How To Create A Cyber Security Cluster At Universta Mason

Transcription

1 Cyber-security Cluster Communication Computer Science Electrical and Computer Engineering Finance and Operations Management Political Science Proposing Team: Lead: Wayne Burleson, Electrical and Computer Engineering, Co-Lead: Anna Nagurney, Finance and Operations Management Erica Scharrer, Communication Tilman Wolf, Electrical and Computer Engineering Brian Levine, Computer Science Kevin Fu, Computer Science Gerome Miklau, Computer Science M.J. Peterson, Political Science June 30,

2 1 Proposal Summary This proposal describes a plan for a multi-disciplinary cluster of new faculty to augment our existing expertise in the relatively new area of cyber-security. The cluster will provide a rapid return on investment by positioning UMass Amherst to compete for large funding programs that require multi-disciplinary teams across computer, engineering, management and social sciences. The cluster will also facilitate innovative educational programs that should attract both undergraduate and graduate students and address workforce needs for the Commonwealth and the Nation. The goal of cyber-security is to ensure the trustworthy behavior of the information technology infrastructure that we depend on in so many aspects of our lives. To realize the full benefits of information technology, individuals must have confidence that personal information is protected, that communication is secure and reliable, that commercial transactions are not compromised, and that disruptive behavior should it occur is traceable. Cyber-security is emerging as a major national priority. There is increasing awareness that to cope with the vulnerabilities in our digital infrastructure, society needs academic research, commercial innovation, and workforce development. A recent review by the National Security Council and the Homeland Security Council advocates expanded government, industry, and academic research efforts. In addition, the review proposes increased efforts to create a well-trained workforce in cybersecurity and related areas, similar to the United States focus on mathematics and science education in the 1960s [1]. This review was the basis of President Obama s recent release of a coordinated cybersecurity policy. Jeanette Wing, NSF Division Director, while testifying before Congress, pointed out that industry has problems looming on the horizon that they just don t have time to solve or problems they can t even imagine because they are so focused on the present; those are exactly the kinds of problems academic researchers can work on: anticipating the threats of tomorrow so that when they arrive, potential solutions will be available. UMass Amherst has an important role to play in generating innovative solutions to cybersecurity challenges and in educating an advanced workforce. We propose an interdisciplinary cybersecurity cluster sponsored by the five departments of Finance and Operations Management, Political Science, Communication, Electrical and Computer Engineering, and Computer Science. The cluster will capitalize on existing strengths across these departments, and in addition, includes one new faculty hire in each department. The interdisciplinary focus of the cluster is an essential component. Increasingly, policy makers, funding agencies, and researchers are recognizing that collaboration across traditional disciplines is needed to face cyber-security challenges. The disciplines of computer science and computer engineering provide technical responses to cyber-security threats. But legal and political regimes can be as powerful as technology in addressing cyber-security threats, and any technical solution must be aligned with societal norms and values. As a result, political, economic, and societal perspectives must inform both research and education in cyber-security. Research objectives: To exploit existing expertise on the UMass campus and emerging funding opportunities, the proposed cluster will focus on the following synergistic application domains. Each of these initiatives involves participation of multiple schools and departments (see Figure 1). Protecting Critical Infrastructure is focused on ensuring robust and reliable operation of telecommunications networks and the Internet, the electric power grid, transportation and other essential services. Secure and Private Medical Informatics is concerned with ensuring that medical information is collected, stored, and disseminated in a manner that simultaneously respects the privacy of patients and supports positive health outcomes. Cyber-crime and Digital Forensics is focused on preventing cyber-crime, studying its ef- 2

