The National Academies Press

Currently Skimming:

4 Foundational Research Topics
Pages 43-53

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 43... ... More recently, the federal Networking and Information Technol ogy Research and Development Program issued its Federal Cybersecurity Research and Development Strategic Plan.2 That plan rests on four assumptions related to adversaries, defenders, users, and technology; outlines a number of near-, mid-, and long-term goals; spotlights four defensive elements: deter, protect, detect, and adapt; outlines six critical areas, the first three of which are most relevant to this report: scientific foundations, enhancements in risk management, and human aspects; and offers five 1 National Research Council, Toward a Safer and More Secure Cyberspace, The National Academies Press, Washington, D.C., 2007. 2 National Science and Technology Council, Federal Cybersecurity Research and Develop ment Strategic Plan: Ensuring Prosperity and National Security, Networking and Information Technology Research and Development Program, February 2016. Read the entire page →
From page 44... ... The committee outlines a foundationally oriented technical research agenda clustered around three broad themes that correspond to those in the strategic plan: detect (detection and attribution of attacks and vulnerabilities) , protect (defensible systems that are prepared for and can resist attacks) Read the entire page →
From page 45... ... installations incorporate commercial "intrusion-detection" systems, most of those systems operate by recognizing the signatures of previously observed attacks. New attacks that do not replicate previously seen malicious code, data, or network traffic patterns may not be detected because their activity fails to "look like an intrusion." Some high-end intrusion-detection systems are capable of characterizing the normal activity on a network and reporting deviations from "normal" with an acceptably low false-positive rate. Read the entire page →
From page 46... ... Finally, transparency and sharing of information related to detected attacks and their attribution would increase the value of attack detection for the infrastructure as a whole. In addition to exploring technical means that might enable organizations to more readily share information, this also relates to social and decision sciences that could help inform how to incentivize such sharing and how to make it effective. Read the entire page →
From page 47... ... Research opportunities in this space range from techniques for verification of hardware designs to the development of security-enhanced architectures that take full advantage of new hardware capabilities. Integrating hardware security efforts with efforts elsewhere in the stack, toward an end-to-end approach, can lead to improvements. Read the entire page →
From page 48... ... 7 The Defense Science Board is undertaking a study on the cyber supply chain that will review DoD supply chain risk management activities and consider opportunities for improvement (see Office of the Under Secretary of Defense for Acquisition, Technology and Logistics, "Terms of Reference -- Defense Science Board Task Force on Cyber Supply Chain," November 12, 2014, http://www.acq.osd.mil/dsb/tors/TOR-2014-11-12-Cyber_ Supply_Chain.pdf) Read the entire page →
From page 49... ... , and are there demonstrated ways organizations can mitigate these risks? 8 National Science and Technology Council, Federal Cybersecurity Research and Development Strategic Plan: Ensuring Prosperity and National Security, Networking and Information Technology Research and Development Program, February 2016. Read the entire page →
From page 50... ... -- implications for deployment and prioritization. 9A forthcoming report of a Workshop on Building Communication Capacity to Counter Infectious Disease Threats from the Forum on Microbial Threats considers the challenge of public trust and warnings in the public health context. Read the entire page →
From page 51... ... For example, a foundational discovery from social science work is that diversity in membership can sometimes improve the performance of problem-solving groups.11 This principle reinforces the argument for including social scientists in cybersecurity projects. Another example of a foundational principle is that there is a trade-off between sharing information widely in an organization to improve performance and restricting information sharing to reduce damage if one part of the organization is 10 C.E. Read the entire page →
From page 52... ... CRITICALITY AND EVALUATION Finally, there are two overarching challenges that will draw on both social, behavioral, and decision sciences research and the technical research outlined here. One is the question of how to assess and determine the criticality of a particular capability or application in a given context. Read the entire page →
From page 53... ... government's "Rainbow Series" of requirements for government systems, failed to achieve their goals.12 This was in part due to the time and cost of constructing the assurance argument required for such systems, the lack of personnel sufficiently trained in formal methods to construct an adequate assurance argument, the limited usability of the fundamental model underlying the approach, and the lack of trained personnel who could evaluate systems that were intended to be the most secure. 12 These were a series of computer security guidelines and standards published by the U.S. Read the entire page →

From page 43...

