestones throughout the project. All of this creates significant data the center manages for projects around the country.
Alongside dozens of successfully completed research projects, the world-class faculty and members of the center have been recognized in many ways. Wayne and Dolores were awarded the prestigious Alexander Schwarzkopf Prize for Technological Innovation—named for Alex Schwarzkopf, the founder of the NSF’s I/UCRC program—in 2007 for their research into software design metrics. While celebrating its 30th year in operation in May 2016, the center was recognized by then-Governor Mike Pence with an official proclamation of a Security and Software Engineering Research Center Week throughout Indiana.
Over the next few years, the center will continue to adapt to the ever-changing needs of government and industry. They’re looking for more industry partners to join the center and provide new avenues of research for faculty and students. Wayne also says that new technologies like blockchain may find a future home in the center. Providing the best teams to research innovative ideas is always at the heart of the S2ERC, with Ball State leading the way for this international operation.