3 fects on victims, and providing law enforcement and government with novel methods of collecting, analyzing, and investigating information from the Internet and digital devices. Secure Supply Chains, Electronic Commerce and Payments is focused on ensuring that institutions, individuals, and businesses can safely exchange goods and financial instruments. Educational objectives: Education in cyber-security at both the graduate and undergraduate levels is an outstanding preparation for many career paths, and there is a strong demand from employers for cyber-security skills. UMass Amherst already has a strong record in cyber-security education; it has been accredited as a National Center of Academic Excellence in Information Assurance Education and Research by the National Security Agency since The proposed hires will significantly enhance the scope of cyber-security education here by permitting creation of a new cyber-security certificate program and a new minor at the undergraduate level. The certificate program, as envisioned, has excellent revenue-generating potential and can be seamlessly integrated into the university s online and distance learning portfolio. Evidence shows that incoming students have a strong interest in cyber-security topics and related career opportunities. The proposed educational initiatives will distinguish UMass Amherst among its regional peer institutions, attracting students from within Massachusetts and from outside. 2 Research Initiatives The National Science Foundation has led a growing trend toward the development of application-driven research as a framework for multi-disciplinary collaborations, testbed development and effective technology transfer. The Cyber-security cluster will initially use four primary application domains to drive research that spans both technical and societal challenges. In the following sections, each application domain is described, highlighting existing UMass expertise and accomplishments and pointing out the possibilities for future collaborations facilitated by new faculty positions in the cluster. Figure 1 shows how the domains span existing and planned new directions in the five departments. Application domain/ Department Protecting Critical Infrastructure Computer Science Communication Electrical and Computer Engineering Finance and Operations Management Existing Political Science Existing Secure and Private Medical Informatics Existing New Cyber-crime, abuse and digital forensics Secure supply chains, electronic commerce and payments New New Figure 1: Existing and new expertise in each application domains by department 3

4 2.1 Protecting Critical Infrastructure Cyber-security is needed to protect critical infrastructure in most aspects of modern civilization. Our power grid, highways, water, environment, telecommunications, financial and government systems are all increasingly dependent on computers and the Internet for their daily function. As new vulnerabilities arise, they must be studied and managed to carefully balance security, privacy, economics and civil liberties. Critical infrastructure is particularly difficult to secure since it is massive, distributed and inter-dependent, and it often needs to be accessible to a large and diverse population. Further complicating the security and trust issues, multiple public and private entities now collaborate to build, run and maintain infrastructure. For example, the largest power grid in the world will now span over 50 countries from Portugal to far eastern Russia. Attacks on critical infrastructure can have devastating consequences and hence it is a highvalue target for cyber-criminals and terrorists. Unfortunately, as illustrated by the Patriot Act and other post-9/11 policies, strong protection of critical infrastructure is very expensive and often comes at the expense of user convenience and civil liberties. Interdisciplinary approaches to cyber-security can provide solutions that are economically viable and privacy-preserving. Federal and State Agencies are funding multidisciplinary research in cyber-security for critical infrastructure. The Department of Homeland Security has identified power-grid cyber-security as a major research thrust. The National Science Foundation has a new program in cyber-physical systems that funds research related to many critical infrastructure projects. A recent collaboration between ECE, Computer Science and Civil Engineering is working with Massachusetts Transportation Agencies to explore Security and Privacy issues in Transportation Payment Systems. The cluster hire will broaden the existing expertise at UMass to perform research on these pressing problems. Computer Science has large research program on disruption-tolerant networks, with the goal of ensuring the Internet and its mobile systems can survive attacks and other failures. 2.2 Secure and Private Medical Informatics Healthcare costs and availability are one of the leading challenges in the nation and world today. One of the primary proposals to address improved healthcare is a system of electronic health records. Healthcare services increasingly rely on cyber-infrastructure for applications ranging from timely relay of needed patient medical information to emergency facilities, to at-home monitoring of patients, to wireless control of implantable medical devices. Unfortunately, cyber-infrastructure is too large to physically secure. To enable security and privacy on an unsecurable infrastructure, it s necessary to simultaneously address technological challenges (cryptography, wireless, computer networks), caregiver and patient usability of systems, and public concerns about use of such systems (business management, public regulation, assurance of patient privacy). Existing UMass expertise in secure databases explores the configuration of a health record systems history to provide a balance between privacy and accountability. This work includes database forensics, threat models, and transparency requirements. The cluster will add the important dimensions of policy and user behavior to this complex and pressing problem, enhancing our existing strength and allowing us to contribute to further development of healthcare applications such as secure updates of pacemaker therapies, privacy-preserving collection of medical telemetry, highintegrity medical records, and high-assurance electronic equipment at the patient bedside (e.g., wireless drug pumps, IVs, EKGs). 2.3 Cyber-crime and Digital Forensics The strong impact and ubiquity of computing and the Internet has revolutionized certain types of crime. Digital evidence is a common element of criminal investigations of terrorism, child exploi- 4

