By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData CollectiveSmartData CollectiveSmartData Collective
  • Analytics
    AnalyticsShow More
    data-driven white label SEO
    Does Data Mining Really Help with White Label SEO?
    7 Min Read
    marketing analytics for hardware vendors
    IT Hardware Startups Turn to Data Analytics for Market Research
    9 Min Read
    big data and digital signage
    The Power of Big Data and Analytics in Digital Signage
    5 Min Read
    data analytics investing
    Data Analytics Boosts ROI of Investment Trusts
    9 Min Read
    football data collection and analytics
    Unleashing Victory: How Data Collection Is Revolutionizing Football Performance Analysis!
    4 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-23 SmartData Collective. All Rights Reserved.
Reading: The Most Well Thought Out Research Agenda for Cyber Security
Share
Notification Show More
Aa
SmartData CollectiveSmartData Collective
Aa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > IT > Security > The Most Well Thought Out Research Agenda for Cyber Security
Security

The Most Well Thought Out Research Agenda for Cyber Security

BobGourley
Last updated: 2011/02/03 at 4:46 AM
BobGourley
17 Min Read
SHARE

Opinion: the most mature research agenda on the topic of cyber security is the one established by our nation’s Department of Homeland Security.

Opinion: the most mature research agenda on the topic of cyber security is the one established by our nation’s Department of Homeland Security.

I’m keeping an open mind, and would love to learn of other cyber security research agenda’s that might be as well defined. But I have to tell you I have seen research programs associated with cyber for years and this one is impressive.

More Read

sobm for ai-driven cybersecurity

Software Bill of Materials is Crucial for AI-Driven Cybersecurity

4 Common Misconceptions Surrounding IoT Cybersecurity Compliance
Data Security Unveiled: Protecting Your Information in a Connected World
IoT Security: What Kind of Data Is Compromised by Poorly Protected IoT Devices?
AI Helps Businesses Enjoy Fast & Secure IT Infrastructures

The details of the topic areas of this research activity are embedded in a Broad Area Announcement (BAA) posted on FedBizOpps. The PDF of the announcement is located here: http://ctovision.com/wp-content/uploads/2011/02/Cyber_Security_BAA_11-02-2.pdf

You can also find info on this research agenda at:

https://baa2.st.dhs.gov/portal/BAA/

A summary of the agenda is pasted below for your review, but please visit review the details on the DHS site and at FedBizOpps for more info. And, if you know of any researcher who has an ability to contribute to the cyber mission needs outlined in this BAA, please get word of the BAA to the researcher. Our nation needs research into these topics, and it looks like DHS may be making some funding available for research into these topics.

I’d also recommend the DHS S&T Topics for Cyber Research by reviewed by computer science students and teachers.  They should also be considered by IT firms large and small, even if the firms are not planning on responding to the DHS announcement.  Anyone doing any research on cyber anywhere would benefit from a review of this agenda, I believe.

Summary from the DHS S&T website:

