Public Comment Period on NITRD Cybersecurity R&D Themes
During May 19 – June 18, 2010, the National Coordination Office (NCO) for the Federal Networking and Information Technology Research and Development (NITRD) Program held a public comment period on the Federal cybersecurity game-change research and development agenda. Respondents provided input via a forum at http://cybersecurity.nitrd.gov/forum. The NCO would like to thank all participants who contributed during the public comment period.
The President’s Cyberspace Policy Review, the Comprehensive National Cybersecurity Initiative, and numerous other reviews and draft legislation, all identify the need for a coordinated Federal cybersecurity research agenda to foster the pursuit of game-changing ideas for cybersecurity methods and technology. To focus research efforts, the NITRD Program has identified three initial themes to direct attention to investigations that change the game to enable risk-aware safe operations in compromised environments; increase adversaries’ costs and exposure and support informed trust decisions; and allowing for effective risk/benefit analyses and implementations.
The following questions were posed to the public during the comment period:
• How might the three themes be refined or enhanced to further improve cyberspace?
• What are the research, development, implementation and other challenges in achieving the goals under each theme?
• What state-of-the-art activities and use-cases can be cited in support of the three themes?
• How would your organization’s future vision support or incorporate the three themes?
• Should there be a private sector organization to act as a partner to the public sector in a continuing game-change process?
• What mechanisms would support a sustainable process to drive change envisioned by the three themes?
The received input was reviewed against these considerations: (1) improving the understanding of the three R&D themes, (2) contributing to the development of a research agenda, (3) identifying important activities relevant to the three themes, and (4) informing the planning of Federal programs in cybersecurity R&D. The following contributions have been identified:
• The research should address not only how the moving target capabilities will be implemented but also how the existing "stationary" systems might evolve towards the new state.
• Should moving target systems incorporate checkpointing (and rollbacks) as a means to establish verifiable state and to increase fault tolerance? What mechanisms are necessary to assure a ‘correct’ state of a moving target system?
• Success with creating tailored trustworthy spaces may eventually alleviate the need for moving target systems.
• Should instances of electronic supply chains be considered a type of Tailored Trustworthy Space?
• Moving Target defenses should guard against producing predictable responses to cyber attacks and thereby giving attackers a mechanism to invoke a particular response and use it to their own advantage.
• Microsoft’s U-Prove cryptographic technology to reconcile security and privacy requirements in electronic communication and transaction systems
• The government can improve industry/government collaboration by strengthening programs that provide for temporary job assignments in the government for employees from for-profit companies
• Support innovation incubators to accelerate the development and maturation of innovative ideas