How to get cyber security research right: Why the key to success lies in medicine

Many innovations that are considered indispensable in our lives today have had their inception in university research labs. Marie Curie discovered radioactivity during her time at the Sorbonne in Paris, for example. Researchers at Vanderbilt University in Tennessee developed a method to mass produce vaccines in the 1940s. And a physicist at Georgetown University invented the first full-body CAT scan. Laboratory research in higher education has been – and continues to be – essential in developing innovations, particularly in the medical field.

Most universities nowadays have medical research facilities and experienced staff that knows how to adequately set up and manage these environments. But, for various reasons, the same isn’t necessarily always true when it comes to cyber security research, arguably its technology counterpart. Half of all universities in the UK say they are experiencing cyber attacks on a weekly basis, and a majority believes that their security research has already been compromised as a result.

Universities that want to nurture and safeguard their cyber security research efforts need to keep two things in mind:

1. Firstly, they need to create a suitable environment for that research to take place in.
2. Secondly, they need to adequately protect both the research itself and the wider organisation from cyber security threats.

Luckily, a lot of universities already own a strong blueprint on how to do this. They just need to look at the decades of experience they have in conducting medical research.

Separation and sterility

Fundamentally, there are two main criteria that need to be met in order to create a suitable research environment:

1. Firstly, physical or virtual separation between the laboratory and the outside environment, and
2. Secondly, a high degree of sterility within the research space.

In a medical context, that separation involves physically isolating the research environment to prevent the risk of external contamination – or vice versa. No one wants to see the latest strain of a dangerous virus accidentally make its way into a public space. Equally, unless they are Alexander Fleming and hoping to discover a new type of antibiotics by chance, scientists don’t want any uncontrolled input from the outside world to skew their results. The same is true for cyber security research – albeit in a virtual capacity.

Most education organisations will operate off one master network that gives students and staff alike access to the information, files and devices they need, when they need it. When undertaking cyber security research, it is critical that that activity takes place on a separate network. If, by accident, a malware variant manages to break out and get hold of devices on the research network, having a virtual barrier in place will prevent it from laterally moving to the main network and severely disrupting operations.

The most effective way of creating such a virtual barrier is through network segmentation. A simple and scalable network segmentation solution allows universities to prevent unauthorised lateral movement, deliver highly effective breach isolation and secure the network from the inside out. Not only is this a strong cyber security foundation, it also allows for significant improvements in performance and manageability as individual segments are optimised for their respective use cases. This way, even if there is fallout from a failed experiment, the wider organisation remains unaffected.

Protection against the invisible

Creating a sterile environment is another key criterion. Cross contamination between research projects is a significant risk factor as a single unknown variable is enough to compromise the safety and reliability of an experiment. In medicine, this often means protecting research against the invisible; bacteria, viruses or even just dust particles that the human eye can’t see spread across surfaces. The same is true for cyber security research. Visibility is key.

It is paramount for the safety and success of cyber security research to identify and fix any blind spots that an organisation’s network might have. This applies to both private and public networks as most cyber threats directly target these vulnerabilities. In practice, this means deploying advanced visibility solutions that allow network administrators to see which devices are connected, what behaviours they’re exhibiting and whether they pose a risk or not. Using these insights, anomalous behaviour as a result of a failed experiment, for example, can be quickly identified and remediated before it threatens the wider network.

While there are several solutions that can be implemented to improve network visibility, it is important to note that this is a shared responsibility between a university’s research and IT teams. Accurate device inventories, continuous compliance enforcement and policy-based access control are all necessary to prevent the accidental increase of blind spots. Modern network visibility solutions can help with this and automate some of these processes to help IT and research teams keep an eye on all network activity in real-time.

Cyber security research is, just like its medical counterpart, fundamentally important if we want to understand the potential threats out there and how we can best protect ourselves against them. But putting that protection in place starts at home for universities that want to discover the next cyber security research breakthrough. Creating virtual safety mechanisms in the form of professional network segmentation and visibility solutions should be a key priority for any university that is serious about investing in its cyber security research capabilities.

Dahwood Ahmed, Regional Manager UK&I, Extreme Networks