Cyber Security R&D: Developing a vision & Road map

15 November 2009 - A Workshop on Security in Sharm el Sheikh, Egypt

Agenda

Vulnerabilities and new exploitations of today’s approach to cyber security are identified daily. However, several key capabilities are absent in today’s cyber security approach, like:
• Provable methods for quantifying trustworthiness and risk within a component or system of components.
• Computational models that capture expected behavior in software, platforms, and networks of systems such that failure, compromise, or vulnerable conditions can be detected in real time or even predicted.
• Techniques for performing and analyzing ensembles of scenarios to develop effective responses to various events and vulnerabilities, leading to the ability to predict outcomes to potential remedies during an event.
• Techniques for understanding the necessary and sufficient conditions required to restore trust and yet maintain functioning and usable systems.

The proposed Round Table discussion on Cybersecurity R&D will bring together cybersecurity production personnel, cybersecurity researchers, and scientific application researchers from across the globe. The purpose of the discussion is to identify the research needs and opportunities associated with cybersecurity. The Round Table discussion will focus especially on those needs associated with supercomputing, user facilities, high-speed networks, laboratories, and other open collaborative science stakeholders. A discussion of how science cybersecurity differs from general cybersecurity will explore the implications these differences may have for cybersecurity research activities.

Many existing research programs and investments emphasize near-term solutions. But the longer-term research needs and tends to lead to incremental rather than transformational change. One more difficulty in existing research programs is the tendency to fund research without including a path towards eventual deployment. Unless science outcomes are infused into the cyber security field in a usable ways, the problems they were intended to address will remain. Therefore, a transformational cyber security research program that focuses on longer-term goals, considers the investments of other agencies and industry, and operates in such a way that the science can be translated into solutions that can be applied, is necessary.

This proposed program would create a proactive and forward-looking approach to research and development in the cyber security area from a rigorous analytical and technical basis that would stimulate new open science research directions and have a lasting impact on cyber security. 

Goal:
• Identify the research needs and opportunities associated with cybersecurity for science.
• Gather future science cybersecurity priorities. 
• Develop a list of research and development priorities for cybersecurity R&D 
• Produce a report describing the results of the discussion, which will provide further impetus to the researchers and the studies in the field.

Key questions for Round Table discussion:
1. What are the key priorities with regard to cyber security research and development over the next decade? 
2. What would we recommend, in terms of a program, to address those priorities? 
3. How would a country R&D program in this area complement other cyber security research and development initiatives by other agency programs? 

 

Panelsits:
Dept of Telecom, Govt of India
NASSCOM
IIM
IIT
ISPAI (Internet Service Providers Association of India)
Internet Service Providers
ISOC (Internet Society)
Corporate representatives
Civil society organisations