The agency awarded $1.3 million to research helping organizations weigh the benefits of different cyber tools.
The Homeland Security Department is devoting nearly $1.3 million to researchers trying to figure out how organizations can get the most bang for their bucks when investing in cybersecurity.
The agency on Thursday announced it would fund teams at the University of California, San Diego, and University of Illinois, Chicago, which are building tools to spot and measure the costs of potential cyber threats.
The research falls under the Cyber Risk Economics program, or CYRIE, an effort by the agency’s Science and Technology Directorate to help groups invest in cyber defenses that will have the biggest positive impact on their bottom lines. If groups can quantify the costs of cyber threats and the benefits of cybersecurity tools, they’ll make smarter investment decisions, according to the agency.
The program hinges on the idea that rational actors maximize their well-being, a key tenant of economic theory.
“The threat intelligence metrics research will help organizations evaluate investments in threat intelligence products and services,” Erin Kenneally, the CYRIE program manager, said in a statement. “The standard model for the cost of cybersecurity attacks research will provide organizations a baseline to evaluate potential cyberattacks impacts in order to make sound investment decisions; something that is difficult today because of the absence of an open source, data-driven model for understanding and characterizing harms.”
The University of California, San Diego, team received more than $1 million to build analytics software that measures the reliability and value of tools for assessing cyber risk. Once developed, the system would allow organizations to compare cybersecurity products across the market.
Researchers at the University of Illinois, Chicago, received a one-year, $227,000 grant to build a platform for measuring the economic toll of various cyberattacks. The tool would automatically collect crunch data to estimate the impact of incidents in real-time. Using that information, organizations can weigh costs against the potential savings different cybersecurity tools can provide.
Research under CYRIE aims to build tools that analyze and predict the impact specific cybersecurity investments would have the probability, severity and consequences of potential attacks. The systems would also measure the relationship between cyber investments and business performance, and incentivize better risk management.