cybersecurity

Credit: Mike Strasser/USMA PAO/Flickr

Malware and search engines: Lamar Smith goes far afield in his latest hit list of NSF grants

Representative Lamar Smith (R–TX) has drawn a lot of attention for publicly chastising the National Science Foundation (NSF) for funding research on, say, China’s milk supply or ancient Icelandic textiles. But in criticizing government-funded research on seemingly obscure topics, or in far-away countries, Smith was simply joining a long line of politicians who over the years have claimed to be protecting U.S. taxpayers by questioning how research agencies spend money.

But last week the chair of the science committee in the U.S. House of Representatives may have crossed into uncharted territory with his new list of 13 “questionable” NSF grants. The letter, sent to NSF on 10 February, means that Smith has now asked NSF for detailed information on more than 60 grants. Most relate to climate, environmental, and social science, but the new request appears to reflect a much more ambiguous filter: For the first time, it contains several awards in the physical sciences, including one that has led to patented software to detect whether a computer has been taken over by malicious software and another that explores a long-standing mathematical puzzle.

Scientists are scratching their heads and asking themselves how anyone could consider such research to be an example of wasteful government spending. “I can’t figure out which bucket this fell into: silly, obvious, or low priority,” says one university administrator whose institution is a recipient of one of the grants. “Ah, well, we’ll soldier on.”

Detecting malware

As chair of the science committee in the U.S. House of Representatives, which oversees NSF and several other federal research agencies, Smith has spent the past 2 years demanding that NSF explain why it funded some research projects. He and NSF have reached a temporary agreement that allows his staff to review all relevant materials in a secure room at NSF’s headquarters in northern Virginia, with one caveat: The names of the reviewers have been deleted. Smith has said the committee is simply doing due diligence on NSF’s system of merit review, which relies on comments from thousands of volunteer experts to help it decide which proposals to fund.

NSF’s selection process is based on the project’s scientific merit and broader impacts, a catchall phrase that can include the potential economic, educational, and societal implications of the research. Smith and other legislators have taken issue with the foundation’s broad definition of that second criterion, saying that it has led to research that they believe is of lesser importance and, thus, not in the national interest.

The debate is more than academic. In December, Congress passed a 2015 spending bill that required NSF to apply a small overall budget increase to only four of its six research directorates. The social sciences and the geosciences were excluded, presumably on the grounds that the research they support is less critical to the nation’s well-being.

The new list contains some additional examples of research that seems related to Smith’s past concerns, such as studying atmospheric chemistry to improve climate change models. But it also breaks new ground by covering work in seemingly less controversial disciplines, including the growing threat from global cyberattacks. One grant Smith has singled out for scrutiny, for example, went in 2010 to Daphne Yao, an associate professor of computer science at the Virginia Polytechnic Institute and State University (Virginia Tech) in Blacksburg.

“Say it’s in the middle of the night, and all of a sudden a computer starts sending e-mails and accessing data,” says Yao, describing her work on detecting malware, or malicious software. “If the keyboard has input and the mouse is moving, then it’s probably OK [because the user is operating the computer]. But it also might be because of malicious software.”

Detecting human input is only one piece of the puzzle, Yao explains. Her software also tracks what the computer is actually doing. “If the malware is not making any external connections to its bot master or sending out attack messages, it’s not a big problem,” she says. “So we focus on outbound traffic and how to contain it.”

Last year was a banner year for Yao: She received a patent for the malware detection system, earned tenure at Virginia Tech, and gave a talk at the prestigious Grace Hopper Celebration of Women in Computing conference, which attracts thousands of scientists from academia, industry, and government. After her talk, she was mobbed by women who wanted to apply her system to secure their workplaces. “The user action seemed very appealing to females,” she noted. Richard Benson, dean of engineering at Virginia Tech, calls Yao “one of our emerging stars, and one of the best faculty hires we have ever made.”

Yao’s work would also appear to be a poster child for what Smith has repeatedly described as the goal of his inquiries: making sure that NSF is funding “the highest priority research that is in the national interest.” But Yao thinks that his metrics may be flawed. “The way the House committee is treating the research,” she says, “it is really hindering national security.”

Ironically, Yao also holds a grant from the U.S. Army Research Office to model the behavior of computer programs. “But it’s more traditional,” she explains. “It has nothing to do with user action.” In contrast, she says, “the NSF award gave me a chance to take risks. And cybersecurity requires a lot of out-of-the-box approach. It’s an arms race in which you’re always trying to stay one step ahead of the attackers.”

Why was I singled out?

The committee’s investigation is also taking a toll on her morale. Yao cites her 5-year, $562,000 award, entitled “CAREER: Human-Behavior Driven Malware Detection,” as an example. “Because it comes from a panel of established experts in the community, receiving the CAREER award really gave me this big boost in confidence,” she says. “It was a career-defining moment. And then to have members of the committee, with no technology background, judge the value of the research based solely on its title, is very disheartening.”

Smith declined to answer specific questions about how the latest grants were chosen. Instead, a committee aide provided ScienceInsider with a statement identical to one given last month to another reporter who had asked about a different set of targeted grants.

“The committee plans to eventually look at a broad cross-section of grants from all directorates and sub-directorates,” the statement reads in part. “Some grants for which the committee has requested information have previously attracted constituent, Member, or press questions. Others have been selected because the subject matter seems interesting. Still others are selected randomly to assure the cross-section alluded to above. Reviewing the project jackets for some complex projects in the physical sciences will help the committee to understand the potential difficulty of composing non-technical summaries that convey a project’s underlying scientific merit and national interest.”

Scientists with a grant on the most recent list are struggling to figure out which category applies to their grant. “Either they made a completely random decision, or some of their staff made a decision based on superficial details which I don't know (which is more or less random but in a different sense),” says Alexander Teplyaev, a mathematician at the University of Connecticut (UConn), Storrs, who in 2011 received a 3-year, $355,000 award from NSF. “In any case, I don't see how I could cause this, and see even less what I can do now.”

Teplyaev is trying to extend a basic tool of calculus, the partial differential equation, so that it can describe not only phenomena in ordinary continuous space, but also in a space that is a fractal—essentially a lacework filled with an infinity of ever smaller holes. He and colleagues deal mainly with abstract problems: They've calculated the behavior of a viscous fluid when the fluid is confined to a spongelike fractal. But the mathematical methods they're developing could have myriad real-world applications.

It may be hard for a layperson to understand his research, Teplyaev admits. But the benefits of investing in mathematical research are obvious, he says: Just think about the economic and societal payoff from the ranking algorithm used by Google in its search engine. “That work was started by Markov more than a century ago,” he says, referring to the Russian mathematician A. A. Markov. “My own research continues the work of Markov, Kolmogorov, and others.”

UConn students have also figured out that math isn’t just an ivory-tower exercise. Since 2000, the share of math majors within the college of arts and sciences has doubled, Teplyaev points out, and the number of students taking math courses has grown much faster than overall enrollment. Almost half of his NSF grant goes to support research by undergraduate and graduate students, he adds.

Smith has every right to question how NSF is spending tax dollars, Teplyaev says. And although he’s keeping an open mind on the committee’s latest inquiry, Teplyaev says the bottom line is clear: “If they increase funding for research, I'll be glad. If they cut our funding, they can be criticized based on details of their decision.”

Follow News from Science

Latest News

A 3D plot from a model of the Ebola risk faced at different West African regions over time.
dancing shoes