BOX 10.1

A Model Categorization for Understanding Budgets

The National Science Foundation (NSF) overview of the fiscal year 2004 awards for the Cyber Trust program and related awards included several substantive categorizations for the same awards, including the following:

  • Topic (security of next-generation operating systems and networking; forensic and law enforcement foundations; human-computer interface for security functions; cross-disciplinary approaches; theoretical foundations and mechanisms for privacy, security, trust; composable systems and policies; presenting security concepts to the average user; improved ability to certify system security properties; improved ability to analyze security designs and to build systems correctly; more effective system monitoring, anomaly detection, attack recognition and defense; and integrating hardware and software for security).

  • Security life-cycle phase (understanding what to build; building things right; preventing attacks; detecting/understanding attacks; surviving attacks; system recovery/reconstitution; and forensics/dealing with perpetrators).

  • Security disciplines (operating system, filesystem, storage security; net security; application/database/Web security; cryptography and applied cryptography; security/privacy/trust modeling and specification; secure system architecture; secure system development; security testing/evaluation; and forensics).

The NSF provided multiple categorizations, noting on the Web site (see the source in this box) that “most research projects have several dimensions, such as the expected time to yield results, where the project lies on scales ranging from empirical to theoretical work, from foundational to applied, and across domains and disciplines of study. Any attempt to group projects into categories will consequently succeed better for some than for others.” Accordingly, NSF presents multiple categorizations that constitute a framework for relating projects to each other and that provide an overall picture of the program.


big picture of federal activities in this area. One benefit is that program managers would be able to identify more easily excessive redundancy in research.17 A second benefit is that transparency would facilitate greater


The committee notes that some degree of redundancy in research is not necessarily inappropriate, as it can mean working on different approaches to similar problems. It is true that centralized priority-setting approaches generally seek to eliminate redundancy, but more often than not target all redundancy, whether useful or not. By contrast, conversations between program managers—who are closer to the research actually being performed and thus more knowledgable about the nuances of the research they support—are more likely to be able to identify excessive redundancies.

The National Academies of Sciences, Engineering, and Medicine
500 Fifth St. N.W. | Washington, D.C. 20001

Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement