Skip to Main Content
The National Academies of Sciences, Engineering and Medicine
Computer Science and Telecommunications Board
Computer Science and Telecommunications Board
Division on Engineering and Physical Sciences
Current Projects
Completed Projects
Publications by Year
Publications by Topic
News & Events
Cyber Forum
CSTB's Mission
CSTB's Impact
Board Membership

Contact Us
500 Fifth Street NW
Washington, DC
Phone: (202) 334-2605
Fax: (202) 334-2318

Follow CSTB on
Facebook and Twitter


CSTB is a part of the
Division on Engineering and Physical Sciences.

Sign up for the DEPS newsletter.



Improving Cybersecurity Research in the United States


 Toward a Safer and More Secure Cyberspace examines the vulnerabilities of the Internet and offers a strategy for future research aimed at countering cyber attacks. The report also explores the nature of online threats and some of the reasons why past research for improving cybersecurity has had less impact than anticipated.

Project Scope

The nation's critical infrastructure, such as the electric power grid, air traffic control system, financial system, and communication networks, depends upon networked information systems (NISs) for their operation. However, these NISs presently possess vulnerabilities that can be exploited by terrorists and malicious hackers because there is an inadequate understanding of what makes them vulnerable to attack, how best to reduce these vulnerabilities, and how to transfer cybersecurity knowledge to actual practice. In short, it appears that our nation's dependence on NISs has grown faster than our ability to address vulnerabilities.

At congressional hearings (e.g., House Science Committee) and other convenings of academic, industry and government representatives between 2001 and 2002, participants argued that new research funds, and possibly a new way of thinking about cybersecurity, are necessary to meet the urgent need to secure computer networks supporting the nation's critical infrastructure. In response, the U.S. Congress passed the Cyber Security Research and Development Act (PL 107-305, enacted November 27, 2002) which authorized this study to provide advice regarding the appropriate locus for federal cybersecurity research.

This project will involve a survey of the research effort in cybersecurity and trustworthiness to assess the current mix of topics, level of effort, division of labor, sources of funding, and quality; describe those research areas that merit federal funding, considering short-, medium-, and long-term emphases; and recommend the necessary level for federal funding in cybersecurity research. The study will address research topics traditionally associated with cybersecurity, as well as those related to improving the trustworthiness of networked information systems, with a focus on achieving fundamental strength rather than pursuing reactive approaches. This project will also seek to identify and explore models and technologies that are not traditionally associated with cybersecurity or computer system trustworthiness that, nevertheless, may generate ideas leading to revolutionary-not incremental-advances in cybersecurity research. Structural alternatives for the oversight and allocation of funding (how to best allocate existing funds and how best to program new funds that may be made available) will be considered and the project committee will provide corresponding recommendations.

The expertise required for this project includes the various specialties within computer security and other aspects of trustworthiness, computer networks, systems architecture, complex systems (both in the computer science context and in other domains such those based in the biological sciences), software engineering, process control systems (e.g., SCADA), human-computer interaction, organization theory and public administration, and information technology research and development programs (both operational and grant-making programs) in the federal government, academia, and industry. People experienced with federally funded programs will be involved, as well as people with experience in industrial research. Membership on the committee will be balanced among those with well-established expertise in areas traditionally associated with cybersecurity with those with expertise in other areas that may infuse creative and innovative ideas into how cybersecurity is conceived and researched in the future. The committee will solicit input from the broad research community, possibly through a workshop, to discuss creative and innovative approaches to cybersecurity.

The committee's report will be made publicly available in both a regular book length and a shorter version, both in print and on the World Wide Web. Briefings will be made to government leaders and members of the information technology research communities, as well as to members of interested industry and application domain groups.

Committee Members

Seymour (Sy) E. Goodman, Chair
Professor of International Affairs and Computing
Sam Nunn School of International Affairs
College of Computing
Georgia Institute of Technology

Fred B. Schneider, CSTB Liaison
Professor, Department of Computer Science
Director, Information Assurance Institute
Cornell University

David Aucsmith
Security Architect and Chief Technology Officer
Microsoft Corporation, Security Business Unit

Steven M. Bellovin
Professor, Computer Science Department
Columbia University

Joel S. Birnbaum
Independent Consultant

Anjan Bose
Dean, College of Engineering and Architecture
Distinguished Professor of Electric Power Engineering
Washington State University

Barbara Fraser
Senior Consulting Engineer
Cisco Systems, Inc.

James Gosler
Fellow for Information Operations Studies
Sandia National Laboratories

William Guttman
Distinguished Service Professor of Economics and Technology
H. John Heinz III School of Public Policy and Management
Carnegie Mellon University


Herbert S. Lin, Study Director and Senior Scientist
Ted Schmitt, Consultant
Janice Sabuda, Senior Program Assistant


National Institute of Standards and Technology (NIST)
Defense Advanced Research Project Agency (DARPA)
National Science Foundation
National Academy of Engineering


Ruby B. Lee
Forrest G. Harrick Professor of Engineering
Professor of Electrical Engineering
Princeton University

Fernando (Fred) Luiz
Division General Manager (retired)
Hewlett-Packard Company

Teresa F. Lunt
Principal Scientist and Area Manager, Security Group
Area Manager, Theory Group

Peter G. Neumann
Principal Scientist
SRI International

Stefan Savage
Assistant Professor of Computer Science and Engineering
University of California, San Diego

William L. Scherlis
Professor of Computer Science
Carnegie Mellon University

Alfred Z. Spector
Independent Consultant

John Wankmueller
Vice President for Electronic Security and Technology
MasterCard International

Jay Warrior
Director of Distributed Systems Research
Agilent Laboratories