Definition[edit | edit source]
Cybersecurity and information assurance (CSIA) refer to measures for protecting computer systems, networks, and information from disruption or unauthorized access, use, disclosure, modification, or destruction.
Purpose[edit | edit source]
The purpose of "cybersecurity and information assurance" is to provide for:
- Integrity — protection against unauthorized modification or destruction of systems, networks, and information, and system and information authentication
- Confidentiality — protection against unauthorized access to and disclosure of information
- Availability — assurance of timely and reliable access to and use of systems, networks, and information.
U.S. government program[edit | edit source]
NITRD's Cyber Security and Information Assurance (CSIA) program
|“||focuses on research and development to prevent, resist, detect, respond to, and/or recover from actions that compromise or threaten to compromise the availability, integrity, or confidentiality of computer- and network-based systems. These systems provide both the basic infrastructure and advanced communications in every sector of the economy, including critical infrastructures such as power grids, emergency communications systems, financial systems, and air-traffic-control networks. These systems also support national defense, national and homeland security, and other vital Federal missions, and themselves constitute critical elements of the IT infrastructure. Broad areas of concern include Internet and network security; confidentiality, availability, and integrity of information and computer-based systems; new approaches to achieving hardware and software security; testing and assessment of computer-based systems security; and reconstitution and recovery of computer-based systems and data.||”|
R&D priority areas for the CSIA agencies range from fundamental investigation of scientific bases for hardware, software, and system security to applied research in security technologies and methods, approaches to cyber defense and attack mitigation, and infrastructure for realistic experiments and testing. Emphases include:
- Foundations: Cybersecurity as a multidisciplinary science;
- Applied and Information Infrastructure Security: Secure platforms and networks, trustworthy environments;
- Situational Awareness and Response: Attack detection, management, and attribution, assured operations in high threat environments, security management; and
- Infrastructure for R&D: Testbeds, ranges, tools, platforms, and repositories.
References[edit | edit source]
- Networking and Information Technology Research and Development Program, Supplement to the President's Budget for Fiscal Year 2011: The Networking and Information Technology Research and Development Program 6 (Feb. 2010) (full-text).
Source[edit | edit source]
- U.S. government program section: Fiscal Year 2009 Report to Congress on Implementation of The Federal Information Security Management Act of 2002, at 27.