NITRD -> Publication Library 

NITRD Publication Library

CSIA IWG Cybersecurity R&D Recommendations

Category: Federal Plans
Available Format: PDF
Pages: 18
View Full Text:

The President’s Cyberspace Policy Review challenges the Federal community to develop a framework for research and development strategies that focus on game-changing technologies that can significantly enhance the trustworthiness of cyberspace.

The Cybersecurity Game-Change Research and Development (R&D) Recommendations, coordinated through the Federal Networking and Information Technology Research and Development (NITRD) Program ( and its Cyber Security Information Assurance (CSIA) Interagency Working Group (IWG), have identified three (3) initial R&D themes to exemplify and motivate future Federal cybersecurity research activities: (a) Moving Target, (b) Tailored Trustworthy Spaces, and (c) Cyber Economic Incentives. While these themes do not themselves constitute a prioritized research agenda, they inspire new and different ways of thinking about problems and provoke novel solutions to develop technologies that provide increases in cybersecurity.

These three themes challenge some of the fundamental assumptions that have traditionally provided a foundation for cybersecurity research and, in doing so, offer the promise of changing the game in cybersecurity. The intent is not to aspire to develop the perfectly secure system, or to hope to develop universally useful security mechanisms that satisfy all cybersecurity needs. Rather, the aim is to develop methods that elude attackers, to focus on systems tailored to address risks relevant to specific information and transactions, to create an economic framework that identifies the motivations of cyber users and to develop market forces that incentivize good behavior. This attention shift is motivated by an understanding of the extreme dynamism and complexity of cyberspace and is based on the following hypotheses:

  • The cost of attack is asymmetric, and favors the attacker. Defenders must exponentially increase the cost of attack and must employ methods that enable them to continue to operate in the face of attack.

  • The cost of simultaneously satisfying all the cybersecurity requirements of an ideal system is prohibitive. Sub-spaces must be enabled to support varying security policies and services for different types of interactions.

  • The lack of meaningful metrics and economically sound decision making in security results in a misallocation of resources. Economic principles must be promoted that encourage the broad use of good cybersecurity practices and deter illicit activities.