Description
The Department of Homeland Security (DHS) Science and Technology (S&T) Homeland Security Advanced Research Projects Agency (HSARPA) Cyber Security Division’s (CSD) announce a Broad Agency Announcement (BAA) for Fiscal Year 2011 to improve the security in both Federal networks and the larger Internet. This Broad Agency Announcement (BAA) seeks ideas and proposals for Research and Development (R&D) in 14 Technical Topic Areas (TTAs) related to CSD. The total estimated value of this acquisition is $40 million. Cyber attacks are increasing in frequency and impact. Even though these attacks have not yet had a significant impact on our Nation’s critical infrastructures, they have demonstrated that extensive vulnerabilities exist in information systems and networks, with the potential for serious damage. The effects of a successful cyber attack might include: serious consequences for major economic and industrial sectors, threats to infrastructure elements such as electric power, and disruption of the response and communications capabilities of first responders. The DHS S&T mission is to conduct, for homeland security purposes, research, development, test and evaluation (RDT&E) and timely transition of cyber security capabilities to operational units within DHS, as well as local, state, Federal and operational end users in critical infrastructure. Cyber security is defined in broad terms to encompass the usual attributes of security, as well as reliability, availability, and survivability in the face of adversary attack and accidental fault, while preserving privacy. DHS S&T invests in programs offering the potential for revolutionary changes in technologies that promote homeland security and accelerate the prototyping and system prototype demonstration in an operational environment of technologies that reduce homeland vulnerabilities. A critical area of focus for DHS is the development and deployment of technologies to protect the nation’s cyber infrastructure, including the Internet and other critical infrastructures that depend on computer systems for their mission.
  • TTA 01 – Software Assurance
  • TTA 02 – Enterprise-Level Security Metrics
  • TTA 03 – Usable Security
  • TTA 04 – Insider Threat
  • TTA 05 – Secure, Resilient Systems and Networks
  • TTA 06 – Modeling of Internet Attacks
  • TTA 07 – Network Mapping and Measurement
  • TTA 08 – Incident Response Communities
  • TTA 09 – Cyber Economics
  • TTA 10 – Digital Provenance
  • TTA 11 – Hardware-Enabled Trust
  • TTA 12 – Moving-Target Defense
  • TTA 13 – Nature-Inspired Cyber Health
  • TTA 14 – Software Assurance MarketPlace (SWAMP)

Summaries of these task areas:

TOPIC NUMBER: TTA 01

 

TITLE: Software Assurance

DESCRIPTION:

The nation’s critical infrastructure (energy, transportation, telecommunications, banking and finance, and others), businesses, and services are extensively and increasingly controlled and enabled by software. Vulnerabilities in that software put those resources at risk. The risk is compounded by software size and complexity, the ways in which software is developed and maintained, the use of software produced by unvetted suppliers, and the interdependence of software systems. Software quality addresses the presence of internal flaws and vulnerabilities in software threatening its correct or predictable operation and use. Software assurance deals with the root of the problem by improving software security.

 
 
TOPIC NUMBER: TTA 02

 

TITLE: Enterprise-Level Security Metrics

DESCRIPTION:

Defining effective information security metrics has proven difficult, even though there is general agreement that such metrics could allow measurement of progress in security measures and, at a minimum, rough comparisons of security between systems. Metrics underlie and quantify progress in many other system security areas. “You cannot manage what you cannot measure,” as the saying goes; the lack of sound and practical security metrics is severely hampering progress both in research and engineering of secure systems. However, general community agreement on meaningful metrics has been hard to achieve. This is due in part to the rapid evolution of IT, as well as the shifting locus of adversarial action.

 
 
TOPIC NUMBER: TTA 03

 

TITLE: Usable Security

DESCRIPTION:

Although the problem of achieving usable security is universal – it affects everyone, and everyone stands to benefit enormously if usability is successfully addressed as a core aspect of security – it affects different users in different ways, depending on applications, settings, policies, and user roles. The guiding principles may indeed be universal, but there is certainly no general one-size-fits-all solution.

 
 
TOPIC NUMBER: TTA 04

 

TITLE: Insider Threat

DESCRIPTION:

Cybersecurity measures are often focused on threats from outside an organization, rather than threats posed by untrustworthy individuals inside an organization. However, insider threats are the source of many losses in many critical infrastructure industries. In addition, well-publicized intelligence community moles such as Aldrich Ames have caused enormous and irreparable harm to national interests. This TTA focuses on insider threats to our cyber systems, and presents a high-impact research program that could aggressively curtail some aspects of this problem. At a high level, opportunities exist to mitigate insider threats through aggressive profiling and monitoring of users of critical systems, “fishbowling” suspects, “chaffing” data and services by users who are not entitled to access, and finally “quarantining” confirmed malevolent actors to contain damage and leaks while collecting actionable counter-intelligence and legally acceptable evidence.

