This very important strategic plan establishes four cybersecurity R&D themes to unify and focus the cybersecurity research community on a common set of problems. The intent of each theme is to delineate the scope of a compelling hard problem in cybersecurity against which there can be a focused Federal investment to inspire and foster new ideas, and to engender innovative, game-changing solutions.
These themes are fundamentally interdisciplinary, draw upon a number of sciences and technologies, and foster synergy among researchers:
1. Designed-In Security – Builds the capability to design, develop, and evolve high-assurance, software-intensive systems predictably and reliably while effectively managing risk, cost, schedule, quality, and complexity. Promotes tools and environments that enable the simultaneous development of cyber-secure systems and the associated assurance evidence necessary to prove the system’s resistance to vulnerabilities, flaws, and attacks. Secure, best practices are built inside the system. Consequently, it becomes possible to evolve software-intensive systems more rapidly in response to changing requirements and environments.
2. Tailored Trustworthy Spaces – Provides flexible, adaptive, distributed trust environments that can support functional and policy requirements arising from a wide spectrum of activities in the face of an evolving range of threats. Recognizes the user’s context and evolves as the context evolves.
3. Moving Target – Enables us to create, analyze, evaluate, and deploy mechanisms and strategies that are diverse and that continually shift and change over time to increase complexity and cost for attackers, limit the exposure of vulnerabilities and opportunities for attack, and increase system resiliency.
4. Cyber Economic Incentives – Develops effective incentives to make cybersecurity ubiquitous, including incentives affecting individuals and organizations. Incentives may involve market-based, legal, regulatory, or institutional interventions. Sound economic incentives need to be based on sound metrics, including scientifically valid cost risk analysis methods, and to be associated with sensible and enforceable notions of liability and care.
Trustworthiness of cyberspace is not a fixed end-state, but a dynamic state, in which there is a continuous process of defensive adjustments and anticipatory adaptations. Moreover, in cyberspace environments related to national security and military activities, there must be a fundamental assumption that the environment is suspect and that its trustworthiness must be continuously monitored and analyzed. Requires advances in understanding the motivations and vulnerabilities of both markets and humans, and how these factors affect and interact with technical systems.
For more information, see http://cybersecurity.nitrd.gov.