'Trustworthy Cyberspace': Federal R&D Priorities

In December 2011, the Executive Office of the President’s

In December 2011, the Executive Office of the President’s National Science and Technology Council released Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program, a set of R&D priorities for U.S. government agencies.

The White House released Trustworthy Cyberspace to guide research, development, and funding by organizations DARPA, IARPA, and the DHS Science and Technology Directorate towards current deficiencies in cybersecurity, precluding future problems, and implementing new discoveries in the public and private sector.

The Strategic Plan outlines four broad research goals: inducing change, developing scientific foundations, maximizing research impact, and accelerating transition into practice. The project themes it looks for are designed-in security, tailored trustworthy spaces, presenting a moving target, and providing cyber economic incentives.

Several words and ideas crop up all over Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program. One is the emphasis on “game-changing” technology. The Executive Office has realized that cybersecurity is a tremendous and growing problem, and that current solutions are not enough for today’s problems, let alone the problems of tomorrow that the Strategic Plan aims to solve. The federal government has traditionally been behind the curve on new technology but the R&D plan hopes to reverse this trend by pushing for early adoption. It is also pushing for completely revolutionary solutions based on novel discoveries that would change the way we do cybersecurity rather than incremental improvements on current technology.

Another is agility. The solutions that the National Science and Technology Council seeks will allow for flexible levels of trust and protection for different tasks and users, and will be able to adapt to new threats and challenges. Not only should they protect against a wide range of vulnerabilities, they should be able to evolve to fight attack vectors that will emerge in the future. They must also be able to detect, counter, and remediate problems quickly with the help of automation, requiring Big Data solutions to speed analysis.

Rigorous metrics are a third theme that runs through the R&D priorities. How secure are our systems? How dangerous are the threats? What is the cost of a security measure versus a possible attack? There is not yet an established way to answer or examine these questions. Our understanding of security, vulnerabilities, and cyberspace is still in its infancy, and Trustworthy Cyberspace aims to apply scientific rigour to the field so that it leaves the realm of art and becomes a true science. This means using the scientific method of observation, hypothesis, testing, then theory to establish fundamental laws which will enable better modelling and prediction.