Cyber Security: A Crisis of Prioritization

Citation: PITAC, Cyber Security: A Crisis of Prioritization (Feb. 2005).

Overview
In Cyber Security: A Crisis of Prioritization, a February 2005 PITAC report to the President, the independent presidential advisory panel warns that the U.S.’s IT infrastructure is highly vulnerable to attacks that could damage not only the economy but national defense and national security systems as well. Noting that “market forces direct private-sector investment away from research and toward the application of existing technologies to develop marketable products,” the report calls on the Federal government to fundamentally improve its approach to cyber security R&D by increasing investments in unclassified cyber security R&D; intensifying its efforts to expand the size of today’s small cyber security research community; improving technology transfer to the private sector; and increasing the focus and efficiency of Federal R&D through better coordination and oversight.

The report listed 10 areas as R&D priorities, based on a PITAC analysis of more than 30 documents and reports on cyber security R&D. The report concludes that the U.S. will not be able to secure its IT infrastructure without significant advances in the following areas:


 * Authentication technologies
 * Secure fundamental protocols
 * Secure software engineering and software assurance
 * Holistic system security
 * Monitoring and detection
 * Mitigation and recovery methodologies
 * Cyber forensics
 * Modeling and testbeds for new technologies
 * Metrics, benchmarks, and best practices
 * Non-technology issues that can compromise cyber security