The Obama Administration has outlined its road map of priorities for government agencies that sponsor research and development on cyber-security. The plan is the result of seven years of examination and consideration by cyber-security experts in both the private and public sector, Aneesh Chopra, U.S. CTO, and Howard Schmidt, the White House cyber-security coordinator, wrote on the Office of Science and Technology Policy (OSTP) blog.
The OSTP organized the government’s priorities into four major areas, or "thrusts," in a report titled "Trustworthy Cyberspace: Strategic Plan for the Federal Cyber-Security Research and Development Program," released Dec. 6.
The government wants to achieve greater cyber-space resiliency" by developing technology to enable secure software development, establishing economic incentives such as market-based, legal, regulatory or institutional interventions, defining strategies to help security professionals analyze and deploy mechanisms that increase cost and complexity for attackers, and developing distributed, trusted environments, according to the report.
In the first thrust, "Inducing Change," OSTP advocates the use of "game-changing" methods of problem-solving to understand the root causes of existing cyber-security deficiencies and to tackle existing problems with the "goal of disrupting the status quo," according to the report. The research in this area will focus on creating "moving targets" that will make it difficult for cyber-attackers to infiltrate computer networks.
The second thrust, "Developing Scientific Foundations," aims to treat cyber-security like any other scientific discipline by developing methods, techniques and control theories for attacks. Researchers will standardize data-gathering methods, establish common terminology and identify metrics, according to the report.
The third thrust, "Maximizing Research Impact," is about engaging the greater cyber-security research community and fostering connection with federal agencies for "maximum effectiveness." Agencies need to collaborate, coordinate and integrate their activities to improve cyber-security. The research also needs to be in line with the agency’s overall objectives, according to the OSTP.
Finally, the "Accelerate Transition to Practice" thrust looks for ways to shorten the time it takes for research to actually be put in practice and ways to commercialize it, according to the report. There’s a "chasm" between the research community and operations teams, and bridging the gap is necessary, according to the OSTP.
For more, read the eWeek article White House Releases Cyber-Security R&D Program Priorities.