Alumni brothers pioneer groundbreaking method of cybersecurityAug. 7, 2020, 7:00 AM
By Jenna Somers
Imagine driving down the highway in a brand-new Jeep Grand Cherokee, and without warning, freezing-cold air blasts from the vents, the stereo starts playing heavy metal music at deafening decibels, your transmission dies, and the doors won’t unlock. The good news is that your car is not a lemon. The bad news is that you have been attacked by a hacker sitting on his living room couch.
The increased connections between cyber-physical systems, the internet and cloud computing make these kinds of attacks possible. Critical infrastructures like cars, planes and power grids share much of the same software as ubiquitous commercial products, like the Apple Watch and Fitbit, so if hackers can penetrate unknown software vulnerabilities within these products, known as zero-day exploits, they can open a Pandora’s box of mayhem: disrupting electrical grids, shutting off hospital equipment, changing the course of missiles and crashing airplanes.
These worst-case scenarios of cyber warfare motivate Brad, MS’16, PhD’19, and Tim Potteiger, MS’17 and a Ph.D. candidate, twin brothers pioneering a new method of cybersecurity known as moving target defense. The reactive approach of traditional cybersecurity focuses on patching and fixing known vulnerabilities, but zero-day vulnerabilities can’t be fixed because no one knows they exist until a hacker finds and exploits them. Conversely, the proactive, preventive approach of moving target defense works by randomizing the memory structure of memory applications to significantly mitigate the ability of an attacker to find vulnerabilities in the first place. With this approach, the vulnerabilities move around, giving hackers a very narrow window of time to find and exploit them, greatly reducing the chances that they will.
Brad conceived of moving target defense while working on his Ph.D. in electrical engineering at Vanderbilt. Knowing that his novel idea would shift the paradigm of cybersecurity, he and Tim entered the Tech Venture Challenge, where they met Deanna Meador, associate director of the Wond’ry, Vanderbilt’s Innovation Center. From there, they participated in Meador’s PreLaunch program, received microgrant funding from the Wond’ry, and were invited to present at Tennessee’s largest student pitch competition during the 36|86 Entrepreneurship Festival before elevating their idea further through the prestigious National Science Foundation’s National I-Corps program and later winning the Southeast Entrepreneurship Conference’s Student Pitch Competition.
“As academics, we build tech, attend conferences, publish papers—but I-Corps taught us to grow as innovators by seeing the practical applications of research,” Brad said. “Additionally, the team at the Wond’ry emphasized that helping others throughout our society is the goal of our work. I was fortunate to end my Vanderbilt career seeing things that way.”
“That way,” as Brad stated, reflects the primary mission of the 10 trans-institutional research centers and institutes under the Office of the Vice Provost for Research, which oversees the Wond’ry and works closely with its leaders, for whom Brad and Tim share much appreciation. They are particularly grateful for the guidance they received from Meador as well as Dave Owens, professor of the practice of management and innovation at the Owen School and Evans Family Executive Director of the Wond’ry, and Stryker Warren, master mentor at the Wond’ry.
“Seeing these two brothers translate their research into novel solutions that can have a transformative impact in the market has been one of the highlights of my time at the Wond’ry thus far,” Meador said. “They are working to solve critical challenges in cybersecurity in ways that provide opportunities for businesses of all sizes to utilize their cutting-edge, proactive approach.”
Earlier this year when remote work became the new normal, the Potteigers were among the first I-Corps teams to navigate the program virtually, in which they video-conferenced with over 100 potential clients, including leaders in government, uniform startups, cybersecurity consultants and even the CEO of one of their competitors. Through these meetings they learned that while moving target defense would serve the needs of both the public and private sectors, it may have its greatest impact on protecting small businesses from nation-state hackers.
“Nation-states like Russia, China and North Korea aren’t as focused on attacking the federal government as they once were. They’re now targeting mom-and-pop businesses, who lack the financial means to protect themselves from such attacks, to create chaos throughout society because they see that as a better return on their investment,” Brad said. “Our goal is to democratize cybersecurity by offering moving target defense to small businesses, hospitals and a range of other stakeholders so that we can empower people who don’t have the resources of the federal government.”
“Brad and I are grateful for our amazing mentors at Vanderbilt. Gabor Karsai and I collaborated on NASA research, and Kenneth Pence inspired a lot of students like me through innovative projects,” Tim said. “I worked with him on battery optimization technology for a magnetic levitation vehicle that was able to lift a 100-pound freshman off the ground.”
“I owe everything to my adviser, Xenofon Koutsoukos,” added Brad. “From the second I walked on campus, to now working on next-generation technology, speaking at conferences and being at the forefront of transformative research, Xenofon has been there for me.”
As they begin to form their own startup company to explore commercialization for their solutions, Brad and Tim rely on many of the lessons they learned from the Wond’ry and I-Corps program. “The I-Corps experience is priceless,” Brad said. “It takes you out of your shell and forces you to grow in ways where you have the opportunity to make an impact and be a part of something greater than yourself.”