5 tation, gang violence, drug trafficking, corporate and financial crime, domestic violence, murder, and more. It is critical that we understand how the Internet as a technology enables and leaves traces of these crimes. However, each of these crimes has a real victim, and so it is as important that we understand the Internet as an interactive communication medium. For example, children are easily subject to cyber-bullying from peers and sexual exploitation from adults; these represent a serious and growing concern of parents, teachers, policy makers, and scholars alike, and there is no technological solution. Current research indicates that these interactions represent the most likely threat to young people online. Additional research is necessary to understand whether and how the Internet's relative anonymity to users facilitates such aggression, how frequent it is, and how it might be prevented. Digital forensics serves an increasingly important role in national security and federal and state law enforcement. Forensics, the application of science to evaluation of evidence, is a central tool of law enforcement and criminal justice, and it can also assist in the intelligence gathering that informs governmental and military policy. Forensics also plays an important role in understanding the limits of personal privacy when interacting with digital devices and the Internet. New, fundamental approaches to security and privacy are required to address these problems, but a 2009 study by the National Research Council [1] concluded that forensics suffers from little rigorous systematic research to validate the basic premises and techniques. The field needs national leadership by an academic institution and UMass is in a position to become that leader given its current strengths and the opportunity for this cluster hire. There is an increased amount of funding available for digital forensics and crime from federal agencies, partly in response to the NRC report. Recently millions of dollars of Recovery funds were available for forensics research from the departments of justice, with additional funding for general programs. Funding is also available from DHS, NSA, NSF, etc. A new hire in any of our partnering departments will be well suited to capitalize on these opportunities. UMass currently receives funding in forensics from the NSF and NIJ in cooperation with the MA State Police and have a well formed partnership. A new hire could easily expand this relationship, demonstrating our value to partners in state and federal government. 2.4 Secure Supply Chains, Electronic Commerce and Payments Supply chains are the critical infrastructure for the production, distribution, and consumption of goods as well as services in our globalized Network Economy. Supply chains, in their most fundamental realization, consist of suppliers and manufacturers, distributors, retailers, and consumers. Today, supply chains may span thousands of miles across the globe, involve numerous decisionmakers, and be underpinned by multimodal transportation and telecommunication networks Supply chains come in a plethora of forms and facilitate the distribution of a wide range of goods and services including such pervasive ones as food, electric power, pharmaceuticals, clothing, automobiles, and toys. Like changes in the availability of supplies or price shocks, disruptions to telecommunications may have effects felt throughout the supply chain. At the same time that supply chains have become the principal vehicles for delivery of goods and services, there have been increasing incidents involving adulterated food and products. Supply chains pose new challenges in tracing the sources of adulteration and providing timely warning to the public. It has been argued that supply chain disruptions and the associated operational and financial risks are the most pressing issue facing firms in today s competitive global environment. Hence research and education focused on the resiliency, stability, and security of supply chains is essential to maintaining their continued effectiveness and efficiency. With the advent of the Internet, electronic commerce (e-commerce) has had immense effects on the manner in which businesses and consumers search for and order goods. Business-to-business (B2B) transactions form the major part of e-commerce, with estimated value in the USA alone ranging from up to 1 trillion dollars in 1998 to as high as $4.8 trillion in 2003 while the business-to- 5

