White House Unveils Cybersecurity R&D PlanEnding Piecemeal Approaches to Fed-Backed Infosec Research
The White House has issued a strategic plan that defines a set of interrelated priorities for federal agencies that conduct or sponsor research and development in cybersecurity.
See Also: Rethinking Endpoint Security
The Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program fulfills one of President Obama's cybersecurity goals outlined in his May 2009 White House speech when he declared cybersecurity a major administration priority (see The President's 10-Point Cybersecurity Action Plan).
It replaces the piecemeal approaches of the past with a set of coordinated research priorities that promises to "change the game," resulting in a trustworthy cyberspace, said John Holdren, assistant to the president for science and technology. "This plan identifies opportunities to engage the private sector in activities for transitioning promising R&D into practice," Holdren wrote in the introduction of the report. "It prioritizes the development of a 'science of security' to derive first principles and the fundamental building blocks of security and trustworthiness."
The strategic plan's authors say the R&D program promotes three main principles: that research must be aimed at underlying cybersecurity deficiencies and focused on root causes of vulnerabilities; the plan must channel expertise and resources from a wide range of disciplines and sectors; and the initiative must be able to adapt to changes in technologies and in the threat environment.
The panel that created the program identified what it characterizes as four strategic thrusts to organize activities and drive progress in cybersecurity R&D. They are:
- Inducing Change: Utilizing game-changing themes to direct efforts toward understanding the underlying root causes of known threats with the goal of disrupting the status quo with radically different approaches to improve the security of the critical cybersystems and infrastructure that serve society.
Developing Scientific Foundations: Fostering an organized, cohesive scientific foundation to the body of knowledge that informs the field of cybersecurity through adoption of a systematic, rigorous and disciplined scientific approach. The plan promotes the discovery of laws, hypothesis testing, repeatable experimental designs, standardized data-gathering methods, metrics, common terminology and critical analysis that engenders reproducible results and rationally based conclusions.
Maximizing Research Impact: Catalyzing integration across the game-changing R&D themes, cooperation between governmental and private-sector communities, collaboration across international borders and strengthened linkages to other national priorities, such as health IT and Smart Grid.
Accelerating Transition to Practice: Focusing efforts to ensure adoption and implementation of the powerful new technologies and strategies that emerge from the research themes, and the activities to build a scientific foundation so as to create measurable improvements in the cybersecurity landscape.
Writing in a White House blog, White House Cybersecurity Coordinator Howard Schmidt and Federal Chief Technology Officer Aneesh Chopra said it's imperative that the government fundamentally alter the dynamics in cybersecurity through the development of novel solutions and technologies given the magnitude and pervasiveness of cyberspace threats to nation's economy and security.
"The federal government is in a unique position to leverage its fundamental research resources to address the underlying causes of cybersecurity problems," they wrote. "Using this strategic plan as a road map, sustained efforts in these areas will result in a more secure and trustworthy cyberspace. We invite researchers and innovators in industry and academia to join us in this effort. Together, we can maximize the benefits of research and accelerate their transition into the marketplace."