Federal Plan for Cyber Security and Information Assurance Research and Development

From Cybersecurity Wiki
Jump to navigation Jump to search

Full Title of Reference

Federal Plan for Cyber Security and Information Assurance Research and Development

Full Citation

Nat'l Sci. and Tech. Council, Federal Plan for Cyber Security and Information Assurance Research and Development (2006). Online Paper. Web AltWeb

BibTeX Google Books

Categorization

Key Words

Research & Development

Synopsis

Given the growing importance of cyberspace to nearly all aspects of national life, a secure cyberspace is vitally important to the nation, but cyberspace is far from secure today. The United States faces the real risk that adversaries will exploit vulnerabilities in the nation's critical information systems, thereby causing considerable suffering and damage. Online e-commerce business, government agency files, and identity records are all potential security targets. "Toward a Safer and More Secure Cyberspace" examines these Internet security vulnerabilities and offers a strategy for future research aimed at countering cyber attacks. It also explores the nature of online threats and some of the reasons why past research for improving cybersecurity has had less impact than anticipated, and considers the human resource base needed to advance the cybersecurity research agenda. This book will be an invaluable resource for Internet security professionals, information technologists, policy makers, data stewards, e-commerce providers, consumer protection advocates, and others interested in digital security and safety.

Executive Summary

The IT infrastructure supports critical U.S. infrastructures such as power grids, emergency communications systems, financial systems, and airtraffic- control networks. While the vast majority of these critical infrastructures (including their IT components) are owned and operated by the private sector, ensuring their operational stability and security is vital to U.S. national, homeland, and economic security interests.

Cyber threats are asymmetric, surreptitious, and constantly evolving – a single individual or a small group anywhere in the world can inexpensively and secretly attempt to penetrate systems containing vital information or mount damaging attacks on critical infrastructures. Attack tools and resources are readily available on the Internet and new vulnerabilities are continually discovered and exploited. Moreover, the pervasive interconnectivity of the IT infrastructure makes cyber attack an increasingly attractive prospect for adversaries that include terrorists as well as malicious hackers and criminals.

Strategic Federal R&D Objectives The following strategic Federal objectives for cyber security and information assurance R&D are derived from a review of current legislative and regulatory policy requirements, analyses of cyber security threats and infrastructure vulnerabilities, and agency mission requirements:

  1. Support research, development, testing, and

evaluation of cyber security and information assurance technologies aimed at preventing, protecting against, detecting, responding to, and recovering from cyber attacks that may have largescale consequences.

  1. Address cyber security and information assurance

R&D needs that are unique to critical infrastructures.

  1. Develop and accelerate the deployment of new

communication protocols that better assure the security of information transmitted over networks.

  1. Support the establishment of experimental

environments such as testbeds that allow government, academic, and industry researchers to conduct a broad range of cyber security and information assurance development and assessment activities.

  1. Provide a foundation for the long-term goal of

economically informed, risk-based cyber security and information assurance decision making.

  1. Provide novel and next-generation secure IT

concepts and architectures through long-term research.

  1. Facilitate technology transition and diffusion of

Federally funded R&D results into commercial products and services and private-sector use.

Additional Notes and Highlights

Expertise Required: None