Additional Observations on Foundational
Cybersecurity Research: Improving Science,
Engineering, and Institutions: An Annex
Unclassified Abbreviated Version of a Classified Report
Committee on Future Research Goals and Directions for Foundational Sciences in Cybersecurity
Computer Science and Telecommunications Board
Division on Engineering and Physical Sciences
A Consensus Study Report of
THE NATIONAL ACADEMIES PRESS
Washington, DC
www.nap.edu
THE NATIONAL ACADEMIES PRESS 500 Fifth Street, NW Washington, DC 20001
This project was supported by the National Security Agency with assistance from the Office of the Director of National Intelligence under award number 2014-14041100003-003 and assistance from the National Science Foundation under award number CNS-1400278. Any opinions, findings, conclusions, or recommendations expressed in this publication do not necessarily reflect the views of any organization or agency that provided support for this project.
Digital Object Identifier: https://doi.org/10.17226/ 24949
Copyright 2017 by the National Academy of Sciences. All rights reserved.
Printed in the United States of America
National Academies of Sciences, Engineering, and Medicine. 2017. Additional Observations on Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions: An Annex—Abbreviated Version of a Classified Report. Washington, DC: The National Academies Press. doi: https://doi.org/10.17226/ 24949.
The National Academy of Sciences was established in 1863 by an Act of Congress, signed by President Lincoln, as a private, nongovernmental institution to advise the nation on issues related to science and technology. Members are elected by their peers for outstanding contributions to research. Dr. Marcia McNutt is president.
The National Academy of Engineering was established in 1964 under the charter of the National Academy of Sciences to bring the practices of engineering to advising the nation. Members are elected by their peers for extraordinary contributions to engineering. Dr. C. D. Mote, Jr., is president.
The National Academy of Medicine (formerly the Institute of Medicine) was established in 1970 under the charter of the National Academy of Sciences to advise the nation on medical and health issues. Members are elected by their peers for distinguished contributions to medicine and health. Dr. Victor J. Dzau is president.
The three Academies work together as the National Academies of Sciences, Engineering, and Medicine to provide independent, objective analysis and advice to the nation and conduct other activities to solve complex problems and inform public policy decisions. The National Academies also encourage education and research, recognize outstanding contributions to knowledge, and increase public understanding in matters of science, engineering, and medicine.
Learn more about the National Academies of Sciences, Engineering, and Medicine at www.nationalacademies.org.
Reports document the evidence-based consensus of an authoring committee of experts. Reports typically include findings, conclusions, and recommendations based on information gathered by the committee and committee deliberations. Reports are peer reviewed and are approved by the National Academies of Sciences, Engineering, and Medicine.
Proceedings chronicle the presentations and discussions at a workshop, symposium, or other convening event. The statements and opinions contained in proceedings are those of the participants and have not been endorsed by other participants, the planning committee, or the National Academies of Sciences, Engineering, and Medicine.
For information about other products and activities of the National Academies, please visit nationalacademies.org/whatwedo.
COMMITTEE ON FUTURE RESEARCH GOALS AND DIRECTIONS FOR FOUNDATIONAL SCIENCES IN CYBERSECURITY
BARUCH FISCHHOFF, NAS1/NAM,2 Carnegie Mellon University, Co-Chair
PETER WEINBERGER, Google, Inc., Co-Chair
JANDRIA S. ALEXANDER, The Aerospace Corporation
ANNIE ANTON, Georgia Institute of Technology
STEVEN M. BELLOVIN, NAE,3 Columbia University
SEYMOUR E. GOODMAN, Georgia Institute of Technology
RONALD L. GRAHAM, NAS, University of California, San Diego
CARL E. LANDWEHR, Independent Consultant
STEVEN B. LIPNER, NAE, Software Assurance Forum for Excellence in Code
ROY A. MAXION, Carnegie Mellon University
GREG MORRISETT, Cornell University
BRIAN SNOW, Independent Consultant
PHIL VENABLES, Goldman Sachs
STEVEN J. WALLACH, NAE, Micron Technology
Staff
LYNETTE I. MILLETT, Associate Director and Senior Program Officer
___________________
1 Member, National Academy of Sciences.
2 Member, National Academy of Medicine.
3 Member, National Academy of Engineering.
COMPUTER SCIENCE AND TELECOMMUNICATIONS BOARD
FARNAM JAHANIAN, Carnegie Mellon University, Chair
ANDRÉ BARRASO, Google, Inc.
STEVE M. BELLOVIN, NAE,1 Columbia University
ROBERT F. BRAMMER, Brammer Technology, LLC
DAVID CULLER, NAE, University of California, Berkeley
EDWARD FRANK, Cloud Parity, Inc.
LAURA HAAS, NAE, University of Massachusetts, Amherst
MARK HOROWITZ, NAE, Stanford University
ERIC HORVITZ, NAE, Microsoft
VIJAY KUMAR, NAE, University of Pennsylvania
BETH MYNATT, Georgia Tech
CRAIG PARTRIDGE, Raytheon BBN Technologies
DANIELA RUS, NAE, MIT
FRED B. SCHNEIDER, NAE, Cornell University
MARGO SELTZER, Harvard University
JOHN STANKOVIC, University of Virginia
MOSHE VARDI, NAS2/NAE, Rice
KATHERINE YELICK, NAE, University of California, Berkeley
Staff
JON EISENBERG, Director
LYNETTE I. MILLETT, Associate Director
SHENAE BRADLEY, Administrative Assistant
EMILY GRUMBLING, Program Officer
RENEE HAWKINS, Financial and Administrative Manager
KATIRIA ORTIZ, Research Associate
For more information on CSTB, see its website at http://www.cstb.org, write to CSTB at National Academies of Sciences, Engineering and Medicine, 500 Fifth Street, NW, Washington, DC 20001, call (202) 334-2605, or e-mail the CSTB at cstb@nas.edu.
___________________
1 Member, National Academy of Engineering.
2 Member, National Academy of Sciences.
Acknowledgment of Reviewers
This Consensus Study Report was reviewed in draft form by individuals chosen for their diverse perspectives and technical expertise. The purpose of this independent review is to provide candid and critical comments that will assist the National Academies of Sciences, Engineering, and Medicine in making each published report as sound as possible and to ensure that it meets the institutional standards for quality, objectivity, evidence, and responsiveness to the study charge. The review comments and draft manuscript remain confidential to protect the integrity of the deliberative process.
We wish to thank the following individuals for their review of this report:
Robert Brammer, Brammer Technology, LLC,
Fred Chang, NAE,1 Southern Methodist University,
Richard Danzig, Johns Hopkins University Applied Physics Laboratory, and
Fred B. Schneider, NAE, Cornell University.
Although the reviewers listed here provided many constructive comments and suggestions, they were not asked to endorse the conclusions or recommendations of this report nor did they see the final draft before its release. The review of this report was overseen by Anita Jones, NAE, University of Virginia. She was responsible for making certain that an independent examination of this report was carried out in accordance with the standards of the National Academies and that all review comments were carefully considered. Responsibility for the final content rests entirely with the authoring committee and the National Academies.
___________________
1 Member, National Academy of Engineering.
This page intentionally left blank.