Benefits garnered from the Internet, interoperability and connectivity are an incredible step forward for industry, but bad guys look at those benefits as opportunities for them to jump in and pilfer vital information or just plain steal money.
Technological advances will continue, there is no stopping that, but staying ahead of the bad guys and making sure critical infrastructure remains safe and secure remains a major goal for the Department of Homeland Security (DHS).
Last May, DHS’ Science & Technology Directorate (S&T) launched the National Conversation’s Campaign: “A Trusted Cyber Future: Ensuring Protection of Privacy, Commerce, and Community” to discuss topics relevant to protecting the cyber ecosystem.
“If we want to make progress toward the cyber security challenges we face as a nation, we need to be developing a sense of what will be required in the future,” said DHS Under Secretary for Science and Technology Dr. Reginald Brothers.
To accomplish this goal, DHS S&T’s Cyber Security Division held online and in-person discussions around the country to engage a wide range of stakeholders to determine where the division should focus next in cyber security research and development.
S&T’s cyber team is capturing feedback from 12 in-person events and open online discussions at scitech.ideascale.com and on Twitter, using the hashtags #SciTechConvo and #CyberFuture. From June to September the team met with cyber security professionals from California, Colorado, Georgia, Massachusetts, Minnesota, Nevada, New Jersey, Texas, Washington state, and Washington, DC.
The input gathered will inform and help update two documents that guide CSD’s work: “The President’s National Science and Technology Council’s December 2011 Strategic Plan for the Federal Cybersecurity Research and Development Program” and the division’s own “Cyber Security R&D Strategic Plan.”
Douglas Maughan, director of the Cyber Security Division, said the National Conversation is a transparent and inclusive way for the agency to gather input on its way ahead.
“There’s no silver bullet for cyber security,” said Maughan. “We have to continue to work across a number of different technical angles to improve our entire cyber security posture. To make this conversation valuable, we’ve worked to attract a very broad group of people at every conversation: Big industry, small business entrepreneurs, national labs, federal, state, and local government, educators, and students. We have kept the sessions small, and the result has been really good conversations about the issues of concern across the nation.”
In addition to participants from universities and research labs, the conversations have attracted executives from companies like Boeing, PayPal, United HealthPartners and SalesForce, he said.
Online, the discussion has included topics relevant to protecting the cyber ecosystem:
• The importance of systems assurance tools able to detect cyber vulnerabilities
• Fine-grained software execution logging to improve accuracy and privacy of enterprise production systems
• Language-theoretic security principles for critical information infrastructure software
• Capture of system vulnerabilities and risk factors before going to market
• Methods for real-time private access and querying of sensitive data
Participants in the National Conversation sessions also have identified some non-technical areas as possible research such as cyber security education, which emphasized continuing education for professionals working in cyber security as well as education and training for users of all ages.
Notes gathered from the in-person meetings are available on the idea.scale website and a final report of the National Conversation will also post on the site later this year.