Skip to main content

Currently Skimming:

Executive Summary
Pages 1-12

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.


From page 1...
... The report also addresses the nature of the cybersecurity threat, explores some of the reasons that previous cybersecurity research efforts and agendas have had less impact on the nation's cybersecurity posture than desired, and considers the human resource base needed to advance the cybersecurity research agenda. Society ultimately expects computer systems to be trustworthy -- that is, that they do what is required and expected of them despite environmental disruption, human user and operator errors, and attacks by hostile parties, and that they not do other things.
From page 2...
... A future of "pervasive computing" will see IT ubiquitously integrated into everyday objects in order to enhance their usefulness, and these objects will be interconnected in ways that further multiply their usefulness. In addition, a growing focus on innovation in the future will require the automation and integration of various services to provide rapid response tailored to the needs of users across the entire economy.
From page 3...
... Furthermore, they are usually highly capable of exploiting human or organizational weaknesses over extended periods of time. The bottom line is that the threat is growing in sophistication as well as in magnitude, and against the high-end attacker, many current best practices and security technologies amount to little more than speed bumps -- thus requiring additional fundamental research and new approaches, such as a greater emphasis on mitigation and recovery.
From page 4...
... The next three provisions relate to crosscutting properties of systems: VII. Security in using computing directly or indirectly in impor tant applications, including financial, health care, and electoral transactions and real-time remote control of devices that interact with physical processes.
From page 5...
... Thus, the cybersecurity posture of the nation could be strengthened substantially if individuals and organizations collectively adopted current best practices and existing security technologies that are known to improve cybersecurity. The second reason is that, even assuming that everything known today was immediately put into practice, the resulting cybersecurity posture -- though it would be stronger and more resilient than it is now -- would still be inadequate against today's threat, let alone tomorrow's.
From page 6...
... That hedge is an R&D agenda in cybersecurity that is both broader and deeper than might be required if only low-end threats were at issue. (Because of the long lead time for large-scale deployments of any measure, part of the research agenda must include research directed at reducing those long lead times.)
From page 7...
... Priorities are still important, but they should be determined by those in a position to respond most quickly to the changing environment -- namely, the research constituencies that provide peer review and the program managers of the various research-supporting agencies. Notions of breadth and diversity in the cybersecurity research agenda should themselves be interpreted broadly as well, and might well be integrated into other research programs such as software and systems engineering, operating systems, programming languages, networks, Web applications, and so on.
From page 8...
... This category is focused on ensuring that the technologies and procedures in Categories 1 and 2 are actually used to promote and enhance security. Category 3 includes technologies that facilitate ease of use by both end users and system implementers, incentives that promote the use of secu rity technologies in the relevant contexts, and the removal of barri ers that impede the use of security technologies.
From page 9...
... Research is needed to further harmonize laws across many national boundaries to enable international prosecutions and to reduce the logistical difficulties involved in such activities. Other illustrations are provided in the main text of the report.
From page 10...
... The committee believes that the lack of adequate action in the cybersecurity space can be largely explained by three factors: • ast reports have not provided the sufficiently compelling infor P mation needed to make the case for dramatic and urgent action. If so, perhaps it is possible to paint a sufficiently ominous picture of the threat in terms that would inspire decision makers to take action.
From page 11...
... A second element will be to change the decision-making calculus that excessively focuses vendor and end user attention on short-term costs of improving their cybersecurity postures. • ommensurate with a rapidly growing cybersecurity threat, support a C broad, robust, and sustained research agenda at levels which ensure that a large fraction of good ideas for cybersecurity research can be explored.
From page 12...
... Making progress on any cybersecu S rity research agenda requires substantial attention to infrastructural issues. In this context, a cybersecurity research infrastructure refers to the collection of open testbeds, tools, data sets, and other things that enable research to progress and which allow research results to be implemented in actual IT products and services.


This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.