Cybersecurity R&D agenda unveiled

The 2003 Cyber Security Research and Development Agenda

The Institute for Information Infrastructure Protection (I3P) has unveiled its 2003 Cyber Security Research and Development Agenda, which identifies critical areas that require significant research and development to help secure the nation's information infrastructure.

The agenda, announced Jan. 30, outlines eight crucial R&D gaps that are not being sufficiently addressed by ongoing government, private-sector or academic research.

The I3P, a consortium of 23 leading cybersecurity research institutions from academia, national labs and nonprofit organizations, is funded by the Commerce Department's National Institute of Standards and Technology.

"Our hope is that this agenda will become a useful guide for research communities and research funding managers," said Michael Vatis, chairman of I3P.

The agenda will help the White House's Office of Science and Technology Policy better coordinate R&D efforts across government agencies, said Sharon Hays, deputy associate director for technology at the office.

"We need to improve the ability to secure" the nation's infrastructure, she said. "We need technology to do that." And to implement the right technology, government needs a better understanding of what research is not being done. The agenda helps lay the groundwork to solve that problem, she said.

I3P received input, gathered over nine months in 2002, from more than 900 experts and security professionals from the private sector, academia and government, Vatis said.

Building on work by other private and public organizations focused on cybersecurity, I3P identified the following critical eight R&D areas:

* Enterprise security management: Research on managing enterprisewide policies, defining and maintaining a targeted risk posture, and addressing specific concerns such as the insider threat.

* Trust among distributed autonomous parties: Research on new trust models that involve interactions among organizations, systems, individuals and devices ranging from mobile phones to desktop computers.

* Discovery and analysis of security properties and vulnerabilities: Focuses on tools and techniques required to analyze codes, devices and systems in complex, large-scale environments.

* Secure system and network response and recovery: Focuses on providing holistic approaches to infrastructure recovery and reconstitution such as automated response. Research into prediction and pre-incident detection is also required.

* Traceback, identification and forensics: Research to determine attack sources and methods.

* Wireless security: Research to develop the basic science of wireless security and ensure security is an integral part of wireless networks.

* Metrics and models: Research on tools that express the cost, benefits and impacts of choices across economic, organizational, technical and risk considerations.

* Law, policy and economics: Focuses on developing a sophisticated understanding of the legal, economic, policy and technological forces that shape information infrastructure protection to better understand the potential impacts of policy.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.