Modernizing Authentication — What It Takes to Transform Secure Access
A group of federal agencies opened an online forum to collect ideas from the public for what it is billing as its "game-change" cybersecurity initiative, calling for proposals for R&D projects as it continues its efforts to leverage government heft to shore up public and private information networks.
"I want to really emphasize that we want everyone to be thinking big, thinking novel," Jeannette Wing, assistant director of the National Science Foundation's Computer Science and Information Assurance Directorate, said at an event Wednesday launching the initiative. "The administration is very, very keen to see how the government can be working with the private sector on this along with academia."
The new portal is a joint effort of the White House Office of Science and Technology Policy (OSTP) and the National Coordination Office for Networking and Information Technology Research and Development (NITRD), a coalition of 14 agencies responsible for coordinating network research initiatives across the federal government.
Participating departments and agencies include the NSF, NASA, National Security Agency and, most recently, the Department of Homeland Security.
"The NITRD agencies are all different, but for cybersecurity we obviously all share some common goals," Wing said. She stressed that the submissions will be circulated among the agencies and used to inform appropriation requests for cybersecurity R&D funding.
The effort follows the course prescribed by the recommendations of the national cybersecurity review Obama commissioned shortly after taking office last January.
That plan, released in May, called for enhanced cooperation between the public and private sectors, and endorsed increased federal funding for cybersecurity research, which Obama requested in his proposed budget for fiscal 2011.
The Cyberspace Policy Review laid out a blueprint for government's role in securing critical digital infrastructure. That effort followed several similar reports commissioned by the White House or various agencies over the past decade that have all pointed to the increasing vulnerability of Internet-based systems in the face of attacks from ever-more sophisticated adversaries.
Wing stressed that those collective warnings helped lay the groundwork for today's launch, which she billed as a departure from the conventional government approach to cybersecurity.
"All of this behind us is really culminating in today's kickoff event for a national strategy for national cybersecurity research and development," she said.
The agencies are seeking submissions for projects broadly grouped around three themes. First, they are exploring projects to foster a more nuanced approach to cybersecurity, acknowledging that "the cost of simultaneously satisfying all the cybersecurity requirements of an ideal system is prohibitive." In essence, different systems and sets of information have different levels of sensitivity, requiring varying levels of authenticity and integrity assurances.
Second, they are looking at ways to "exponentially increase the cost of attack," while also devising methods to ensure that systems can continue to operate even as they are actively engaged in fending off an assault. In this area, the agencies are looking to confound attackers by narrowing their opportunities to exploit vulnerabilities and increasing the complexity of compromising a system through redundant paths and other technical means.
Finally, the agencies are looking to develop better economic metrics to quantify the cost of an attack in the hopes of more efficiently allocating resources to protect critical systems and "encourage the broad use of good cybersecurity practices and deter illicit activities."
Douglas Maughan, the program manager of the DHS Cyber Security R&D Center, noted that this last theme aims to tilt the economics of the cybersecurity battle that currently favor the black hats.
"Can we create an environment in the future where being a good guy pays and the criminal doesn't get paid?" he said. "We're really looking at what is the incentive structure to help people engage in socially responsible behavior."
NITRD is calling these three areas of focus "tailored trustworthy spaces," "moving target" and "cyber economic incentives."
NITRD is collecting submissions through June 18.