Feature Slides



2015 Federal Cybersecurity Research and Development Strategic Plan

In response to the Cybersecurity Enhancement Act of 2014 (https://www.congress.gov/bill/113th-congress/senate-bill/1353), federal agencies are developing an updated Federal cybersecurity research and development strategic plan. The strategic plan will be used to guide and coordinate federally-funded cybersecurity research.

Request For Information

On behalf of the agencies, the Cyber Security and Information Assurance Research and Development Senior Steering Group posted a Request for Information (RFI), seeking public input on research objectives for the strategic plan. The Request for Information was posted at: https://federalregister.gov/a/2015-09697

Submissions received to the RFI on Federal Cybersecurity R&D Strategic Plan:

The CSIA R&D SSG would like to thank all responders to this RFI. The submissions will be used to inform the development of the Federal Cybersecurity R&D Strategic Plan.





2011 Federal Cybersecurity Research and Development Strategic Plan

In 2011, Federal agencies released “Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program”, a strategic plan for cybersecurity research and development.

The strategic plan provides a framework for prioritizing Federal cybersecurity R&D in a way that concentrates research efforts on limiting current cyberspace deficiencies, precluding future problems, and expediting the infusion of research accomplishments into the marketplace. The main thrusts of the strategy are:

Achieving enduring trustworthiness of cyberspace requires new paradigms that re-balance security asymmetries of today’s landscape: the cost of simultaneously satisfying all the requirements of an ideal cybersecurity solution in a static system is impossibly high, and so we must enable sub-spaces in cyberspace to support different security policies and different security services for different types of interactions; the cost of attack is asymmetric, favoring the attacker, and so defenders must increase the cost of attack and must employ methods that enable them to continue to operate in the face of attack; the lack of meaningful metrics and economically sound decision making in security misallocates resources, and so we must promote economic principles that encourage the broad use of good cybersecurity practices and deter illicit activities.

Publications and references





Cybersecurity R&D Themes

↑ top

Tailored Trustworthy Spaces

Tailored Trustworthy Spaces (TTS) provide flexible, adaptive, distributed trust environments that can support functional and policy requirements arising from a wide spectrum of activities in the face of an evolving range of threats. A TTS recognizes the user’s context and evolves as the context evolves. The user chooses to accept the protections and risks of a tailored space, and the attributes of the space must be expressible in an understandable way to support informed choice and must be readily customized, negotiated and adapted.

The scientific challenge of tailored spaces is to provide the separation, isolation, policy articulation, negotiation, and requisite assurances to support specific cyber sub-spaces.

Research is required to develop:

↑ top

Moving Target

Research into Moving Target (MT) technologies will enable us to create, analyze, evaluate, and deploy mechanisms and strategies that are diverse and that continually shift and change over time to increase complexity and cost for attackers, limit the exposure of vulnerabilities and opportunities for attack, and increase system resiliency. The characteristics of a MT system are dynamically altered in ways that are manageable by the defender yet make the attack space appear unpredictable to the attacker.

MT strategies aim to substantially increase the cost of attacks by deploying and operating networks and systems in a manner that makes them less deterministic, less homogeneous, and less static.

Research is required to:

↑ top

Designed-In Security

The Designed-in Security (DIS) theme focuses on designing and producing software systems that are resistant to attacks by dramatically reducing the number of exploitable flaws. Using assurance-focused engineering practices, languages, and tools, software developers will be able to develop a system while simultaneously generating the assurance artifacts necessary to attest to the level of confidence in the system’s capabilities to withstand attack.

Research is required to develop:

↑ top

Cyber Economic Incentives

Cybersecurity practices lag behind technology. Solutions exist for many of the threats introduced by casual adversaries, but these solutions are not widely used because incentives are not aligned with objectives and resources are not correctly allocated. Secure practices must be incentivized if cybersecurity is to become ubiquitous, and sound economic incentives need to be based on sound metrics, processes that enable assured development, sensible and enforceable notions of liability and mature cost/risk analysis methods.

Research is required to:

↑ top

Science of Security

In anticipation of the challenges in securing the cyber systems of the future, we must develop an organized, cohesive foundation to the body of knowledge that informs the field of cybersecurity. Currently, we spend considerable intellectual energy on a patchwork of targeted, tactical activities, some of which lead to significant breakthroughs while others result in a seemingly endless chase to remedy individual vulnerabilities with solutions of limited scope. A more fruitful way to ground research efforts, and to nurture and sustain progress, is to develop a science of security. Developing a strong, rigorous scientific foundation to cybersecurity helps the field in the following ways: Organizes disparate areas of knowledge – Provides structure and organization to a broad-based body of knowledge in the form of testable models and predictions Enables discovery of universal laws – Produces laws that express an understanding of basic, universal dynamics against which to test problems and formulate explanations Applies the rigor of the scientific method – Approaches problems using a systematic methodology and discipline to formulate hypotheses, design and execute repeatable experiments, and collect and analyze data

Research is required to develop:




Publications and references


Assumption Busters 2011


Other Links