A Roadmap for Cybersecurity Research
Full Title of Reference
A Roadmap for Cybersecurity Research
Full Citation
Department of Homeland Security, A Roadmap for Cybersecurity Research (2009). Web
Categorization
- Overview: Government Reports and Documents
- Threats and Actors: Private Critical Infrastructure; Public Critical Infrastructure; States; Terrorists
- Issues: Attribution; Metrics; Privacy; Public-Private Cooperation
- Approaches: Government Organizations
Key Words
Botnet, Civilian Participation, Computer Network Attack, COTS Software, Cyber Crime, Cyber Security as a Public Good, Cyber Terrorism, Department of Homeland Security, Honeypot, Interdependencies, Malware, National Security, Outreach and Collaboration, Privacy Law
Synopsis
This cybersecurity research roadmap is an attempt to begin to define a national R&D agenda that is required to enable us to get ahead of our adversaries and produce the technologies that will protect our information systems and networks into the future. The research, development, test, evaluation, and other life cycle considerations required are far reaching—from technologies that secure individuals and their information to technologies that will ensure that our critical infrastructures are much more resilient. The R&D investments recommended in this roadmap must tackle the vulnerabilities of today and envision those of the future.
The intent of this document is to provide detailed research and development agendas for the future relating to 11 hard problem areas in cybersecurity, for use by agencies of the U.S. Government and other potential R&D funding sources. The 11 hard problems are:
1. Scalable trustworthy systems (including system architectures and requisite development methodology)
Growing interconnectedness among existing systems results, in effect, in new composite systems at increasingly large scales. Existing hardware, operating system, networking, and application architectures do not adequately account for combined requirements for security, performance, and usability—confounding attempts to build trustworthy systems on them. As a result, today the security of a system of systems may be drastically less than that of most of its components.
The primary focus of this topic area is scalability that preserves and enhances trustworthiness in real systems. The perceived order of importance for research and development in this topic area is as follows: (1) trustworthiness, (2) composability, and (3) scalability. Thus, the challenge addressed here is threefold: (a) to provide a sound basis for composability that can scale to the development of large and complex trustworthy systems; (b) to stimulate the development of the components, analysis tools, and testbeds required for that effort; and (c) to ensure that trustworthiness evaluations themselves can be composed.
This topic area interacts strongly with enterprise-level metrics (Section 2) and evaluation methodology (Section 3) to provide assurance of trustworthiness.
2. Enterprise-level metrics (ELMs)
Defining effective metrics for information security (and for trustworthiness more generally) has proven very difficult, even though there is general agreement that such metrics could allow measurement of progress in security measures and at least rough comparisons between systems for security. Metrics underlie and quantify progress in all other roadmap topic areas. We cannot manage what we cannot measure, as the saying goes. However, general community agreement on meaningful metrics has been hard to achieve, partly because of the rapid evolution of information technology (IT), as well as the shifting locus of adversarial action.
Lack of effective ELMs leaves one in the dark about cyberthreats in general. With respect to enterprises as a whole, cybersecurity has been without meaningful measurements and metrics throughout the history of information technology. (Some success has been achieved with specific attributes at the component level.) This lack seriously impedes the ability to make enterprise-wide informed decisions of how to effectively avoid or control innumerable known and unknown threats and risks at every stage of development and operation.
3. System evaluation life cycle (including approaches for sufficient assurance)
The security field lacks methods to systematically and cost-effectively evaluate its products in a timely fashion. Without realistic, precise evaluations, the field cannot gauge its progress toward handling security threats, and system procurement is seriously impeded. Evaluations that take longer than the existence of a particular system version are of minimal use. A suitable life cycle methodology would allow us to allocate resources in a more informed manner and enable consistent results across multiple developments and applications.
Systematic, realistic, easy-to-use and standardized evaluation methods are needed to objectively quantify performance of any security artifact [i.e., a protocol, device, architecture or system] and the security of environments where these artifacts are to be deployed, before and after deployment, as well as the performance of proposed solutions. The evaluation techniques should objectively quantify security posture throughout the critical system life cycle. This evaluation should support research, development, and operational decisions, and maximize the impact of the investment.
4. Combatting insider threats
Cybersecurity measures are often focused on threats from outside an organization, rather than threats posed by untrustworthy individuals inside an organization. Experience has shown that insiders pose significant threats.
The insider threat today is addressed mostly with procedures such as awareness training, background checks, good labor practices, identity management and user authentication, limited audits and network monitoring, two-person controls, application-level profiling and monitoring, and general access controls. However, these procedures are not consistently and stringently applied because of high cost, low motivation, and limited effectiveness.
At a high level, opportunities exist to mitigate insider threats through aggressive profiling and monitoring of users of critical systems, “fishbowling” suspects, “chaffing” data and services users who are not entitled to access, and finally “quarantining” confirmed malevolent actors to contain damage and leaks while collecting actionable counter-intelligence and legally acceptable evidence.
5. Combatting malware and botnets
6. Global-scale identity management
7. Survivability of time-critical systems
8. Situational understanding and attack attribution
9. Provenance (relating to information, systems, and hardware)
10. Privacy-aware security
11. Usable security
For each of these hard problems, the roadmap identifies critical needs, gaps in research, and research agenda appropriate for near, medium, and long term attention.
Additional Notes and Highlights
Expertise Required: Technology - Low