CyLab Hosts Top Cybersecurity Researchers for the 2024 NSF SaTC PI Meeting

On Sept. 4-5, more than 500 of the world’s leading cyber-systems researchers convened in Pittsburgh for the 2024 National Science Foundation Secure and Trustworthy Cyberspace Principal Investigators’ Meeting (NSF SaTC PI)(opens in new window), hosted by Carnegie Mellon University’s CyLab Security and Privacy Institute(opens in new window).

The biennial event, which was co-chaired by Alessandro Acquisti(opens in new window), Trustee Professor of Information Technology and Public Policy at the Heinz College of Information Systems and Public Policy(opens in new window), took place at the David L. Lawrence Convention Center(opens in new window).

During the proceedings, leading experts from academia, industry and federal agencies gathered to share their research and discuss game-changing security and privacy challenges resulting from the global adoption of cyberspace.

Carnegie Mellon University also hosted an on-campus dinner and reception for the SaTC PIs at the Tepper School of Business(opens in new window) on Sept. 4. At the reception, SaTC PIs enjoyed live entertainment and networking opportunities, while learning about Carnegie Mellon’s cross-disciplinary security and privacy research initiatives and academic offerings.

The NSF established the SaTC program in 2011 under the leadership of Farnam Jahanian(opens in new window), then associate director of NSF’s Directorate for Computer and Information Science and Engineering (CISE)(opens in new window), with the goal of protecting cyber systems including host machines, the internet and other cyber infrastructure from malicious behavior, while preserving privacy and promoting usability.

Jahanian, who now serves as president of Carnegie Mellon, expressed gratitude for this “full-circle” moment during the introductory session.

“This community and the CISE Directorate are very close to my heart,” Jahanian said. “The National Science Foundation represents the gold standard for research and education.”

In his remarks, Jahanian discussed the interconnected nature of the internet and the vulnerabilities it creates, emphasizing the importance of cybersecurity in protecting the political, economic and social fabric of the global community.

“As new paradigms and platforms emerge, future security and privacy challenges will always follow internet and technology adoption patterns,” Jahanian said. “Cybersecurity is a multidimensional problem that requires computer scientists, mathematicians, economists, social and behavioral scientists, business and policy people to come together.”

More than 20 CMU faculty members participated in this year’s meeting, sharing their research and exchanging strategies via poster sessions, breakout discussions and research highlight talks.

Several CMU researchers also served as featured panelists during the two-day event.

Norman Sadeh(opens in new window), professor in the Software and Societal Systems Department(opens in new window), participated in a panel discussion on “Cybersecurity and Privacy: Closing the Gap Between Theory and Practice,” where he spoke about his experiences as founding chief executive officer, chairman and chief scientist of Wombat Security Technologies, a company he co-founded to commercialize antiphishing technologies he developed as part of research with several of his colleagues at CMU. The company was acquired for $225 million by Proofpoint(opens in new window) in February 2018.

In sharing his experiences as a researcher and entrepreneur, Sadeh highlighted the need for academics to differentiate themselves in competitive cybersecurity markets by offering unique solutions, as opposed to incremental improvements. He noted that while government funding can be beneficial, it may not always be the fastest route to market, especially with the abundance of venture capital currently available.

“I wouldn't recommend taking a detour to do something that you were not originally planning to do just for the sake of getting money,” Sadeh said. “My advice to anyone who starts a company is go to market as quickly as possible, find that minimum viable product, and start selling to customers.”

Acquisti moderated a panel on the subject of “SaTC Research, Public Policy, and Regulatory Compliance.” The discussion also featured Lorrie Cranor(opens in new window), director and Bosch Distinguished Professor in Security and Privacy Technologies at CyLab, as a panelist.

Responding to a question from an audience member about measuring the impact of research beyond publications, Acquisti addressed the difficulty of changing institutional cultures to prioritize real-world impact over quantitative metrics like the h-index.

“The culture at CMU is open to defining impact in many different ways,” Acquisti said. “My hope is that discussions and communities like this can, over time, similarly facilitate a more encompassing approach to measuring research impact at an increasing number of institutions.”

While discussing the value of academic research in influencing public policy decisions and regulations, Cranor emphasized the importance of aligning research questions with policymakers' needs, citing examples like the California Consumer Privacy Act (CCPA)(opens in new window) and her research on FCC broadband internet labels(opens in new window).

“From listening to policymakers, there are lots of calls for public comments that are made at the federal and state levels,” Cranor said. “I have found that paying attention to those can be useful for launching research projects in areas that I am already interested in or would like to further explore.”

The two-day meeting served as a showcase of the promising research that SaTC PIs from academic institutions across the United States are conducting and transitioning into practice.

“I want to urge you to leverage the deep expertise that you have in this room to reframe every cybersecurity challenge into an opportunity, and to continue to advance the great work that all of you do,” Jahanian said.