|At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues presents fundamental concepts and principles that serve as points of departure for understanding specific cybersecurity incidents or proposals to improve security.||Project Page|
|Professionalizing the Nation’s Cybersecurity Workforce? Criteria for Decision-Making considers the role that professionalization could play in enhancing workforce capacity and capability and sets forth criteria for when, where, and how to professionalize the cybersecurity workforce.||Project Page|
Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options (2010) examines governmental, economical, technical, legal, and psychological challenges involved in deterring cyber attacks. It addresses key issues and questions identified in Letter Report from the Committee on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy.
Individual papers and summaries.
|Biometric Recognition: Challenges and Opportunities (2010) presents a broad and comprehensive assessment of biometric recognition systems -- articulating design and operational considerations as well as outlining a research agenda to bolster the scientific and engineering underpinnings of these systems. ||Project Page|
| ||Toward Better Usability, Security, and Privacy of Information Technology (2010) identifies research opportunities and ways to embed usability considerations in design and development related to security and privacy, and vice versa.|| Project Page|
| ||Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities (2009) concludes that although cyberattack capabilities are an important asset for the United States, the current policy and legal framework for their use is ill-formed, undeveloped, and highly uncertain and that U.S. policy should be informed by an open and public national debate on technological, policy, legal, and ethical issues they pose.|| Project Page|
| ||Toward a Safer and More Secure Cyberspace (2007) explores the nature of online threats, considers some of the reasons why past research for improving cybersecurity has had less impact than anticipated, and offers a strategy for future research aimed at countering cyber attacks.|| Project Page|
| ||Software for Dependable Systems: Sufficient Evidence? (2007) discusses how the growing use and complexity of software necessitates a different approach to dependability and recommends an evidence-based approach to achieving greater dependability and confidence.||Project Page |
| ||Critical Information Infrastructure Protection and the Law: An Overview of Key Issues (2003) discusses antitrust, FOIA, and liability as factors in protecting critical information infrastructure, given technical and economic conditions.|| Project Page|
| ||Who Goes There? Authentication Through the Lens of Privacy (2003) describes and examines issues, concepts, and techniques for authentication from the perspective of how they implicate privacy—and how adverse impacts on privacy might be contained.|| Project Page|
| ||Cybersecurity Today and Tomorrow: Pay Now or Pay Later (2002) Recaps highlights from past CSTB security reports with a focus on issue identification and practical guidance.|| |
| ||IDs -- Not That Easy: Questions About Nationwide Identity Systems (2002) outlines challenging policy, process, and technological issues presented by nationwide identity systems.|| Project Page|
| ||Trust in Cyberspace (1999) provides an assessment of the state of the art procedures for building trustworthy networked information systems; proposes directions for research in computer and network security, software technology, and system architecture; and assesses current technical and market trends in order to better inform public policy as to where progress is likely and where incentives could help.|| |
| ||Cryptography's Role in Securing the Information Society (1996) describes the growing importance of encryption, relating a government interests to interests in the spread and control of encryption, and recommends policy changes.|| |
| ||Computers at Risk: Safe Computing in the Information Age (1991), an enduring primer for information security, explains key concepts and terms, outlines the technology and procedures that give rise to and can alleviate security problems, relates security to complementary concerns such as privacy and safety, and describes the private and public sector institutional contexts.|| |