scope and scale of federally funded cybersecurity research are seriously inadequate. To execute fully the broad strategy articulated in this report, a substantial increase in federal budgetary resources devoted to cybersecurity research will be needed. Nor should cybersecurity research remain in the computer science domain alone, and additional funding might well be used to support the pursuit of cybersecurity considerations in other closely related research endeavors, such as those related to creating high-assurance systems and the engineering of secure systems and software across entire system life cycles.
Establish a mechanism for continuing follow-up on a research agenda. Today, the scope and nature of cybersecurity research across the federal government are not well understood, least of all by government decision makers. An important first step would be for the government to build on the efforts of the National Coordination Office for Networking and Information Technology Research and Development to develop a reasonably complete picture of the cybersecurity research efforts that the government supports from year to year. To the best of the committee’s knowledge, no such coordinated picture exists.
Support research infrastructure. Making progress on any cybersecurity research agenda requires substantial attention to infrastructural issues. In this context, a cybersecurity research infrastructure refers to the collection of open testbeds, tools, data sets, and other things that enable research to progress and which allow research results to be implemented in actual IT products and services. Without an adequate research infrastructure, there is little hope for realizing the full potential of any research agenda.
Sustain and grow the human resource base. When new ideas are needed, human capital is particularly important. For the pool of cybersecurity researchers to expand to a sufficiently large level, would-be researchers must believe that there is a future to working in this field, a point suggesting the importance of adequate and stable research support for the field. Increasing the number of researchers in a field necessarily entails increased support for that field, since no amount of prioritization within a fixed budget will result in significantly more researchers. In addition, potential graduate students see stable or growing levels of funding as a signal about the importance of the field and the potential for professional advancement.