6 consumer (B2C) component has grown tremendously in recent years. The National Research Council concluded in 2002 that the principal effect of B2B commerce, estimated to comprise 90% of e- commerce by value and volume, is creation of new and more profitable supply chain networks. Globalization and technological advances have also made major impacts on financial services through the emergence of electronic funds transfer. The financial landscape has been transformed through increased corporate integration, increased cross border mergers, and lower barriers between markets. In addition, electronic finance has helped reduce the boundaries between different types of financial intermediaries. Since today s financial networks are highly interconnected and interdependent, disruptions that occur in one part of the network may produce consequences that propagate globally. For example, the October 1987 stock market crash in Hong Kong triggered a chain reaction throughout the world. The management at Merrill Lynch understood the criticality of their operations in the World Trade Center and established contingency plans before As a consequence, the company was able to mitigate losses by switching their operations to other sites immediately after the 9/11 terrorist attacks. While investor confidence rests on many factors, assuring the physical integrity and security of electronic transfer systems is an essential element of maintaining the trust on which lending activity rests. 3 Proposed Positions Five positions are requested. Four are junior level, the fifth is a senior position for leadership. Electrical and Computer Engineering: The ECE Department requests a senior faculty hire with an international reputation in embedded security. This hire will be expected to provide leadership for the cluster and hence is expected to have demonstrated experience leading multidisciplinary initiatives including for example: directing major research collaborations and centers; founding and chairing of conferences and workshops; or editorship of leading journals. This position would also greatly increase ECE s expertise in embedded security, which already spans several of the Department s strengths including wireless communication, networking, microelectronics, and embedded systems engineering. In collaboration with various government and industry organizations as well as faculty in Computer Science, the UMass Transportation Center and UMass Dartmouth, ECE is establishing a new research initiative in embedded security. Computer Science: The junior faculty hired in Computer Science will focus on the principles of secure computing. The ideal candidate would work at the intersection of two or more of the following topics: the mathematical foundations of cryptography, foundations of private data analysis, foundations of secure system design (formal methods, protocol design and analysis), and the foundations of competitive and adversarial behavior (including game theory). Although located in the Computer Science department, the expertise of this hire will serve each of the four application domains of the proposed cyber-security cluster and will be uniquely positioned for interdisciplinary collaboration. Finance and Operations Management: A junior level hire in commerce and cyber-security would leverage the existing excellence of the department to new heights and would create synergies across campus with information technology and computer science, engineering, as well as the social sciences. Political Science: The department of political science seeks a junior level hire with expertise in privacy issues, particularly the impact of increased use of information technologies, and in the politics of government regulatory and standards-setting processes at the national and/or international levels to augment existing expertise in the politics of technology use. Communication: The Department of Communication seeks a junior hire specializing in the opportunities and threats that use of the Internet poses to adolescents. Possible applications include cyber-bullying, disclosure of personal information on social networking sites, and identity expression and relationship formation online. Such a hire would build on the department s existing strengths in social impact of new technologies, political economy of technologies, and transnationalism of digital technologies. 6

7 School/College Department Expertise of Proposed Hire College of Natural Sciences and Math Computer Science Foundations of cryptography, privacy, game theory. College of Engineering Electrical and Computer Engineering Applied cryptography and secure embedded system design School of Management Finance and Operations Management Secure e-commerce, supply chains, information technology College of Social and Behavioral Sciences Political Science Privacy policy; politics of national and/or international regulatory and College of Social and Behavioral Sciences Communication standards-setting processes Human interactions with the Internet, Internet crime and abuse 4 Proposed Educational Initiatives Our departments already have a strong foundation in cyber-security course offerings. The ECE department offers courses in cyber-security including Security Engineering, Trustworthy Computing, and Applied Cryptography, and the Computer Science department offers courses in Digital Forensics, Introduction to Computer and Network Security, graduate level Information Assurance, and various seminars. In addition, security is a topic discussed in courses on operating systems and networking. CS included Information Assurance among the new Tracks in its BS degree. The new faculty positions will allow a regular offering of core courses in cyber-security across our departments. There are several advantages to increasing our capacity to teach these classes. First, we believe the success of the IT Minor can be extended to an IT Security Minor that is composed of a breadth of interdisciplinary courses across disciplines. Second, these courses can also comprise a strong portion of a new IT Major degree or new Interdisciplinary Certificate, which can be introduced to the University initially as one or more pre-approved BDIC curriculum. Adding faculty in this area will allow existing or new faculty to act as a director for these new efforts. It is possible that the certificate program will be attractive to students in the new 5 year BS/MS program in ECE and the existing Baystate BS/MS Program in CS. Anecdotal evidence from other strong cybersecurity programs, indicates that these courses are very popular and good tools for recruitment and retaining students for graduate programs. The certificate program may also be attractive in a distance or on-line format. Although we do not currently offer these formats, ECE has a long tradition in distance education to working engineers, and a certificate program in cyber-security could be very marketable. There are over 800 Communication, 750 Political Science, and 400 Finance and Operations Management undergraduate majors at UMass, and demand for communication, finance, and policy courses among both majors and non-majors at the University is high. 5 Business Case 1. Potential opportunity Cyber-security research funding is already a significant priority of the National Science Foundation ($137 million in FY 2009), the Department of Homeland Security, the various research arms of the Department of Defense (DARPA), the Intelligence Advanced Research Projects Agency (IARPA), and the Department of Transportation, among others. The recent emergence of cyber-security as a national priority suggests that funding rates for cyber-security will continue to grow. 7

