National Academies Press: OpenBook

Toward a Safer and More Secure Cyberspace (2007)

Chapter: Part II An Illustrative Research Agenda

« Previous: 3 Improving the Nation's Cybersecurity Posture
Suggested Citation:"Part II An Illustrative Research Agenda." National Research Council and National Academy of Engineering. 2007. Toward a Safer and More Secure Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/11925.
×

Part II
An Illustrative Research Agenda

Part II presents one illustrative research agenda that might be constructed to further the goals described in Part I. The first four categories of the agenda (Chapters 4 through 7) constitute what might be regarded as primary areas of programmatic focus. The fifth category (Chapter 8) is a broad, crosscutting category that draws on parts of the first four categories but focuses on bringing them together in the context of specific cybersecurity problems. The sixth category (Chapter 9) contains what might be regarded as speculative ideas that are worth some effort to investigate. Table II.1 maps the topics described in this research agenda to the provisions of the Cybersecurity Bill of Rights described in Chapter 3.

The areas of programmatic focus were selected on the basis of their high importance. (Here, “importance” is characterized by the enormous benefits that would flow from progress in those domains.) Fruitful results in these areas would significantly increase the security of the technology base on which information technology (IT) applications are built and increase the likelihood of incorporating those results into these applications. Such incorporation, on a large scale, would in turn significantly improve the nation’s cybersecurity posture.

At the same time, the research described within each area of programmatic focus is fairly broad. This breadth is based on the committee’s belief that excessive priority setting in the cybersecurity research field runs significant risks of leaving the nation unprepared for a rapidly changing cybersecurity environment. The committee cautions policy makers strongly against neglecting potentially important topics in their quest to prioritize research. Moreover, because there will always be incentives and opportunities to attack IT-based systems in the future, it would be a profound mistake to believe that the committee’s specific research agenda—or any other one that any other group might create—can “solve the problem” of cybersecurity once and for all. The committee emphasizes that the specific topics covered in Part II constitute representative examples of possible research within the four areas of programmatic focus and not specific priorities within those areas.

Suggested Citation:"Part II An Illustrative Research Agenda." National Research Council and National Academy of Engineering. 2007. Toward a Safer and More Secure Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/11925.
×

TABLE II.1 Mapping Research Topics to the 10 Provisions of the Committee’s Cybersecurity Bill of Rights

Research Topicsa

I

II

III

IV

Availability

Recovery

Control

Confidentiality

Category 1—Blocking and Limiting the Impact of Compromise

 

 

 

 

4.1-Secure design, development, and testing

X

X

X

X

4.2-Graceful degradation and recovery

X

X

X

 

4.3-Software and systems assurance

X

 

X

X

Category 2—Enabling Accountability

 

 

 

 

5.1-Attribution

 

 

 

X

5.2-Misuse and anomaly detection systems

X

X

 

 

5.3-Digital rights management

 

 

 

X

Category 3—Promoting Deployment

 

 

 

 

6.1-Usable security

 

 

 

X

6.2-Exploitation of previous work

X

X

X

X

6.3-Cybersecurity metrics

 

 

X

 

6.4-The economics of cybersecurity

X

X

X

X

6.5-Security policies

X

 

X

X

Category 4—Deterring Would-Be Attackers and Penalizing Attackers

 

 

 

 

7.1-Legal issues related to cybersecurity

X

X

X

X

7.2-Honeypots

 

 

X

 

7.3-Forensics

 

 

X

 

Suggested Citation:"Part II An Illustrative Research Agenda." National Research Council and National Academy of Engineering. 2007. Toward a Safer and More Secure Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/11925.
×

V

VI

VII

VIII

IX

X

Authentication

Flow Control

Application

Access

Awareness

Justice

X

X

X

X

X

X

 

 

X

X

 

 

X

 

X

X

X

 

X

X

X

X

 

X

 

 

X

 

 

X

 

X

 

 

 

X

X

X

X

X

 

 

X

X

X

X

X

X

 

 

 

 

X

X

X

X

X

X

X

 

X

X

X

 

X

X

X

X

X

X

X

X

 

 

 

 

X

X

 

 

 

 

X

X

Suggested Citation:"Part II An Illustrative Research Agenda." National Research Council and National Academy of Engineering. 2007. Toward a Safer and More Secure Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/11925.
×

Research Topicsa

I

II

III

IV

Availability

Recovery

Control

Confidentiality

Category 5—Illustrative Crosscutting Problem-Focused Research Areas

 

 

 

 

8.1-Security for legacy systems

X

X

X

X

8.2-The role of secrecy in cyberdefense

X

X

X

X

8.3-Insider threats

 

 

X

 

8.4-Security in nontraditional computing environments and in the context of use

X

X

X

X

8.5-Secure network architectures

X

 

X

X

8.6-Attack characterization

X

 

X

 

8.7-Coping with denial-of-service attacks

X

X

 

 

8.8-Dealing with spam

 

 

X

 

Category 6—Speculative Research

 

 

 

 

9.1-A cyberattack research activity

X

X

X

X

9.2-Biological approaches to security

X

X

X

X

9.3-Using attack techniques for defensive purposes

X

X

X

X

9.4-Cyber-retaliation

X

X

X

X

NOTE: Some imprecision in this mapping is freely acknowledged, in the sense that a number of the specific mappings mentioned are the result of judgment calls that might be different if a different set of individuals were to make those judgments.

