Difference between revisions of "Federal Plan for Cyber Security and Information Assurance Research and Development"

From Cybersecurity Wiki
Jump to navigation Jump to search
Line 59: Line 59:
 
# Provide novel and next-generation secure IT concepts and architectures through long-term research.  
 
# Provide novel and next-generation secure IT concepts and architectures through long-term research.  
 
# Facilitate technology transition and diffusion of Federally funded R&D results into commercial products and services and private-sector use.
 
# Facilitate technology transition and diffusion of Federally funded R&D results into commercial products and services and private-sector use.
 +
 +
'''Findings and Recommendations'''
 +
Strategic interagency R&D is needed to
 +
strengthen the cyber security and information
 +
assurance of the Nation’s IT infrastructure.
 +
Planning and conducting such R&D will require
 +
concerted Federal activities on several fronts as well
 +
as collaboration with the private sector. The
 +
specifics of the strategy proposed in this Plan are
 +
articulated in a set of findings and
 +
recommendations. Presented in greater detail in the
 +
report, these findings and recommendations are
 +
summarized as follows:
 +
 +
===Target Federal R&D investments to strategic cyber security and information assurance needs===
 +
Federal cyber security and information assurance
 +
R&D managers should reassess the Nation’s
 +
strategic and longer-term cyber security and
 +
information assurance needs to ensure that Federal
 +
R&D addresses those needs and complements areas
 +
in which the private sector is productively engaged.
 +
 +
===Focus on threats with the greatest potential impact===
 +
Federal agencies should focus cyber security and
 +
information assurance R&D investments on high impact
 +
threats as well as on investigation of
 +
innovative approaches to increasing the overall
 +
security and information assurance of IT systems.
 +
 +
===Make cyber security and information assurance R&D both an individual agency and an interagency budget priority===
 +
Agencies should consider cyber security and
 +
information assurance R&D policy guidance as
 +
they address their mission-related R&D
 +
requirements. To achieve the greatest possible
 +
benefit from investments throughout the Federal
 +
government, cyber security and information
 +
assurance R&D should have high priority for
 +
individual agencies
  
 
==Additional Notes and Highlights==
 
==Additional Notes and Highlights==
 
Expertise Required: None
 
Expertise Required: None

Revision as of 15:17, 9 September 2010

Full Title of Reference

Federal Plan for Cyber Security and Information Assurance Research and Development

Full Citation

Nat'l Sci. and Tech. Council, Federal Plan for Cyber Security and Information Assurance Research and Development (2006). Online Paper. Web AltWeb

BibTeX Google Books

Categorization

Key Words

Research & Development

Synopsis

Given the growing importance of cyberspace to nearly all aspects of national life, a secure cyberspace is vitally important to the nation, but cyberspace is far from secure today. The United States faces the real risk that adversaries will exploit vulnerabilities in the nation's critical information systems, thereby causing considerable suffering and damage. Online e-commerce business, government agency files, and identity records are all potential security targets. "Toward a Safer and More Secure Cyberspace" examines these Internet security vulnerabilities and offers a strategy for future research aimed at countering cyber attacks. It also explores the nature of online threats and some of the reasons why past research for improving cybersecurity has had less impact than anticipated, and considers the human resource base needed to advance the cybersecurity research agenda. This book will be an invaluable resource for Internet security professionals, information technologists, policy makers, data stewards, e-commerce providers, consumer protection advocates, and others interested in digital security and safety.

Executive Summary

The IT infrastructure supports critical U.S. infrastructures such as power grids, emergency communications systems, financial systems, and airtraffic- control networks. While the vast majority of these critical infrastructures (including their IT components) are owned and operated by the private sector, ensuring their operational stability and security is vital to U.S. national, homeland, and economic security interests.

Cyber threats are asymmetric, surreptitious, and constantly evolving – a single individual or a small group anywhere in the world can inexpensively and secretly attempt to penetrate systems containing vital information or mount damaging attacks on critical infrastructures. Attack tools and resources are readily available on the Internet and new vulnerabilities are continually discovered and exploited. Moreover, the pervasive interconnectivity of the IT infrastructure makes cyber attack an increasingly attractive prospect for adversaries that include terrorists as well as malicious hackers and criminals.

Strategic Federal R&D Objectives The following strategic Federal objectives for cyber security and information assurance R&D are derived from a review of current legislative and regulatory policy requirements, analyses of cyber security threats and infrastructure vulnerabilities, and agency mission requirements:

  1. Support research, development, testing, and evaluation of cyber security and information assurance technologies aimed at preventing, protecting against, detecting, responding to, and recovering from cyber attacks that may have large scale consequences.
  2. Address cyber security and information assurance R&D needs that are unique to critical infrastructures.
  3. Develop and accelerate the deployment of new communication protocols that better assure the security of information transmitted over networks.
  4. Support the establishment of experimental environments such as testbeds that allow government, academic, and industry researchers to conduct a broad range of cyber security and information assurance development and assessment activities.
  5. Provide a foundation for the long-term goal of economically informed, risk-based cyber security and information assurance decision making.
  6. Provide novel and next-generation secure IT concepts and architectures through long-term research.
  7. Facilitate technology transition and diffusion of Federally funded R&D results into commercial products and services and private-sector use.

Findings and Recommendations Strategic interagency R&D is needed to strengthen the cyber security and information assurance of the Nation’s IT infrastructure. Planning and conducting such R&D will require concerted Federal activities on several fronts as well as collaboration with the private sector. The specifics of the strategy proposed in this Plan are articulated in a set of findings and recommendations. Presented in greater detail in the report, these findings and recommendations are summarized as follows:

Target Federal R&D investments to strategic cyber security and information assurance needs

Federal cyber security and information assurance R&D managers should reassess the Nation’s strategic and longer-term cyber security and information assurance needs to ensure that Federal R&D addresses those needs and complements areas in which the private sector is productively engaged.

Focus on threats with the greatest potential impact

Federal agencies should focus cyber security and information assurance R&D investments on high impact threats as well as on investigation of innovative approaches to increasing the overall security and information assurance of IT systems.

Make cyber security and information assurance R&D both an individual agency and an interagency budget priority

Agencies should consider cyber security and information assurance R&D policy guidance as they address their mission-related R&D requirements. To achieve the greatest possible benefit from investments throughout the Federal government, cyber security and information assurance R&D should have high priority for individual agencies

Additional Notes and Highlights

Expertise Required: None