8 Faculty in the supporting departments have been successful in securing this funding. But importantly, these funding agencies are recognizing the need for interdisciplinary approaches to cyber-security. The proposed cluster will allow UMass Amherst faculty to target a much wider pool of funding by structuring collaborations across traditional disciplines. One example is the NSF Expeditions in Computing program which makes awards of up to $10,000,000 but expects research teams formed from collaborations across fields. Another is the Large Team of the NSF Trustworthy Computing program. 2. Expected return on investment Although the cost of the proposed new hires varies across departments, we believe the proposed interdisciplinary faculty investment has excellent potential to generate near-term dividends in the form of significant increases in research funding and output for UMass Amherst. The cluster spans 5 departments each of which strikes a different balance between research and education. For the objectives of this proposal, the 5 departments are some of the strongest and most improving on campus. Highlights are provided in the Appendix. Facilities requirements are minimal for research in cyber-security. Unlike research in many fields, collaborations are possible without specific joint facilities or labs. Thus start-up costs should be modest, similar to recent hires in each department. Anecdotal evidence from a number of leading universities indicates that strong cyber-security programs are very popular in recruiting students for both Computer Science and ECE. We expect similar trends by increasing Information Technology components in Management, Political Science and Communication. 3. Department support for hires College and departments are willing to provide substantial financial support for the start-up of any new faculty in this cluster. Details are provided in the appendix and letters of support. 4. Plan for assessing return on investment. We will work with the Office of Academic Planning and Assessment and the Center for Teaching to develop formative and summative metrics of performance in research, teaching and outreach. We anticipate research metrics would include: research funding, publications (including joint authorship within the cluster), graduate degrees, undergraduate research. Education metrics would include: number of new and modified courses, enrollments, certificates, distance education, IT Minors, double majors). We recognize that ECE and Computer Science currently lack diversity in both faculty and students. We will use the interdisciplinary nature of the cluster to promote the recruitment and retention of diverse faculty and students. Outreach metrics will include numbers of supported graduate and REU students, interactions with cyber-security industry (see letter of support from RSA/EMC), local and national government (including Massachusetts State Police), and continuation of existing ties to colleges and universities emphasizing under-represented groups (John Jay, STCC, Mt. Holyoke, Smith and others through the Northeast Alliance of Graduate Education and the Professoriate). 6 Leadership Plan The faculty preparing this proposal come from all ranks, and will provide direct, long-term leadership to the cluster: Kevin Fu, Brian Levine, and Gerome Miklau (Computer Science); Anna Nagurney (Finance and Operations Management); Wayne Burleson and Tilman Wolf (Electrical and Computer Engineering); M.J. Peterson (Political Science); and Erica Scharrer (Communication). Leadership 8

9 will initially be by co-directors Anna Nagurney (Finance and Operations Management) and Wayne Burleson (ECE), along with a committee of members spanning the participating departments and the research emphases. The senior faculty member to be hired into ECE will become the director of the cluster and will lead the planned large funding initiatives. A faculty member will also be chosen to coordinate the educational initiatives. 9

