National Academies Press: OpenBook
Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2017. Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions. Washington, DC: The National Academies Press. doi: 10.17226/24676.
×

FOUNDATIONAL
CYBERSECURITY
RESEARCH

IMPROVING SCIENCE,
ENGINEERING, AND INSTITUTIONS

Lynette I. Millett, Baruch Fischhoff, Peter J. Weinberger, Editors

Computer Science and Telecommunications Board

Division on Engineering and Physical Sciences

A Consensus Study Report of

images

THE NATIONAL ACADEMIES PRESS
Washington, DC
www.nap.edu

Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2017. Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions. Washington, DC: The National Academies Press. doi: 10.17226/24676.
×

THE NATIONAL ACADEMIES PRESS500 Fifth Street, NWWashington, DC 20001

This project was supported by the National Security Agency with assistance from the National Science Foundation under award number CNS-1400278. Any opinions, findings, conclusions, or recommendations expressed in this publication do not necessarily reflect the views of any organization or agency that provided support for this project.

International Standard Book Number-13: 978-0-309-45529-9
International Standard Book Number-10: 0-309-45529-4
Digital Object Identifier: https://doi.org/10.17226/24676

Additional copies of this publication are available for sale from the National Academies Press, 500 Fifth Street, NW, Keck 360, Washington, DC 20001; (800) 624-6242 or (202) 334-3313; http://www.nap.edu.

Copyright 2017 by the National Academy of Sciences. All rights reserved.

Printed in the United States of America

Suggested citation: National Academies of Sciences, Engineering, and Medicine. 2017. Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions. Washington, DC: The National Academies Press. https://doi.org/10.17226/24676.

Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2017. Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions. Washington, DC: The National Academies Press. doi: 10.17226/24676.
×

images

The National Academy of Sciences was established in 1863 by an Act of Congress, signed by President Lincoln, as a private, nongovernmental institution to advise the nation on issues related to science and technology. Members are elected by their peers for outstanding contributions to research. Dr. Marcia McNutt is president.

The National Academy of Engineering was established in 1964 under the charter of the National Academy of Sciences to bring the practices of engineering to advising the nation. Members are elected by their peers for extraordinary contributions to engineering. Dr. C. D. Mote, Jr., is president.

The National Academy of Medicine (formerly the Institute of Medicine) was established in 1970 under the charter of the National Academy of Sciences to advise the nation on medical and health issues. Members are elected by their peers for distinguished contributions to medicine and health. Dr. Victor J. Dzau is president.

The three Academies work together as the National Academies of Sciences, Engineering, and Medicine to provide independent, objective analysis and advice to the nation and conduct other activities to solve complex problems and inform public policy decisions. The National Academies also encourage education and research, recognize outstanding contributions to knowledge, and increase public understanding in matters of science, engineering, and medicine.

Learn more about the National Academies of Sciences, Engineering, and Medicine at www.nationalacademies.org.

Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2017. Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions. Washington, DC: The National Academies Press. doi: 10.17226/24676.
×

images

Consensus Study Reports published by the National Academies of Sciences, Engineering, and Medicine document the evidence-based consensus on the study’s statement of task by an authoring committee of experts. Reports typically include findings, conclusions, and recommendations based on information gathered by the committee and the committee’s deliberations. Each report has been subjected to a rigorous and independent peer-review process and it represents the position of the National Academies on the statement of task.

Proceedings published by the National Academies of Sciences, Engineering, and Medicine chronicle the presentations and discussions at a workshop, symposium, or other event convened by the National Academies. The statements and opinions contained in proceedings are those of the participants and are not endorsed by other participants, the planning committee, or the National Academies.

For information about other products and activities of the National Academies, please visit www.nationalacademies.org/about/whatwedo.

Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2017. Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions. Washington, DC: The National Academies Press. doi: 10.17226/24676.
×

COMMITTEE ON FUTURE RESEARCH GOALS AND DIRECTIONS FOR FOUNDATIONAL SCIENCE IN CYBERSECURITY

BARUCH FISCHHOFF, Carnegie Mellon University, Co-Chair

PETER WEINBERGER, Google, Inc., Co-Chair

JANDRIA S. ALEXANDER, The Aerospace Corporation

ANNIE ANTÓN, Georgia Institute of Technology

STEVEN M. BELLOVIN, Columbia University

SEYMOUR E. GOODMAN, Georgia Institute of Technology

RONALD L. GRAHAM, University of California, San Diego

CARL E. LANDWEHR, Independent Consultant

STEVEN B. LIPNER, SAFECode

ROY A. MAXION, Carnegie Mellon University

GREG MORRISETT, Cornell University

BRIAN SNOW, Independent Consultant

PHIL VENABLES, Goldman Sachs

STEVEN J. WALLACH, Micron Technology

Staff

LYNETTE I. MILLETT, Associate Director and Senior Program Officer

VIRGINIA BACON TALATI, Program Officer

Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2017. Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions. Washington, DC: The National Academies Press. doi: 10.17226/24676.
×

COMPUTER SCIENCE AND TELECOMMUNICATIONS BOARD

FARNAM JAHANIAN, Carnegie Mellon University, Chair

LUIZ ANDRE BARROSO, Google, Inc.

