Unclassified Abbreviated Version of a Classified Report
At the request of the Special Cyber Operations Research and Engineering (SCORE) Interagency Working Group and sponsored with assistance from the National Science Foundation and from the Office of the Director of National Intelligence, the National Academies of Sciences, Engineering, and Medicine1 appointed an expert committee, the Committee on Future Research Goals and Directions for Foundational Sciences in Cybersecurity, to explore future research goals and directions for cybersecurity. The statement of task for the study was as follows:
An ad hoc National Research Council committee will conduct a multi-phased sequential study to consider future research goals and directions for foundational science in cybersecurity, to include relevant efforts in economics and behavioral science as well as more “traditional” cybersecurity topics. It will also consider how investments in foundational work support mission needs in the long term. The committee will review current unclassified and classified cybersecurity research strategies, plans, and programs as well as requirements in both domains. It will consider major challenge problems, explore proposed new directions, identify gaps in the current portfolio, consider the complementary roles of research in unclassified and classified settings, and consider how foundational work in an unclassified setting can be translated to meet national security objectives. Phase 1 will involve preliminary data gathering and analysis by the committee but no report will be issued. In Phase 2, the committee will undertake additional data-gathering, analysis and deliberations. In Phase 3, the committee would extend its data-gathering and analysis from Phase 2. The study will result in two reports: (1) a public report at the conclusion of Phase 2 providing a high-level roadmap for foundational cybersecurity research based only on public domain information and (2) an additional, brief public report and a non-public classified annex as necessary reflecting the committee’s work in Phase 3.
This abbreviated report annex is a result of Phase 3. The Office of the Director of National Intelligence has determined that the annex prepared by the committee is classified in its entirety under Executive Order 13526 and therefore cannot be made available to the public. Prepared by the committee, this abbreviated annex provides background information on the full annex. The committee gathered additional input for this phase through a limited set of briefings that took place in May 2017. The committee appreciates the insights and perspectives provided by the experts from the Department of Homeland Security, the National Security Agency, the Defense Advanced Research Projects Agency, Cyber Pack Ventures, and ThreatConnect who presented briefings and shared perspectives.
The annex does not reprise the main points of the study that were published in the results of Phase 2. The committee hopes readers will read that unclassified report.2 These reports represent the cooperative effort of many people. The committee thanks the individuals who came to speak with us during the course of the study. Although scheduling meant that not all members were able to participate during Phase 3 activities, their work and insights during Phase 2 helped inform efforts in Phase 3.
1 Effective July 1, 2015, the institution is called the National Academies of Sciences, Engineering, and Medicine. References in this report to the National Research Council are used in an historic context identifying programs prior to July 1.
2 National Academies of Sciences, Engineering, and Medicine, 2017, Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions, Washington, DC: The National Academies Press, https://doi.org/10.17226/24676.
This page intentionally left blank.