Engine-maker Rolls-Royce is teaming up with Purdue and Carnegie Mellon universities to develop cyber tools and protection for its sophisticated aircraft engines, the company announced April 22.
Initial projects include an effort to use artificial intelligence to detect cyber intrusions in the embedded computers that control jet engines.
Rolls-Royce will fund two or three projects a year through its new Cybersecurity Technology Research Network, choosing proposals submitted from academics at the two partner institutions, said S. Michael Gahn, the chief of technology for Rolls-Royce’s Product Cyber, which is run out of the company’s LibertyWorks technology incubator based in Indianapolis, 65 miles from the Purdue campus in West Lafayette, Ind.
Gahn declined to say exactly how much Rolls-Royce is investing, but noted that its commitment to fund two to three research projects per year “gives a good indication of the level of funding that we will be providing to these institutions.”
Success will be defined by the company’s ability to build the results of new research into the company’s engines. “The goal,” he said, is “to help better secure our products in the future.” That includes military and civilian aircraft engines and the systems it builds for power generation.
As embedded systems are added to control such systems, the software and networks used to manage and operate them are potentially vulnerable to hackers, said John Kusnierek, senior vice president in charge of LibertyWorks.
The Defense Department’s Joint All Domain Command and Control concept seeks to leverage such embedded systems, along with sensors and other systems, into what some have called “the internet of military things.” Networked together with high-speed communications and the power of cloud computing and storage, JADC2 seeks to accelerate information sharing to give the U.S. military an edge against adversaries.
“These complex connections, they have advantages in terms of performance, in terms of the environment and other factors,” Kusnierek said. But networking and data sharing have a downside. “They do open up a variety of risks for any system. And that’s where cybersecurity vigilance and capability really comes into play.”
Two of the three initial projects at Purdue involve efforts to develop AI-powered cyber defense tools, such as an intrusion detection system that can run on embedded systems, according to Dongyan Xu, a Purdue computer science professor and director of CERIAS, the university’s Center for Education and Research in Information Assurance and Security.
Xu cited two “technical challenges that we need to address: Both the accuracy of detection as well as the resource efficiency, how much resource will be consumed.”
AI typically requires massive computing power, more than is typically available in a streamlined embedded system. Detection accuracy is crucial because embedded systems are typically built to be deterministic—to operate with utter reliability and dependability. Cybersecurity systems, by contrast, often generate false positives.
The third project would examine “cyber challenges in cyber human interaction in the specific context of interviewing job candidates,” Xu said. The objective is a gamified platform that would “test and kind of challenge a job candidate … to better identify [their] talents and attributes.”
Carnegie Mellon University officials did not identify the projects they hope to pursue. “We’re still going through finalizing the details of them,” said Lorrie Cranor, director of CMU’s Cylab Security and Privacy Institute. Cranor stressed that the Rolls-Royce initiative focuses on “an issue that is near and dear to CMU, which is cybersecurity at the intersection with mechanical systems.”
The two universities are both rated among the top five engineering schools in the country, and CMU placed number one for cybersecurity studies—alongside the Georgia Institute of Technology and ahead of MIT and UC Berkeley—in the 2021 US News and World Report undergraduate rankings.
Rolls-Royce’s Gahn said planned future projects already include sharing open source software. “We’ve created this research network framework to allow for research results to be shared not only across the industry, but globally,” he said. “Some research will obviously be more sensitive and maybe something that we’d like to implement before sharing it. But there are provisions to allow research projects to be open source at the start.”
Rolls-Royce hopes to expand its network to add more partners, both in the United States and abroad, Gahn said.
“We’re actively looking at an international research university to join the network,” he said. “We’ll discuss that at a later time.”