Security R&D Plan Released

Cybersecurity? Don't worry, Uncle Sam is on it, at least according a new plan recently released by the Interagency Working Group on Cyber Security and Information Assurance, under the direction of the National Science and Technology Council.

Entitled "Federal Plan for Cyber Security and Information Assurance Research and Development," the document outlines the R&D plans the Feds have to bolster future security technologies and capabilities.

Among the findings and recommendations the plan puts forth are:

• Target Federal R&D investments to strategic cyber security and information assurance needs.
  
• Focus on threats with the greatest potential impact, particularly in terms of increasing the overall security and information assurance of IT systems.
  
• Make cyber security and information assurance R&D both an individual agency and an interagency budget priority.
  
• Build in security from the beginning, by supporting fundamental R&D into inherently more secure next-generation technologies that will replace today’s insecure, patchwork infrastructure.
  
• Develop and apply new methods and technologies for measuring IT component, network and system security.
  
• Implement more effective coordination with the private sector, including improving communication and coordination with operators of both federal and private-sector critical infrastructures with shared interests.
  
• Foster a broad partnership among government, the IT industry, researchers and private-sector users, including international partners, to develop, test and deploy a more secure next-generation Internet.

These (and other) general recommendations are based on technology trends identified by the report, including:

• The increasing complexity of IT systems and networks, which present mounting security challenges for both the developers and consumers.
  
• The evolving nature of the telecommunications infrastructure, as the traditional phone system and IT networks converge into a more unified
  architecture.
  
• The expanding wireless connectivity to individual computers and networks, which increases their exposure to attack. In hybrid or all-wireless network environments, the traditional defensive approach of “securing the perimeter” is not effective because it is increasingly difficult to determine the physical and logical boundaries of networks.
  
• The increasing interconnectivity and accessibility of (and consequently, risk to) computer-based systems that are critical to the U.S. economy, including supply chain management systems, financial sector networks, and distributed control
  systems for factories and utilities.
  
• The breadth and increasingly global nature of the IT supply chain, which will increase opportunities for subversion by adversaries, both foreign and domestic

Specifically, the report suggested that the top technical and funding priorities for cyber secuirty R&D include:

• Authentication, authorization, and trust management
  
• Access control and privilege management
  
• Attack protection, prevention, and preemption
  
• Wireless security
  
• Software testing and assessment tools

Other technical priorities include:

• Large-scale cyber situational awareness
• Secure process control systems
• Security of converged networks and heterogeneous traffic
• Detection of vulnerabilities and malicious code

Posted by Jon Erickson at 08:28 AM  Permalink