Groundwork for cybersecurity R&D agenda begins

The National Science and Technology Council drafts a federal plan to improve research and development.

Federal Plan for Cyber Security and Information Assurance Research and Development

Related Links

The Bush administration has drafted a federal plan to improve cybersecurity research and development.

Yesterday, the National Science and Technology Council, a Cabinet-level body that coordinates governmentwide science and technology policies, issued a preprint release of the “Federal Plan for Cyber Security and Information Assurance Research and Development.”

In addressing gaps in the country’s current cybersecurity activities, the 121-page report recommends setting R&D priorities and strengthening coordination between agencies and the private sector. The plan also calls for implementing emerging technologies, road maps and metrics. It does not address specific funding levels or budgets.

Industry officials and lawmakers had been urging the administration to improve federal cybersecurity and information assurance R&D. Officials are billing this plan as the first step toward developing a federal agenda. Members of more than 20 government organizations prepared the document as part of the Interagency Working Group on Cyber Security and Information Assurance.

The report responds to several recent cybersecurity documents, including a memorandum on fiscal 2007 administration R&D budget priorities, a 2005 report by the now-defunct President’s Information Technology Advisory Committee (PITAC) and the 2002 Cyber Security Research and Development Act.

The budget memo cites cybersecurity R&D as a priority for the $3 billion Federal Networking and Information Technology Research and Development program, along with supercomputing and advanced networking.

In announcing yesterday's plan, Bush administration officials said the report sets a framework for multiagency coordination of investments in technologies that can secure the U.S. IT infrastructure more effectively.

“This country’s IT infrastructure – which includes not only the public Internet but also the networking and IT systems that control critical infrastructures ranging from power grids to emergency communications systems – is vital not only to our national and homeland security but to our economic security,” said John Marburger III, science adviser to the president and director of the Office of Science and Technology Policy. “This report provides a blueprint for coordination of federal R&D across agencies that will maximize the impact of investments in this key area of the national interest.”

The 2005 PITAC report, "Cyber Security: A Crisis of Prioritization," characterizes the budget for civilian cybersecurity research as inadequate and recommends that the National Science Foundation’s budget for cybersecurity research be increased $90 million annually. PITAC was a congressionally mandated committee made up of industry and academic experts appointed by the president. It expired last June.

Yesterday’s report states that PITAC's recommendation was one factor that led to the establishment of a federal plan.

According to the plan, the top areas where funding is needed are authentication, authorization and trust management; access control and privilege management; attack protection, prevention and pre-emption; wireless security; and software testing and assessment tools.

The report recommends that agencies designate representatives to collaborate in developing an interagency R&D road map. The private sector would also contribute to the road map.

Other recommendations include assessing “the security implications and the potential impact of R&D results in new information technologies as they emerge in such fields as optical computing, quantum computing and pervasively embedded computing.”

Comments on the plan are due April 28.

Administration issues R&D report

The National Science and Technology Council issued a preprint release of the “Federal Plan for Cyber Security and Information Assurance Research and Development.”

Among the report's findings and recommendations are the need to:


  • Target federal R&D investments to strategic cybersecurity and information assurance needs.

  • Focus on threats with the greatest potential impact.

  • Make cybersecurity and information assurance R&D individual agency and interagency budget priorities.

  • Support sustained interagency coordination and collaboration on cybersecurity and information assurance R&D.

  • Build security in from the beginning.

  • Assess security implications of emerging information technologies.

  • Develop a road map for federal cybersecurity and information assurance R&D.

  • Develop and apply new metrics to assess cybersecurity and information assurance.

  • Institute more effective coordination with the private sector.

  • Strengthen R&D partnerships, including those with international partners.