... More recently, the federal Networking and Information Technol ogy Research and Development Program issued its Federal Cybersecurity Research and Development Strategic Plan.2 That plan rests on four assumptions related to adversaries, defenders, users, and technology; outlines a number of near-, mid-, and long-term goals; spotlights four defensive elements: deter, protect, detect, and adapt; outlines six critical areas, the first three of which are most relevant to this report: scientific foundations, enhancements in risk management, and human aspects; and offers five 1 National Research Council, Toward a Safer and More Secure Cyberspace, The National Academies Press, Washington, D.C., 2007. 2 National Science and Technology Council, Federal Cybersecurity Research and Develop ment Strategic Plan: Ensuring Prosperity and National Security, Networking and Information Technology Research and Development Program, February 2016.

Read the entire page →

From page 44...

... The committee outlines a foundationally oriented technical research agenda clustered around three broad themes that correspond to those in the strategic plan: detect (detection and attribution of attacks and vulnerabilities) , protect (defensible systems that are prepared for and can resist attacks)

Read the entire page →

From page 45...

... installations incorporate commercial "intrusion-detection" systems, most of those systems operate by recognizing the signatures of previously observed attacks. New attacks that do not replicate previously seen malicious code, data, or network traffic patterns may not be detected because their activity fails to "look like an intrusion." Some high-end intrusion-detection systems are capable of characterizing the normal activity on a network and reporting deviations from "normal" with an acceptably low false-positive rate.

Read the entire page →

From page 46...

... Finally, transparency and sharing of information related to detected attacks and their attribution would increase the value of attack detection for the infrastructure as a whole. In addition to exploring technical means that might enable organizations to more readily share information, this also relates to social and decision sciences that could help inform how to incentivize such sharing and how to make it effective.

Read the entire page →

From page 47...

... Research opportunities in this space range from techniques for verification of hardware designs to the development of security-enhanced architectures that take full advantage of new hardware capabilities. Integrating hardware security efforts with efforts elsewhere in the stack, toward an end-to-end approach, can lead to improvements.

Read the entire page →

From page 48...

... 7 The Defense Science Board is undertaking a study on the cyber supply chain that will review DoD supply chain risk management activities and consider opportunities for improvement (see Office of the Under Secretary of Defense for Acquisition, Technology and Logistics, "Terms of Reference -- Defense Science Board Task Force on Cyber Supply Chain," November 12, 2014, http://www.acq.osd.mil/dsb/tors/TOR-2014-11-12-Cyber_ Supply_Chain.pdf)

Read the entire page →

From page 49...

... , and are there demonstrated ways organizations can mitigate these risks? 8 National Science and Technology Council, Federal Cybersecurity Research and Development Strategic Plan: Ensuring Prosperity and National Security, Networking and Information Technology Research and Development Program, February 2016.

Read the entire page →

From page 50...

... -- implications for deployment and prioritization. 9A forthcoming report of a Workshop on Building Communication Capacity to Counter Infectious Disease Threats from the Forum on Microbial Threats considers the challenge of public trust and warnings in the public health context.

Read the entire page →

From page 51...

... For example, a foundational discovery from social science work is that diversity in membership can sometimes improve the performance of problem-solving groups.11 This principle reinforces the argument for including social scientists in cybersecurity projects. Another example of a foundational principle is that there is a trade-off between sharing information widely in an organization to improve performance and restricting information sharing to reduce damage if one part of the organization is 10 C.E.

Read the entire page →

From page 52...

... CRITICALITY AND EVALUATION Finally, there are two overarching challenges that will draw on both social, behavioral, and decision sciences research and the technical research outlined here. One is the question of how to assess and determine the criticality of a particular capability or application in a given context.

Read the entire page →

From page 53...

... government's "Rainbow Series" of requirements for government systems, failed to achieve their goals.12 This was in part due to the time and cost of constructing the assurance argument required for such systems, the lack of personnel sufficiently trained in formal methods to construct an adequate assurance argument, the limited usability of the fundamental model underlying the approach, and the lack of trained personnel who could evaluate systems that were intended to be the most secure. 12 These were a series of computer security guidelines and standards published by the U.S.

Read the entire page →

← Previous Chapter Skim

Next Chapter Skim →

This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.

4 Foundational Research Topics Pages 43-53

4 Foundational Research Topics
Pages 43-53