Feature Slides

• 1
• 2

2016 Federal Cybersecurity Research and Development Strategic Plan

As part of the President’s Cybersecurity National Action Plan (CNAP), the Administration released the 2016 Federal Cybersecurity Research and Development Strategic Plan, which was coordinated by the National Science and Technology Council. This is the most comprehensive Federal cybersecurity research and development (R&D;) plan to date, and it updates 2011’s Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program. With the goal of making cyberspace inherently more secure, the plan challenges the cybersecurity R&D; community to provide methods and tools for deterring, protecting, detecting, and adapting to malicious cyber activities. The plan defines near-, mid-, and long-term goals to guide and evaluate progress. Read more in the White House announcement of the strategic plan.

Background

• Cybersecurity Enhancement Act of 2014 - The Cybersecurity Enhancement Act of 2014 (https://www.congress.gov/bill/113th-congress/senate-bill/1353) directed Federal agencies to develop an updated Federal cybersecurity research and development strategic plan.
• Request For Information - On behalf of the agencies, the Cyber Security and Information Assurance Research and Development Senior Steering Group posted a Request for Information (RFI), seeking public input on research objectives for the strategic plan. The Request for Information was posted at: https://federalregister.gov/a/2015-09697. Submissions received to the RFI on Federal Cybersecurity R&D; Strategic Plan:

• Al-Shaer
• BENS
• Clark-Claffy
• Splunk
• Srinivasan
• VMware
• Weber

2011 Federal Cybersecurity Research and Development Strategic Plan

In 2011, Federal agencies released “Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program”, a strategic plan for cybersecurity research and development.

The strategic plan provides a framework for prioritizing Federal cybersecurity R&D; in a way that concentrates research efforts on limiting current cyberspace deficiencies, precluding future problems, and expediting the infusion of research accomplishments into the marketplace. The main thrusts of the strategy are:

• Inducing Change – using game-changing themes to understand the root causes of existing cybersecurity deficiencies with the goal of disrupting the status quo;
  • Tailored Trustworthy Spaces
  • Moving Target
  • Designed-In Security
  • Cyber Economic Incentives
• Developing Scientific Foundations – minimizing future cybersecurity problems by developing the science of security;
  • Science of Security
• Maximizing Research Impact – catalyzing coordination, collaboration, and integration of research activities across Federal agencies for maximum effectiveness; and
• Accelerating Transition to Practice – expediting improvements in cyberspace from research findings through focused transition programs.

Achieving enduring trustworthiness of cyberspace requires new paradigms that re-balance security asymmetries of today’s landscape: the cost of simultaneously satisfying all the requirements of an ideal cybersecurity solution in a static system is impossibly high, and so we must enable sub-spaces in cyberspace to support different security policies and different security services for different types of interactions; the cost of attack is asymmetric, favoring the attacker, and so defenders must increase the cost of attack and must employ methods that enable them to continue to operate in the face of attack; the lack of meaningful metrics and economically sound decision making in security misallocates resources, and so we must promote economic principles that encourage the broad use of good cybersecurity practices and deter illicit activities.

Publications and references

• Strategic Plan Review
  • Report on Implementing the Federal Cybersecurity Research and Development Strategy, NITRD, June 2014

• Strategic Plan Background
  • National Cyber Leap Year
  • Federal Science and Technology Priorities for the FY 2012 Budget
  • NITRD CSIA IWG Cybersecurity Game-Change Research & Development Recommendations
  • President's Cyberspace Policy Review
  • Comprehensive National Cybersecurity Initiative


• Presentations
  • Presentations from the NITRD Workshop on Tailored Trustworthy Spaces: Solutions for the Smart Grid , July 18-20, 2011, Washington, DC
  • Federal Cybersecurity Research and Development Program: Strategic Plan , May 25, 2011, IEEE Symposium on Security and Privacy
  • Federal Cyber Security Research Program, December 9, 2010, ACSAC 2010 conference
  • Federal Cyber Security Research Program, November 20, 2010, IEEE International Conference on Technologies for Homeland Security
  • NITRD Cybersecurity RD Themes, May 19, 2010, IEEE Symposium on Security and Privacy. See the webcast of this presentation.


• Other References
  • Cyber Security Assumption Buster Workshops 2011
  • Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, 2011
  • DOD JASON Science of Security Report
  • DHS Cybersecurity Roadmap 2010
  • Securing Cyberspace for the 44th Presidency 2008
  • FSSCC Research Agenda for the Banking and Finance Sector 2008
  • NRC Toward a Safer and More Secure Cyberspace 2007
  • PITAC Report 2005
  • INFOSEC Research Council Hard Problem List 2005
  • National Infrastructure Advisory Council Hardening the Internet 2004
  • CRA Grand Challenges 2003
  • National Strategy to Secure Cyberspace 2003