In order to secure the nation's computer networks from cyber-attack, the federal government has outlined its research and development priorities for cyber-security.
The Obama Administration has
outlined its road map of priorities for government agencies that sponsor
research and development on cyber-security.
The Office of Science and
Technology Policy (OSTP) organized the government's priorities into four major areas,
or "thrusts," in a report titled "Trustworthy Cyberspace: Strategic
Plan for the Federal Cyber-Security Research and Development Program,"
which was released Dec. 6.
The plan is the result of
seven years of examination and consideration by cyber-security experts in both
the private and public sector, Aneesh Chopra, U.S. CTO, and Howard Schmidt, the White House cyber-security
coordinator, wrote on the OSTP blog.
A 60-day review of the state
of cyber-security in the United States, conducted shortly after President Obama
took office in 2009, called for urgent action to secure the nation's computer
network infrastructure, according to Chopra and Schmidt. This R&D plan from
OSTP is based on that report's findings and outlines how to jump-start how the
nation approaches the challenge of developing and implementing more effective
cyber-security measures, they wrote.
"Given the magnitude
and pervasiveness of cyber-space threats to our economy and national security,
it is imperative that we fundamentally alter the dynamics in cyber-security
through the development of novel solutions and technologies," Chopra and
Schmidt wrote. The federal government has the research resources at its
disposal to address the underlying causes of cyber-security problems, they
In the first thrust,
"Inducing Change," OSTP advocates the use of
"game-changing" methods of problem-solving to understand the root
causes of existing cyber-security deficiencies and to tackle existing problems
with the "goal of disrupting the status quo," according to the
report. The research in this area will focus on creating "moving
targets" that will make it difficult for cyber-attackers to infiltrate
The second thrust,
"Developing Scientific Foundations," aims to treat cyber-security
like any other scientific discipline by developing methods, techniques and
control theories for attacks. Researchers will standardize data-gathering
methods, establish common terminology and identify metrics, according to the
Impact" is about engaging the greater cyber-security research community
and fostering connection with federal agencies for "maximum
effectiveness." Agencies need to collaborate, coordinate and integrate
their activities to improve cyber-security. The research also needs to be in
line with the agency's overall objectives, according to the OSTP.
"Accelerate Transition to Practice" thrust looks for ways to shorten
the time it takes for research to actually be put in practice and ways to
commercialize it, according to the report. There's a "chasm" between
the research community and operations teams, and bridging the gap is necessary,
according to the OSTP.
The government wants to
achieve "greater cyber-space resiliency" by developing technology to
enable secure software development, establishing economic incentives such as market-based,
legal, regulatory or institutional interventions, defining strategies to help
security professionals analyze and deploy mechanisms that increase cost and
complexity for attackers, and developing distributed, trusted environments,
according to the report.
The Obama Administration and
various Congressional lawmakers have pledged to make cyber-security a priority.
While there are several bills making the rounds in both the Senate and House that
address various cyber-security issues, such as online privacy, securing the
critical infrastructure and information-sharing between the public and private
sectors, most of them are all still in draft form. Congress has yet to pass
comprehensive cyber-security legislation.