10 References [1] Cyberspace policy review: Assuring a trusted and resilient information and communications infrastructure. The White House, Office of the Press Secretary, May Appendices A. Highlights of Competitive Success in Cyber-security Below we highlight wide-ranging events and achievements related to cyber-security that have brought attention to the UMass Amherst campus. A sample of relevant awards are shown for each department. We note that Burleson, Fu, Levine, and Miklau are responsible for more than $7.2 Million in funding in cyber-security topics since 2001, including $5.2 Million from NSF, $1M from DARPA, $488K from Dept of Justice, and $286K from the National Security Agency. NSF CAREER Award NSF CAREER Award NSF Cybertrust Award, Computational RFID for Securing Zero-Power Pervasive Devices, Fu , $500,000 Securing History: Privacy and Accountability in Database Systems, Miklau , $500,000 Security for Smart Tags, Fu and Burleson $750,000 ($1.2 million with partners), Computer Science Computer Science Computer Science, ECE, Johns Hopkins NSF Cybertrust Award NSF Trustworthy Computing Award Department of Justice Award Ultra-Wideband Radio for Low-Power Security, PI Burleson, Goeckel, Jackson, $200,000, Exploratory grant with follow-on proposal in preparation. Novel Forensic Analysis for Crimes Involving Mobile Systems, PI Levine and Goeckel $778, ($1.2 Million with partners) Peerless: A System for Identifying and Gathering Evidence of P2P Trafficking $217,000 ($238K with partners) Alfred Sloan Research Fellowship. Kevin Fu, $50,000 ECE Computer Science, ECE, CUNY John Jay College of Criminal Justice Computer Science, Georgetown University Computer Science Industry Funding Seminar series Cash, equipment and in-kind donations from Sprint, Intel Research, RSA Labs, EMC and ThingMagic totaling $125,000 UMass Amherst INFORMS Speaker Series with several talks in areas related to cyber-security. Organized by the award-winning UMass Amherst INFORMS Student Chapter, whose members come from ISOM, COE, NSM, and NRE; Anna Nagurney is the Faculty Advisor 10 Computer Science, ECE ISOM, COE, NSM, NRE

11 NSF grant Consortium Seminar Workshop Workshop Workshop Workshop Seminar series Award Conference NSF supplement grant awarded to Nagurney as the PI under the Management of Knowledge Intensive Dynamic Systems program with additional funding provided by the National Security Agency ( ); 1 of 9 teams selected in the US under this special program. Integrated Transportation Payment Systems: Consortium for Security and Privacy, ITPS-CUSP A regional consortium of academics and industry, government Richard Clarke, The missing pieces of the three 21st century wars: Iraq, Afghanistan and Cyberspace RFID: From Theory to Practice. 2-day workshop in February 2008 with 40 participants from industry, government and academia Integrated Transportation Payment Systems: Security and Privacy 1-day workshop in February 2009 with 40 participants from industry, government and academia ECE Prof. Koren is co-founder of the Annual workshop on Fault Diagnosis and Tolerance in Cryptography which is now in its 6 year (100 participants) CS Professors Levine and Miklau are co-founders of the ACM Northeast Digital Forensics Exchange Workshop, in its first year Security Seminar Series, Fall seminars available on-line video and graphics at: sites.google.com/site/usss2008site/ Fulbright Senior Scholar Award to Anna Nagurney who co-organized a workshop in Italy on Complex Networks and Vulnerability Analysis in March Stuart Shulman organized conference on YouTube and the 2008 election cycle in the United States, UMass Amherst April 2009 with $75,000 (25 internal; 50 NSF) in funding. Finance and Operations Management Computer Science, ECE, UMass Transportation Center UMass Dartmouth U. Ruhr Bochum, Germany Escrypt Inc. Computer Science, Topol Lecture Series Computer Science, Electrical and Computer Engineering, RSA Labs, Johns Hopkins University Computer Science, Electrical and Computer Engineering, RSA Labs, Johns Hopkins University, Massachusetts MBTA, MTA, MPA, Federal Highways, Scheidt/Bachman, WPI, MIT, U. Virginia, Georgetown ECE Computer Science, with partners at CUNY John Jay Criminal Justice, UNH Crimes Against Children Research Center ECE, CS, U. Bochum, WPI, Georgetown, ThingMagic, Volpe Center, Dartmouth, MIT, DAFCA Inc. Finance and Operations Management Political Science 11