STEVEN M. BELLOVIN, Columbia University

ROBERT F. BRAMMER, Brammer Technology, LLC

EDWARD FRANK, Apple, Inc.

LAURA HAAS, IBM Corporation

MARK HOROWITZ, Stanford University

ERIC HORVITZ, Microsoft Research

VIJAY KUMAR, University of Pennsylvania

BETH MYNATT, Georgia Institute of Technology

CRAIG PARTRIDGE, Raytheon BBN Technologies

DANIELA RUS, Massachusetts Institute of Technology

FRED B. SCHNEIDER, Cornell University

MARGO SELTZER, Harvard University

JOHN STANKOVIC, University of Virginia

MOSHE VARDI, Rice University

KATHERINE YELICK, University of California, Berkeley

Staff

JON EISENBERG, Director

LYNETTE I. MILLETT, Associate Director

VIRGINIA BACON TALATI, Program Officer

SHENAE BRADLEY, Administrative Assistant

EMILY GRUMBLING, Program Officer

RENEE HAWKINS, Financial and Administrative Manager

KATIRIA ORTIZ, Research Associate

For more information on CSTB, see its website at http://www.cstb.org; write to CSTB, National Academies of Sciences, Engineering, and Medicine, 500 Fifth Street, NW, Washington, DC 20001; call (202) 334-2605; or e-mail CSTB at cstb@nas.edu.

Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2017. Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions. Washington, DC: The National Academies Press. doi: 10.17226/24676.
×

Preface

This study emerged from an informal request to the National Academies of Sciences, Engineering, and Medicine’s Computer Science and Telecommunications Board (CSTB) from Brad Martin of the National Security Agency. The project was initiated by the Special Cyber Operations Research and Engineering (SCORE) Interagency Working Group and sponsored with assistance from the National Science Foundation. The statement of task for the Committee on Future Research Goals and Directions for Foundational Science in Cybersecurity, established by the National Academies to carry out this study, is as follows:

An ad hoc National Research Council committee will conduct a multiphased sequential study to consider future research goals and directions for foundational science in cybersecurity, to include relevant efforts in economics and behavioral science as well as more “traditional” cybersecurity topics. It will also consider how investments in foundational work support mission needs in the long term. The committee will review current unclassified and classified cybersecurity research strategies, plans, and programs as well as requirements in both domains. It will consider major challenge problems, explore proposed new directions, identify gaps in the current portfolio, consider the complementary roles of research in unclassified and classified settings, and consider how foundational work in an unclassified setting can be translated to meet national security objectives. Phase 1 will involve preliminary data gathering and analysis by the committee, but no report will be issued. In Phase 2, the committee will undertake additional data gathering, analysis, and deliberations. In Phase 3, the committee would extend

Page viii Cite
Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2017. Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions. Washington, DC: The National Academies Press. doi: 10.17226/24676.
×

its data gathering and analysis from Phase 2. The study will result in two reports: (1) a public report at the conclusion of Phase 2 providing a high-level roadmap for foundational cybersecurity research based only on public domain information and (2) an additional, brief public report and a non-public classified annex as necessary reflecting the committee’s work in Phase 3.

This report is the result of Phase 2. The committee, whose biographies are listed in Appendix B, gathered input through a number of data-gathering sessions. The committee appreciates the insights and perspectives provided by the experts who presented briefings; they are listed in Appendix A.

With a perennial societal challenge like cybersecurity, a topic that has been explored extensively and where real breakthroughs have proven elusive, a challenge is to avoid well-trodden ground. The committee was mindful of the sponsor’s request to focus on opportunities where a fresh approach to the problem could prove fruitful. Thus, this report does not present a list of hard open research problems (there are many such worthy lists, some of which are summarized in Appendix C) nor argue for specific programs. Instead, the committee offers alternative approaches to framing research problems, organizing research programs, and integrating research and practice. We hope to offer fresh ways to realize the potential of the resources and intellect invested in addressing cybersecurity challenges.

