Skip to Main Content
The National Academies of Sciences, Engineering and Medicine
Computer Science and Telecommunications Board
Computer Science and Telecommunications Board
Division on Engineering and Physical Sciences
Current Projects
Completed Projects
Publications by Year
Publications by Topic
News & Events
Cyber Forum
CSTB's Mission
CSTB's Impact
Board Membership

Contact Us
500 Fifth Street NW
Washington, DC
Phone: (202) 334-2605
Fax: (202) 334-2318

Follow CSTB on
Facebook and Twitter


CSTB is a part of the
Division on Engineering and Physical Sciences.

Sign up for the DEPS newsletter.



CSTB Cybersecurity and Trustworthiness Projects and Reports

Ongoing Projects
The Forum on Cyber Resilience facilitates and enhances the exchange of ideas among scientists, practitioners, and policy makers concerned with urgent and important issues related to the resilience of the nation’s computing and communications systems, including the Internet, other critical infrastructures, and commercial systems. 



2018 Recoverability
Recoverability as a First-Class Security Objective summarizes presentations and discussions from a Feb. 2018 Forum on Cyber Resilience workshop on how to restore normal operations and security following an attack or failure of software or hardware.  
2018 Securing the VoteSecuring the Vote: Protecting American Democracy recommends steps that the federal government, state and local governments and election administrators can take to make elections more secure, accessible, reliable, and verifiable. 
2017 Software UpdateSoftware Update as a Mechanism for Resilience and Security: Proceedings of a Workshop. Software Update is an important mechanism by which security changes and improvements are made in software, and this seemingly simple concept encompasses a wide variety of practices, mechanisms, policies, and technologies. To explore the landscape further, the Forum on Cyber Resilience hosted a workshop featuring invited speakers from government, the private sector, and academia. This publication summarizes the presentations and discussions from the workshop. 
2017_Cybersecurity FoundationsFoundational Cybersecurity Research: Improving Science, Engineering, and Institutions focuses on foundational research strategies and on building collaborative links across disciplines and between research and practice. 
2014_cyberprimerAt the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues presents fundamental concepts and principles that serve as points of departure for understanding specific cybersecurity incidents or proposals to improve security.Project Page
2013 Professionalization releaseProfessionalizing the Nation’s Cybersecurity Workforce? Criteria for Decision-Making considers the role that professionalization could play in enhancing workforce capacity and capability and sets forth criteria for when, where, and how to professionalize the cybersecurity workforce.Project Page
Critical Code: Software Producibility for Defense (2010) assesses the growing importance of software for national security and examines how the U.S. Department of Defense can most effectively meet its future software needs. 
Project Page

Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options (2010) examines governmental, economical, technical, legal, and psychological challenges involved in deterring cyber attacks. It addresses key issues and questions identified in Letter Report from the Committee on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy.

Individual papers and summaries.

Project Page
2010_biometricsBiometric Recognition: Challenges and Opportunities (2010) presents a broad and comprehensive assessment of biometric recognition systems -- articulating design and operational considerations as well as outlining a research agenda to bolster the scientific and engineering underpinnings of these systems.
Project Page
 2010_UsabilityToward Better Usability, Security, and Privacy of Information Technology (2010) identifies research opportunities and ways to embed usability considerations in design and development related to security and privacy, and vice versa. Project Page
 2009 OIW finalTechnology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities (2009) concludes that although cyberattack capabilities are an important asset for the United States, the current policy and legal framework for their use is ill-formed, undeveloped, and highly uncertain and that U.S. policy should be informed by an open and public national debate on technological, policy, legal, and ethical issues they pose. Project Page
2007_toward_safer_cyberspace Toward a Safer and More Secure Cyberspace (2007) explores the nature of online threats, considers some of the reasons why past research for improving cybersecurity has had less impact than anticipated, and offers a strategy for future research aimed at countering cyber attacks. Project Page
 2007_software_dependable_sysSoftware for Dependable Systems: Sufficient Evidence? (2007) discusses how the growing use and complexity of software necessitates a different approach to dependability and recommends an evidence-based approach to achieving greater dependability and confidence.Project Page
 2003_critical_info_infrastructureCritical Information Infrastructure Protection and the Law: An Overview of Key Issues (2003) discusses antitrust, FOIA, and liability as factors in protecting critical information infrastructure, given technical and economic conditions. Project Page
 2003_who_goes_thereWho Goes There? Authentication Through the Lens of Privacy (2003) describes and examines issues, concepts, and techniques for authentication from the perspective of how they implicate privacy—and how adverse impacts on privacy might be contained. Project Page
 2002_cybersecurity_todayCybersecurity Today and Tomorrow: Pay Now or Pay Later (2002) Recaps highlights from past CSTB security reports with a focus on issue identification and practical guidance. 
 2002_IDs_not_that_easyIDs -- Not That Easy: Questions About Nationwide Identity Systems (2002) outlines challenging policy, process, and technological issues presented by nationwide identity systems. Project Page
 1999_trust_in_cyberspaceTrust in Cyberspace (1999) provides an assessment of the state of the art procedures for building trustworthy networked information systems; proposes directions for research in computer and network security, software technology, and system architecture; and assesses current technical and market trends in order to better inform public policy as to where progress is likely and where incentives could help. 
 1996_cryptographys_roleCryptography's Role in Securing the Information Society (1996) describes the growing importance of encryption, relating a government interests to interests in the spread and control of encryption, and recommends policy changes. 
 1991_computers_at_riskComputers at Risk: Safe Computing in the Information Age (1991), an enduring primer for information security, explains key concepts and terms, outlines the technology and procedures that give rise to and can alleviate security problems, relates security to complementary concerns such as privacy and safety, and describes the private and public sector institutional contexts.