Cybersecurity is generally thought of as the implementation of strategies to protect computer systems or the Internet against viruses or fraud. Yet, in actual practice, securing systems and the safety and privacy of their users relies on an integrated network of technological, legal, and social approaches. Research initiatives in the Center for Cybersecurity reflect this diversity of topics and approaches, as well as the often interdisciplinary expertise security solutions require.

Below are very broad descriptions of the primary research categories in which CCS faculty and students are actively engaged. You can stay abreast on the CCS research initiatives making headlines by checking the postings under Press Highlights and CCS News.


Research initiatives have addressed strategies for mapping and disrupting cybercrime networks, and legal and policy interventions that can deter criminal networks from raising, storing, moving, and using funds.

When it comes to cybersecurity, who is responsible for developing and enforcing policies to adequately address current and future risk? Our work on cyber governance aims to identify the appropriate roles and obligations of various stakeholders—including private companies and government agencies. This includes issues of technical capacity, the regulatory environment, and commercial incentives.

As cybersecurity is still a young discipline, many of the strategic frameworks that will define it are still in formation. CCS research is working to sharpen the boundaries between cybersecurity and intelligence authorities, the ways in which cyber capabilities are integrated into larger strategic structures, and the development of international laws and norms.

Cyberphysical systems are mechanical systems that are monitored and controlled by computers. Attacks aimed at cyberphysical systems can have catastrophic effects on electric power generation and delivery, traffic flow management, public health, national and economic security, and more. Our work focuses on enhancing the security and resilience of these systems.

Securing systems and the software that powers them requires a multitude of approaches. Current research initiatives at CCS address virtualization security, memory forensics, embedded systems, data compression, security and human behavior, and the delivery of secure updates to repositories, automobiles, and other smart devices. A common thread among all these initiatives is that they are based on deployments in real world systems. In addition, CCS projects have empirically measured the security and privacy of technology systems and their intersections with society. These latter initiatives address security and privacy issues with great societal impact, such as censorship, online harassment, and the protection of vehicular systems.

As our society has been transformed into a “digital world,” where most information is created, captured, transmitted, stored, and processed in digital form, it has also spawned a new way to preserve, collect, validate, identify, analyze, interpret, document, and present digital evidence. In addition to fostering the development of these emerging technologies, there may also be a need to set parameters for their use, both legally and ethically.

In the computer science field, security has generally been piecemeal in nature, rather than a holistic operation that can guarantee the security of a project from end to end. Two different CCS initiatives are now tackling the need to secure the supply chain when creating hardware and/or software.