Transitioning Cybersecurity Innovation to Practice
If computer science professor Craig Shue meets his goals for his start-up company, computer screens in businesses, universities, and other enterprises throughout the world will be sporting a peace sign icon in the years ahead.
The icon is key to the cybersecurity system that Shue has designed through his company, ContextSure Networks. Whenever a security system detects a potential threat, the computer users can simply click on his program’s icon to send background information about their computer activity, along with overall network data, to information technology analysts. This data gives those IT analysts a quick and reliable way of identifying and remedying the situation.
“All this is a treasure trove of information available for the analysts to figure out what is going on, and we aren’t requiring the end user to do anything but click a couple of buttons,” he says.
Shue is on sabbatical for the coming academic year to further develop and market the system.
“It’s really about getting it installed on people’s computers,” he explains. “Unlike antivirus software that constantly requires updating and isn’t particularly effective, this essentially puts the IT staff in charge so they can constantly adapt to new threats without having to update everyone’s computer.”
By developing information on how individuals are using a network’s computers, and establishing a series of fine-grained permissions relating to those uses, the Policy Enforcement and Access Control for Endpoints—or PEACE system—enhances security and allows IT analysts to identify and deal with malware quickly.
“One of our key differences from traditional network security products is we try to figure out what the human user is trying to do,” says Shue. “We think it is important to know why a network request is happening.”
If an action on the network isn’t related to an interaction with a user, chances are good it is the result of malware trying to spread through the system, a situation that IT analysts can deal with immediately.
The system was developed with a 2014 National Science Foundation grant, and the technique is under patent consideration. In June 2016 Shue received a Department of Homeland Security grant to further develop the system under the agency’s Transition to Practice Program, which seeks to commercialize promising cybersecurity technologies.
He says he has been working since the end of the academic year on making PEACE more user-friendly.
“I’ve been working this summer to try to get the product to where it is ready for possible production use,” he says. “I’ve been talking to potential customers on the phone to find out what they need.”
Shue went to Washington, D.C, in May for a conference sponsored by Homeland Security, in which venture capitalists and potential customers gathered to review new ideas like the PEACE system.
He is planning to go to another road show—this time in New York—later this year.
On the company website, ContexSure Networks tells prospective customers that “end users can learn about security and become a powerful line of defense for your organization with the right outreach, communication, and service resolution.”
“We believe in teachable moments, where end users can be receptive to IT security messaging as part of their workflow,” the company explains. “With ContexSure, we engage users and help them see that IT security is an ally, not an obstacle.”
"[ContexSure Networks] essentially puts the IT staff in charge so they can constantly adapt to new threats without having to update everyone’s computer." -Craig Shue
According to the website, the PEACE program includes encouraging end-user engagement in network security, promoting an understanding by IT professionals of the context within which a network and its users operate, and allowing those professionals wide authority to take immediate action when a threat is discovered.
Shue is also involved in a residential software-defined networking project that has received funding through a National Science Foundation CAREER Award. The project is an effort to use software and cloud-based technologies to provide greater security to the average every-day computer user.
Shue, who has a PhD in computer science from Indiana University, came to WPI in the summer of 2011 from the Oak Ridge National Laboratory, where he was a cybersecurity research scientist. He continues to collaborate with scientists from the laboratory. In fact, his colleague in the PEACE endeavor is Curtis Taylor, a former student of Shue’s who received his PhD in computer science in May and is now working at the Oak Ridge Lab in Shue’s former role.
Last year Shue taught courses in Network Security, Operating Systems, and Advanced Networks. He was granted tenure and promoted to the rank of associate professor effective July 1, 2017.
In 2014 he was awarded the Romeo L. Moruzzi Young Faculty Award for Innovation in Undergraduate Education for his work in the undergraduate network security course.
“I love teaching computer science and security at WPI,” he says on his university profile page. “Our students are enthusiastic about mastering the technical details of systems, networks, and software, making it a thrill to work with them.”
Shue is the director of WPI’s Scholarship for Service program, a cybersecurity scholarship effort funded by the National Science Foundation. He is also an advisor to the WPI Cyber Security Club and the coach for the WPI Collegiate Cyber Defense Competition Team.
He says he will miss teaching this coming academic year—“Getting to see people back in the classroom is one of the things that makes fall fun.”
- By Thomas Coakley