Federal CybersecurityResearch Agenda

June 2010

Dawn Meyerriecksdawn.c.meyerriecks@ugov.gov

Mission Spectrum

Hard Targets through Nation Building & Stabilization

Democratization of Technology

diydrones.com

lava-amp.com

local-motors.com

IT Mission Impacts

ODS

OIF

Kn

ow

led

ge

Sp

eed

Pre

cisi

on

Let

hal

ity

(A

ir 2

Gn

d O

PS

)

3200 ISRSortie Hours

RESULTS

1700 ISRSortie Hours

3X InfoHalf of the Hours

Footprint

7 Mos Buildup

< 3 Mos Buildup

Footprint# Ships

Msn Achieve tSpeed of Mnvr

10 % PGMs~ 30 SOF Teams

70 % PGMs~ 100 SOF Teams

PrecisionDecisions

Collat DamRQD Ord

10 % Integ Ops4 Acft/Tgt

90 % Integ Ops1 Acft/4 Tgt

EconomyOf Force

Heavy OrdRqmts

Scope

Cybersecurity: measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack.

<which underpins>

Information Assurance: the practice of managing risks related to the use, processing, storage, and transmission of information or data and the systems and processes used for those purposes.

Federal Cybersecurity Research Agenda

Tailored Trustworthy Spaces: supporting context-specific trust decisions

Moving Target: providing resilience through agility

Cyber Economics: providing incentives to good security

Tailored Trustworthy Space

• Flexible, distributed trust environment – Akin to physical world, where expectations and behaviors are based on

context User Empowerment via Edge Innovation

– Home, School, Library, Bank, Theatre, Church

• Enabling Informed Trust Decisions– Context-Specific Trust Services– Coherent Policy Implementation– Visible Rules & Attributes

• Challenges– Identifying Dimensions of a Tailored, Trustworthy Space– Policy Specification & Management– Validation of Platform Integrity– Violation Detection– Verifiable Separation of Spaces

Moving Target

• Controlled Change across Multiple System Dimensions– Increase uncertainty and apparent complexity for attackers, reduce their

windows of opportunity, increase their costs in time and effort– Increase resiliency and fault tolerance within a system

• Assumptions– All systems are compromised & perfect security is unattainable– Defensible systems, rather than perfectly secure– An adversarial science

• Challenges– Managing Moving Target Systems– Smart Movement– Developing the Ecosystem to Support Agility

Cyber Economic Incentives

• Impacts and Incentives– Motivators: Common good, Ease of Use (NOT Insurance)– Data-driven– Support for “personal data ownership”

• Enablers– Science-based Understanding of Market, Decision-Making and

Investment Motivation– Creation of Environments where Deployment of Security

Technology is Balanced

• Challenges– Legal and Ethical Collection, Protection Distribution– Lack of Data to Support Economic Analysis– Personal Information and Behavior– Empower of Critical Infrastructure Providers

Opportunities

• CLARITY– Clearly scope problem and potential solution– Don’t oversell!!

• REAL, COLLECTIVE INNOVATION– Traditional & Non-Traditional Partnering– Traditional & Non-Traditional Sourcing– Factor in “soft” as well as hard sciences

• COMMENT– FORUM: http://cybersecurity.nitrd.gov– eMail: cybersecurity@nitrd.gov

The Tech Community Must:

• Demonstrably Focus on Mission Outcomes

• Solve Problems Collaboratively

• Innovate Relentlessly

Catalyze delivery of innovative technology-based capabilities solving intelligence challenges.