Publications

Toward a Safer and More Secure Cyberspace examines the vulnerabilities of the Internet and offers a strategy for future research aimed at countering cyber attacks. The report also explores the nature of online threats and some of the reasons why past research for improving cybersecurity has had less impact than anticipated.

Project Scope

The nation's critical infrastructure, such as the electric power grid, air traffic control system, financial system, and communication networks, depends upon networked information systems (NISs) for their operation. However, these NISs presently possess vulnerabilities that can be exploited by terrorists and malicious hackers because there is an inadequate understanding of what makes them vulnerable to attack, how best to reduce these vulnerabilities, and how to transfer cybersecurity knowledge to actual practice. In short, it appears that our nation's dependence on NISs has grown faster than our ability to address vulnerabilities.

At congressional hearings (e.g., House Science Committee) and other convenings of academic, industry and government representatives between 2001 and 2002, participants argued that new research funds, and possibly a new way of thinking about cybersecurity, are necessary to meet the urgent need to secure computer networks supporting the nation's critical infrastructure. In response, the U.S. Congress passed the Cyber Security Research and Development Act (PL 107-305, enacted November 27, 2002) which authorized this study to provide advice regarding the appropriate locus for federal cybersecurity research.

This project will involve a survey of the research effort in cybersecurity and trustworthiness to assess the current mix of topics, level of effort, division of labor, sources of funding, and quality; describe those research areas that merit federal funding, considering short-, medium-, and long-term emphases; and recommend the necessary level for federal funding in cybersecurity research. The study will address research topics traditionally associated with cybersecurity, as well as those related to improving the trustworthiness of networked information systems, with a focus on achieving fundamental strength rather than pursuing reactive approaches. This project will also seek to identify and explore models and technologies that are not traditionally associated with cybersecurity or computer system trustworthiness that, nevertheless, may generate ideas leading to revolutionary-not incremental-advances in cybersecurity research. Structural alternatives for the oversight and allocation of funding (how to best allocate existing funds and how best to program new funds that may be made available) will be considered and the project committee will provide corresponding recommendations.

The expertise required for this project includes the various specialties within computer security and other aspects of trustworthiness, computer networks, systems architecture, complex systems (both in the computer science context and in other domains such those based in the biological sciences), software engineering, process control systems (e.g., SCADA), human-computer interaction, organization theory and public administration, and information technology research and development programs (both operational and grant-making programs) in the federal government, academia, and industry. People experienced with federally funded programs will be involved, as well as people with experience in industrial research. Membership on the committee will be balanced among those with well-established expertise in areas traditionally associated with cybersecurity with those with expertise in other areas that may infuse creative and innovative ideas into how cybersecurity is conceived and researched in the future. The committee will solicit input from the broad research community, possibly through a workshop, to discuss creative and innovative approaches to cybersecurity.

The committee's report will be made publicly available in both a regular book length and a shorter version, both in print and on the World Wide Web. Briefings will be made to government leaders and members of the information technology research communities, as well as to members of interested industry and application domain groups.

Committee Members