Computer-science Students at Iowa State University have been spending their fall term so far helping Iowa companies devise ways to fend off viruses and other digital attacks. I-S-U computer professor Doug Jacobsen landed funding from the National Science Foundation to set up the “Center for Information Protection” and has private businesses as clients, companies that have paid to take part.
Jacobson says spam and credit-theft e-mails aren’t the threat to corporate computing that they are to home users. Where the companies are going to get in trouble, he says, is the time that data accidentally leaves their organization. It might not be a criminal act, Jacobson explains — it could be as simple as an operation in which a computer user intending to “drag-and-drop” a file accidentally drags the wrong one.
Companies are faced with the “accidental data” leaking out, and with tighter government regulations on consumer privacy they face stiffer penalties. Then, of course, there are still hackers actively trying to infiltrate a company. A user in the company may inadvertently facilitate that hacking by using a piece of “spyware” or a bit of malicious code they’ll download from the Internet because it looks like a cool screen saver. Jacobson says “Yeah, it IS a cool screen-saver, but it also does other ‘cool’ things that you didn’t want to have happen.”
Students are the primary workers on the research projects, and Jacobson’s confident they’ll accomplish a lot. Still, he says, they’ll be fighting this battle for a long time. He points out security people have to guard against all possible entry points into a system, and “a bad person only has to find one, so they have an inherent advantage over us.” In addition to a 120-thousand-dollar grant from the National Science Foundation, the center has a dozen “industry partners” so far, companies that pay five-digit fees to take part and have the researchers focus on their security problems.