 
 
TOPIC NUMBER: TTA 05

 

TITLE: Secure, Resilient Systems and Networks

DESCRIPTION:

Survivability is the capability of a system to fulfill its mission, in a timely manner, in the presence of attacks, failures, or accidents. Part of the survivability attribute of systems and networks includes being secure and resilient to attack. This is meaningful, in practice, only with respect to well-defined mission requirements against which the survivability can be evaluated and measured.

 
TOPIC NUMBER: TTA 06

 

TITLE: Modeling of Internet Attacks

DESCRIPTION:

This TTA researches, develops and applies modeling and analysis capabilities to predict the effects of cyber attacks on Federal Government and other critical infrastructures. Two main areas are identified: malware and botnets; and situational understanding and attack attribution.

 
TOPIC NUMBER: TTA 07

 

TITLE: Network Mapping and Measurement

DESCRIPTION:

The protection of cyber infrastructure depends on the ability to identify critical Internet resources, incorporating an understanding of geographic and topological mapping of Internet hosts and routers. A better understanding of connectivity richness among ISPs will help to identify critical infrastructure. Associated data analysis will allow better understanding of peering relationships, and will help identify infrastructure components in greatest need of protection. Improved router level maps (both logical and physical) will enhance Internet monitoring and modeling capabilities to identify threats and predict the cascading impacts of various damage scenarios.

 
TOPIC NUMBER: TTA 08

 

TITLE: Incident Response Communities

DESCRIPTION:

Cyber security incident response (CSIR) teams, individuals, and communities have historically consisted of people and organizations that have been “in the right place at the right time.” Only recently has the community begun to specify the skills, abilities, structures, and support to create an effective and sustained incident response capability. While there is a good understanding of the technologies involved in CSIRTs, the operational community has not adequately studied the characteristics of individuals, teams, and communities that distinguish the great CSIR responders from the average technology contributor. In other areas where individual contributions are essential to success, e.g., first responders, commercial pilots, and military personnel, there have studies of the individual and group characteristics essential to success. To optimize the selection, training, and organization of CSIR personnel to support the essential cyber missions of DHS, a much greater understanding and appreciation of these characteristics must be achieved.

 
 
TOPIC NUMBER: TTA 09

 

TITLE: Cyber Economics

DESCRIPTION:

Today cyber crime pays. So does cyber-espionage. The state of cyber security today is, and in the future will be, significantly affected by economic conditions and factors. Cyber crime and espionage are making their own economic markets today, having gone well beyond the “script kiddie” and “hacker” personas to mature into big business on a global level. Gaining an understanding of the incentive structure is key to getting stakeholders to behave in a way that will improve overall security. Current cyber-related illegal activities are economically attractive for several reasons.

 
TOPIC NUMBER: TTA 10

 

TITLE: Digital Provenance

DESCRIPTION:

Individuals and organizations routinely work with, and make decisions based on, data that may have originated from many different sources and also may have been processed, transformed, interpreted, and aggregated by numerous entities between the original sources and the consumers. Without good knowledge about the sources and intermediate processors of the data, it can be difficult to assess the data’s trustworthiness and reliability, and hence its real value to the decision-making processes in which it is used.

 
 
TOPIC NUMBER: TTA 11

 

TITLE: Hardware-Enabled Trust

DESCRIPTION:

Hardware can be the final sanctuary and foundation of trust in the computing environment, based on the technologies that can be developed in the area of hardware-enabled trust and security. With cyber threats steadily increasing in sophistication, hardware can provide a game-changing foundation upon which to build tomorrow’s cyber infrastructure. But today’s hardware still provides limited support for security and capabilities that do exist are often not fully utilized by software. The hardware of the future also must exhibit greater resilience to function effectively under attack.

