It's a busy time for IU Center for Applied Cybersecurity Research
This has been an eventful year for Indiana University's Center for Applied Cybersecurity Research and its director, IU Law Professor Fred H. Cate. And 2009 promises to bring more of the same, with information security and privacy issues expected to move to the forefront of government policy and the demand for IU expertise likely to increase.
"In a way, this shouldn't be surprising," said Cate, Distinguished Professor and C. Ben Dutton Professor of Law at the Michael Maurer School of Law at IU Bloomington. "Almost all of what most of us do is now information-dependent, whether health care, finance, entertainment or education."
Cate kept busy in 2008 testifying before government committees and speaking about information security at international conferences. In October alone, he:
- Went to Washington, D.C., to take part in the release of a National Academy of Sciences report that he co-authored. The report, resulting from a three-year study, cast doubt on the effectiveness, lawfulness and appropriateness of using data mining and biometrics to fight terrorism.
- Represented IU at the National Press Club launch of the Center for Applied Identity Management Research, a partnership with the U.S. Secret Service, the Defense Department, IBM, Lockheed Martin, VISA and other companies.
- Spoke at meetings across Europe as well as at the CACR-sponsored workshop in Brussels, Belgium, on the relationship between EU data protection laws and U.S. e-discovery rules.
Cate expects the administration of Barack Obama to take a more focused approach to information security and privacy than the George W. Bush administration. He said President-elect Obama is expected to appoint a chief information officer for the federal government, a significant development among the people who follow IT issues closely.
"The big issues, the ones that Obama says he wants to move on, almost all of them have pretty significant information components," said Cate, who advised the Obama presidential campaign on cybersecurity policy. Those include health care, financial reform and, especially, national security, where "information security threats are increasingly becoming national security threats," he said.
Citing the work of the Center for Applied Cybersecurity Research, the National Security Agency and the Department of Homeland Security in August named Indiana University a National Center of Academic Excellence in Information Assurance Research for the years 2008-2013. A year earlier, the agencies named IU a National Center of Academic Excellence in Information Assurance Education. And Computerworld magazine included Cate on its annual list of "Best Privacy Advisers" in 2007 and 2008.
In November, IU President Michael A. McRobbie announced that Lilly Endowment Inc. had awarded the university $15 million over five years to establish the Pervasive Technology Institute. The Center for Applied Cybersecurity Research is one of three centers that will make up the institute. Cate said the new organizational structure will enable CACR to work more closely with IU's Advanced Network Management Lab and other university entities engaged in security and privacy research.
"We want to do more work on security in health care and particularly in home health care devices -- for example, pacemakers, insulin pumps and even the use of personal digital assistants to track a person's diet," Cate said. "There are all sorts of security and privacy issues involved in making sure those systems are robust, reliable and usable."
There is also more work to be done in public outreach, he said. For example, it's known that most people who buy a wireless Internet router for their homes don't turn on the security protections.
"If we can help get people take steps to enhance their own security, we can make a big difference," Cate said.
Cate said the ubiquity of information technology in day-to-day life -- from work to travel to health care -- means there will continue to be more challenges to balancing convenience and efficiency with privacy and security.
"Whether your data are compromised when you board an airplane or when you visit your doctor," he said, "it's pretty much the same to you -- your data have been compromised."
