Administration seeks input on cybersecurity research

The federal government is moving forward with its plan to realign the $350 million it spends annually on cybersecurity research and development around three "game-changing" concepts in an attempt to stay ahead of hackers and enemy states.

The National Coordination Office for Networking and Information Technology Research and Development Program (NITRD) is holding an event May 19 in Berkeley, Calif., where it will present three research and development themes that will drive future federal cybersercurity research, according to a notice in Thursday's Federal Register.

The event is a continuation of the National Cyber Leap Year, during which the government worked to identify cutting-edge concepts that will give agencies the ability to thwart attacks from hackers. Because private sector companies focus mainly on incremental fixes and products that can be commercialized quickly, it falls to the government to fund more ambitious basic research.

After collecting input from a variety of stakeholders last year, NITRD narrowed the field down to three broad research concepts that could significantly advance cybersecurity: creating trustworthy spaces with customizable security controls, raising the potential cost of attacks by making networks harder to target, and examining economic and other nontechnical measures to discourage attacks.

"The themes represent a stake in the ground that says we've listened to the technical community, taken that input and believe these three things are the right initial direction to go to get at the causes of cybersecurity problems today," said Tomas Vagoun, technical coordinator for the NITRD's cybersecurity and information assurance group.

Vagoun said the need for customizable security controls on all networks and equipment is a natural step given the disparate levels of security required for different online activities, such as a bank transaction versus simply browsing the Web. Making networks harder to target is also an important step because their current static, homogenous nature makes it easy for hackers to use a single attack to target multiple networks and systems.

Vagoun emphasized that the research themes would not displace cybersecurity programs currently in place at agencies but help to fund research that could help increase security by an order of magnitude.