12 Center Awards Awards Centers Awards Awards Awards Jane Fountain is Director of the NSF-funded National Center for Digital Government, which she brought to this campus in fall Cyber-security plays an increasing role in Digital Government. University-wide Distinguished Teaching Award winners (Profs. Morgan and Jhally) and numerous College of Social and Behavioral Science Outstanding Teaching Award recipients (including Profs. Hanson, Castaneda, West, Bailey, and Scharrer). New cyber-security courses will leverage this excellent faculty. University's Distinguished Outreach Award (Profs. Castaneda, Cooks, and Jhally). The cyber-security cluster will explore outreach initiatives. The FOMgt department houses the Virtual Center for Supernetworks under the direction of Anna Nagurney. This center focuses on network systems, including critical infrastructure, and their interrelationships. It also is the home of the financial center, CISDM, whose Director is Thomas Schneeweis. Two of its faculty have been Distinguished Faculty Lecturers (Branch and Nagurney) and have received Chancellors medals. This department has three chaired faculty: Bisgaard, Nagurney, and Schneeweis, and will be the department for the incoming Dean, Mark Fuller, who will also hold an endowed chair. 3 members of FOMGT have received the Faculty Award for Outstanding Accomplishments in Research and Creative Activity: Soren Bisgaard, Bing Liang, and Anna Nagurney. Several cyber-security faculty in Computer Science and ECE have received awards in teaching including the Distinguished Teaching Award (Goeckel), College Outstanding Teaching Awards (Goeckel, Levine), and Lilly Fellowships (Berger, Corner, Goeckel, Levine). New cyber-security courses will leverage this excellent faculty. Political Science, Communication and others Communication Communication FOMgt FOMGT FOMGT Computer Science, ECE 12

13 B. Details on Return on Investment The ECE Department has shown substantial growth in research funding in recent years, increasing the per faculty research expenditures by 150%, 90% and 21% over the last 10 year, 5 year and 3 year periods respectively. A typical ECE startup package is $250,000 of which the department provides 1/3. A very compelling example of success and return on investment in multi-disciplinary research is the NSF Engineering Research Center for Collaborative Adaptive Sensing of the Atmosphere. Burleson was a major player in the CASA proposal process and leadership team for 5 years prior to ramping up his current activities in Cyber-security. ECE has had great success hiring both junior and senior level faculty in the last 5 years. 3 out of 4 recent junior faculty have received NSF CAREER awards as well as substantial additional funding in both sole-pi and collaborative projects. 3 recent senior hires have all completed early tenure based on their rapid establishment of well-funded research programs, excellent teaching and leadership roles both in the department and their professional disciplines. The Computer Science Department has a remarkable record hiring new faculty who are successful in attracting grant funding. 100% of recent hires (since 9/1/02) are lead PIs on sponsored research funding by their third year. Third year funding averages over $200,000 for those hired as assistant professors, and almost $1,000,000 for those hired as associate professors. Fourth and fifth year funding averages $350,000 for assistants, and holds fairly at about $1 million for associates. Over the same period of time (FY03 - FY09), average annual funding for tenured faculty members with any sponsored research was $450,000. Average annual funding for research track faculty and research scientists was $300,000. This is based on award data, which is more volatile than expenditure data. The basic Computer Science start-up package costs $250,000. This is, on average, recouped within five years for assistant professors, and much faster for associates. This is even considering a lowerthan-standard Indirect Cost Recovery from the CAREER awards. At an average IDC rate of 30% (rather than 57%), the average assistant professor has generated $300,000 in IDC by year 5. Hiring Computer Science faculty is in excellent investment. The Finance and Operations Management Department since 2001 has hired 2 senior faculty and 4 junior faculty (2 of the junior ones were hired only last year and they were leading graduates nationally and highly sought after). The startup package is $50K per faculty member in ISOM (note that ISOM provides funding for 2 new doctoral students per area per year). The junior hires, in this period, have secured one NSF Career Award and an ONR grant. In addition, a junior faculty member has secured an NBER grant and a Q Group Research Grant. One of the senior faculty hires in this period received a joint National Collegiate Inventors and Innovations Alliance grant, and was a Co-PI on a funded NSF IGERT proposal. During this period, three junior faculty hires were also awarded Healey grants. The junior faculty are active in submitting research grant proposals, including proposals to NSF. Since 2001, grants and awards to other FOMGT faculty have included an $8.8 million hedge fund database, $25K for the investment club, that has already generated $40K additional in 13

14 funds, a $750K NSF grant, with several REU supplements, two AT&T grants, two Rockefeller Foundation awards, and a grant from the Institute for International Education. The Political Science Department has hired 2 senior faculty and 8 junior faculty since The bulk of these hires have followed a Faculty Hiring Initiative intended to emphasize cross-field and cross-discipline connections. The start-up package is $20,000 per faculty member in CSBS. The new hires, particularly those dealing with issues of information technology use, have succeeded in winning multiple NSF grants. One of the senior faculty hires is Director of the National Center for Digital Government. 14