A White House strategy released Dec. 6 calls for federally-funded cybersecurity research to be unified into four prevailing "themes" in an effort to recast cyberspace into a more-secure arena of information sharing.

The strategy, prepared by the National Science and Technology Council from within the executive office of the president, says the strategy should replace today's "incremental, piecemeal" research and development efforts.

The four themes are "designed-in security," "tailored trustworthy spaces," "moving target" and "cyber economic incentives."

Designed-in security is a theme encompassing software and hardware; a key focus is to fund R&D for tools utilized during development for making the final product attack-resistant, the strategy says.

Tailored trustworthy spaces should rectify today's lack of mechanisms for subsystems "to ascertain their security conditions and to participate in creating environments with required trust and provenance characteristics." Under tailored trustworthy space computing, a user should be able to operate under varying degrees of attribution and authentication, depending on the user's level of trust.

Moving target is how the strategy characterizes R&D efforts to make operating systems and networks "less deterministic, less homogeneous, and less static." Doing so would raise the cost of cyber attacks if systems and networks can be dynamically managed by the owner in a way that appears unpredictable to would-be attackers, the strategy adds.

Cyber economic incentives is a recognition, the strategy says, that secure practices must be incentivized in the private sector if cybersecurity is to become ubiquitous. Research is needed to examine how best to do so, since currently there are no good metrics to indicate how secure a system is, meaning that "one cannot articulate how much more secure it would be with additional investment."

For more:
- download the strategy, "Trustworthy Cyberspace: Strategic Plan For The Federal Cybersecurity Research And Development Program" (.pdf)

Related Articles:
DHS releases cyber strategy framework 
NIST embraces assertion-based remote e-authentication 
NIST details trusted root BIOS verification model