CybersecurityGovernment outlines cybersecurity R&D priorities
The Obama administration recently unveiled its plan for government sponsored cybersecurity research and development programs
The Obama administration recently unveiledits plan for government sponsored cybersecurity research and development programs.
According to Aneesh Chopra, the chief technology officer for the U.S. government, the plan is the product of seven years of analysis by cybersecurity experts in both the private and public sector.
In a report titled “Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program,” the Office of Science and Technology (OSTP) broke the government’s research priorities down into four sections.
OSTP has dubbed its first section “Inducing Change,” in which the government hopes to develop “game-changing” methods to understand the primary causes behind existing cybersecurity weaknesses as well as how to overcome those gaps. Research in this area will focus on creating “moving targets” that will make it more difficult for cyberattackers to infiltrate computer networks.
The government’s second section, “Developing Scientific Foundations,” will work to develop scientific methods, techniques, and control theories for attacks. To that end, researchers will develop common standards for data-gathering methods, establish common terminology, and identify metrics.
In the government’s third priority section, “Maximizing Research Impact,” experts will engage the entirety of the cybersecurity research community and bolster interagency cooperation and knowledge sharing.
The last section, “Accelerate Transition to Practice,” is designed to expedite the time it takes to implement research theories in the field. The report said there is a schism between the research community and operations teams which must be bridged.
According to the report, the overall goal of the government’s research is to develop greater cybersecurity resiliency with technology that enables secure software development, economic incentives like market-based, legal, regulatory, or institutional interventions, and strategies to help security professionals make it more costly and difficult for attackers.