As presented in Chapter 3 of this report, the 10 provisions of the Cybersecurity Bill of Rights are as follows:

I. Availability of system and network resources to legitimate users.

II. Easy and convenient recovery from successful attacks.

III. Control over and knowledge of one’s own computing environment.

IV. Confidentiality of stored information and information exchange.

V. Authentication and provenance.

VI. The technological capability to exercise fine-grained control over the flow of information in and through systems.

Suggested Citation:"Part II An Illustrative Research Agenda." National Research Council and National Academy of Engineering. 2007. Toward a Safer and More Secure Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/11925.
×

V

VI

VII

VIII

IX

X

Authentication

Flow Control

Application

Access

Awareness

Justice

X

X

X

X

X

 

X

X

X

X

X

 

X

 

X

 

 

X

X

X

X

X

X

X

X

X

X

X

X

 

 

 

X

 

X

X

 

 

X

X

 

 

 

 

X

X

 

X

X

X

X

X

X

X

X

X

X

X

X

 

X

X

X

X

X

 

X

X

X

X

X

X

VII. Security in using computing directly or indirectly in important applications, including financial, health care, and electoral transactions, and real-time remote control of devices that interact with physical processes.

VIII. The ability to access any source of information (e.g., e-mail, Web page, file) safely.

IX. Awareness of what security is actually being delivered by a system or component.

X. Justice for security problems caused by another party.

aThe numbering of each research topic corresponds with the numbering of the section on that topic in Chapter 4 through Chapter 9.

Suggested Citation:"Part II An Illustrative Research Agenda." National Research Council and National Academy of Engineering. 2007. Toward a Safer and More Secure Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/11925.
×

This page intentionally left blank.

Suggested Citation:"Part II An Illustrative Research Agenda." National Research Council and National Academy of Engineering. 2007. Toward a Safer and More Secure Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/11925.
×
Page 77
Suggested Citation:"Part II An Illustrative Research Agenda." National Research Council and National Academy of Engineering. 2007. Toward a Safer and More Secure Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/11925.
×
Page 78
Suggested Citation:"Part II An Illustrative Research Agenda." National Research Council and National Academy of Engineering. 2007. Toward a Safer and More Secure Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/11925.
×
Page 79
Suggested Citation:"Part II An Illustrative Research Agenda." National Research Council and National Academy of Engineering. 2007. Toward a Safer and More Secure Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/11925.
×
Page 80
Suggested Citation:"Part II An Illustrative Research Agenda." National Research Council and National Academy of Engineering. 2007. Toward a Safer and More Secure Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/11925.
×
Page 81
Suggested Citation:"Part II An Illustrative Research Agenda." National Research Council and National Academy of Engineering. 2007. Toward a Safer and More Secure Cyberspace. Washington, DC: The National Academies Press. doi: 10.17226/11925.
×
Page 82
Next: 4 Category 1 - Blocking and Limiting the Impact of Compromise »
Toward a Safer and More Secure Cyberspace Get This Book
×
Buy Paperback | $67.00 Buy Ebook | $54.99
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

Given the growing importance of cyberspace to nearly all aspects of national life, a secure cyberspace is vitally important to the nation, but cyberspace is far from secure today. The United States faces the real risk that adversaries will exploit vulnerabilities in the nation’s critical information systems, thereby causing considerable suffering and damage. Online e-commerce business, government agency files, and identity records are all potential security targets.

Toward a Safer and More Secure Cyberspace examines these Internet security vulnerabilities and offers a strategy for future research aimed at countering cyber attacks. It also explores the nature of online threats and some of the reasons why past research for improving cybersecurity has had less impact than anticipated, and considers the human resource base needed to advance the cybersecurity research agenda. This book will be an invaluable resource for Internet security professionals, information technologists, policy makers, data stewards, e-commerce providers, consumer protection advocates, and others interested in digital security and safety.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    Switch between the Original Pages, where you can read the report as it appeared in print, and Text Pages for the web version, where you can highlight and search the text.

    « Back Next »
  6. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  7. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  8. ×

    View our suggested citation for this chapter.

    « Back Next »
  9. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!