 
TOPIC NUMBER: TTA 12

 

TITLE: Moving-Target Defense

DESCRIPTION:

In the current environment, our systems are built to operate in a relatively static configuration. For example, addresses, names, software stacks, networks, and various configuration parameters remain relatively static over relatively long periods of time. This static approach is a legacy of information technology system design for simplicity in a time when malicious exploitation of system vulnerabilities was not a concern.

 
TOPIC NUMBER: TTA 13

 

TITLE: Nature-Inspired Cyber Health

DESCRIPTION:

Today, weeks and months may elapse before successful network penetrations are detected through laborious forensic analysis. Despite their potential to function with intelligence, today’s typical network components have very limited understanding of what passes through them, coupled with a correspondingly short memory. In the future, network components must have heightened ability to observe and record what is happening to and around them. With this new awareness of the system health and safety, these “self-aware systems” enjoy a range of options: these system may take preventative measures, rejecting requests which do not fit the profile of what is good, a priori, for the network; these systems can build immunological responses to the malicious agents which they sense in real time; these systems may refine the evidence they capture for the pathologist, as a diagnosis of last resort, or to support the development of new prevention methods. In the future, system owners should be able to monitor and control such dynamic cyber environments.

 
 
TOPIC NUMBER: TTA 14

 

TITLE: Software Assurance MarketPlace (SWAMP)

DESCRIPTION:

Technical Topic Area #1 on Software Assurance describes the need to address threats throughout the software development process and called for new methods, services, and capabilities in build, test, and analysis phases in order to improve the quality and reliability of software used in the nation’s critical infrastructures. Specifically, TTA#1 solicits ideas for research and development of new tools and methods for software analysis, and for applying new and existing capabilities in test and evaluation activities. This TTA (#14) focuses on the research infrastructure necessary to enable these software quality assurance and related activities.

Related articles

  • Attend FedScoop CyberSecurity Summit (ctovision.com)
  • Federal Cyber Security: Missions, Initiatives, Opportunities and Risks (ctovision.com)
  • Ponemon Institute Cost of Cyber Crime Study (ctovision.com)
  • DHS To Invest $40 Million On Cybersecurity Research (informationweek.com)
  • DHS Offers $40M For Top Cybersecurity Research (yro.slashdot.org)
  • ENISA smartphone cyber security report (marienfeldt.wordpress.com)

Related posts:

  1. Federal Cyber Security: Missions, Initiatives, Opportunities and Risks
  2. The Future of Cyber Security and Cyber Conflict
  3. Protecting Federal Networks Against Cyber Attack

 

BobGourley February 3, 2011 February 3, 2011
Share This Article
Facebook Twitter Pinterest LinkedIn
Share

Follow us on Facebook

Latest News

big data and IP laws
Big Data & AI In Collision Course With IP Laws – A Complete Guide
Big Data
ai in marketing
4 Ways AI Can Enhance Your Marketing Strategies
Marketing
sobm for ai-driven cybersecurity
Software Bill of Materials is Crucial for AI-Driven Cybersecurity
Security
IT budgeting for data-driven companies
IT Budgeting Practices for Data-Driven Companies
IT

Stay Connected

1.2k Followers Like
33.7k Followers Follow
222 Followers Pin

You Might also Like

sobm for ai-driven cybersecurity
Security

Software Bill of Materials is Crucial for AI-Driven Cybersecurity

9 Min Read
IoT Cybersecurity
Internet of Things

4 Common Misconceptions Surrounding IoT Cybersecurity Compliance

8 Min Read
data security unveiled
Security

Data Security Unveiled: Protecting Your Information in a Connected World

8 Min Read
IoT Security
Internet of Things

IoT Security: What Kind of Data Is Compromised by Poorly Protected IoT Devices?

6 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

AI chatbots
AI Chatbots Can Help Retailers Convert Live Broadcast Viewers into Sales!
Chatbots
ai in ecommerce
Artificial Intelligence for eCommerce: A Closer Look
Artificial Intelligence

Quick Link

  • About
  • Contact
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
Go to mobile version
Welcome Back!

Sign in to your account

Lost your password?