National Cyber Leap Year Summit 2009, Co-Chairs' Report

From Cybersecurity Wiki
Revision as of 09:24, 9 September 2010 by WikiSysop (talk | contribs) (→‎Synopsis)
Jump to navigation Jump to search

Full Title of Reference

National Cyber Leap Year Summit 2009, Co-Chairs' Report

Full Citation

Networking and Information Technology Research and Development, National Cyber Leap Year Summit 2009: Co-Chairs' Report (2009). Web

BibTeX

Categorization

Key Words

Synopsis

The Nation’s economic progress and social well-being now depend as heavily on cyberspace assets as on interest rates, roads, and power plants, yet our digital infrastructure and its foundations are still far from providing the guarantees that can justify our reliance on them. The inadequacy of today’s cyberspace mechanisms to support the core values underpinning our way of life has become a national problem. To respond to the President’s call to secure our nation’s cyber infrastructure, the White House Office of Science and Technology Policy (OSTP) and the agencies of the Federal Networking and Information Technology Research and Development (NITRD) Program have developed the Leap-Ahead Initiative. NITRD agencies include AHRQ, DARPA, DOE, EPA, NARA, NASA, NIH, NIST, NOAA, NSA, NSF, OSD, and the DOD research labs.) As part of this initiative, the Government in October 2008 launched a National Cyber Leap Year to address the vulnerabilities of the digital infrastructure. That effort has proceeded on the premise that, while some progress on cybersecurity will be made by finding better solutions for today’s problems, some of those problems may prove to be too difficult. The Leap Year has pursued a complementary approach: a search for ways to avoid having to solve the intractable problems. We call this approach changing the game, as in “if you are playing a game you cannot win, change the game!” During the Leap Year, via a Request for Information (RFI) process coordinated by the NITRD Program, the technical community had an opportunity to submit ideas for changing the cyber game, for example, by:

  • Morphing the board: changing the defensive terrain (permanently or adaptively) to make it harder for the attacker to maneuver and achieve his goals, or
  • Changing the rules: laying the foundation for cyber civilization by changing norms to favor our society’s values, or
  • Raising the stakes: making the game less advantageous to the attacker by raising risk, lowering value, etc.

The 238 RFI responses that were submitted were synthesized by the NITRD Senior Steering Group for Cybersecurity R&D and five new games were identified. These new games have been chosen both because the change shifts our focus to new problems, and because there appear to be technologies and/or business cases on the horizon that would promote a change:

  • Basing trust decisions on verified assertions (Digital Provenance)
  • Attacks only work once if at all (Moving-target Defense)
  • Knowing when we have been had (Hardware-enabled Trust)
  • Move from forensics to real-time diagnosis (Nature-inspired Cyber Health)
  • Crime does not pay (Cyber Economics)

Additional Notes and Highlights

Expertise Required: None