This report represents the cooperative effort of many people. We thank the individuals who came to speak with us during the course of the study. We appreciate the work of our committee. Circumstances beyond the committee’s control delayed activity at certain phases of the project, and we appreciate its members’ patience and that of our sponsors throughout the process. We also thank the reviewers whose comments helped to strengthen the report considerably.

Baruch Fischhoff and Peter Weinberger, Co-Chairs

Committee on Future Research Goals and Directions for Foundational Science in Cybersecurity

Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2017. Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions. Washington, DC: The National Academies Press. doi: 10.17226/24676.
×

Acknowledgment of Reviewers

This Consensus Study Report was reviewed in draft form by individuals chosen for their diverse perspectives and technical expertise. The purpose of this independent review is to provide candid and critical comments that will assist the National Academies of Sciences, Engineering, and Medicine in making each published report as sound as possible and to ensure that it meets the institutional standards for quality, objectivity, evidence, and responsiveness to the study charge. The review comments and draft manuscript remain confidential to protect the integrity of the deliberative process.

We thank the following individuals for their review of this report:

Robert Axelrod, University of Michigan,

Frederick Chang, Southern Methodist University,

John McLean, Naval Research Laboratory,

Peter Neumann, SRI International,

Robert Oliver, University of California, Berkeley,

Shari Lawrence Pfleeger, Dartmouth College,

Angela Sasse, University College London,

William Scherlis, Carnegie Mellon University, and

Fred Schneider, Cornell University.

Although the reviewers listed above provided many constructive comments and suggestions, they were not asked to endorse the conclusions or recommendations of this report nor did they see the final draft

Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2017. Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions. Washington, DC: The National Academies Press. doi: 10.17226/24676.
×

before its release. The review of this report was overseen by William H. Press, University of Texas, Austin. He was responsible for making certain that an independent examination of this report was carried out in accordance with the standards of the National Academies and that all review comments were carefully considered. Responsibility for the final content rests entirely with the authoring committee and the National Academies.

Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2017. Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions. Washington, DC: The National Academies Press. doi: 10.17226/24676.
×
Page R1
Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2017. Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions. Washington, DC: The National Academies Press. doi: 10.17226/24676.
×
Page R2
Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2017. Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions. Washington, DC: The National Academies Press. doi: 10.17226/24676.
×
Page R3
Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2017. Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions. Washington, DC: The National Academies Press. doi: 10.17226/24676.
×
Page R4
Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2017. Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions. Washington, DC: The National Academies Press. doi: 10.17226/24676.
×
Page R5
Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2017. Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions. Washington, DC: The National Academies Press. doi: 10.17226/24676.
×
Page R6
Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2017. Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions. Washington, DC: The National Academies Press. doi: 10.17226/24676.
×
Page R7
Page viii Cite
Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2017. Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions. Washington, DC: The National Academies Press. doi: 10.17226/24676.
×
Page R8
Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2017. Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions. Washington, DC: The National Academies Press. doi: 10.17226/24676.
×
Page R9
Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2017. Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions. Washington, DC: The National Academies Press. doi: 10.17226/24676.
×
Page R10
Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2017. Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions. Washington, DC: The National Academies Press. doi: 10.17226/24676.
×
Page R11
Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2017. Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions. Washington, DC: The National Academies Press. doi: 10.17226/24676.
×
Page R12
Next: Summary »
Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions Get This Book
×
Buy Paperback | $47.00 Buy Ebook | $37.99
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

Attaining meaningful cybersecurity presents a broad societal challenge. Its complexity and the range of systems and sectors in which it is needed mean that successful approaches are necessarily multifaceted. Moreover, cybersecurity is a dynamic process involving human attackers who continue to adapt. Despite considerable investments of resources and intellect, cybersecurity continues to poses serious challenges to national security, business performance, and public well-being. Modern developments in computation, storage and connectivity to the Internet have brought into even sharper focus the need for a better understanding of the overall security of the systems we depend on.

Foundational Cybersecurity Research focuses on foundational research strategies for organizing people, technologies, and governance. These strategies seek to ensure the sustained support needed to create an agile, effective research community, with collaborative links across disciplines and between research and practice. This report is aimed primarily at the cybersecurity research community, but takes a broad view that efforts to improve foundational cybersecurity research will need to include many disciplines working together to achieve common goals.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    Switch between the Original Pages, where you can read the report as it appeared in print, and Text Pages for the web version, where you can highlight and search the text.

    « Back Next »
  6. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  7. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  8. ×

    View our suggested citation for this chapter.

    « Back Next »
  9. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!