This Plan was developed by the Cyber Security and Information Assurance Interagency Working Group (CSIA IWG) under the auspices of the National Science and Technology Council. It presents a coordinated interagency framework for addressing critical gaps in current cyber security and information assurance capabilities and technologies.
The Plan focuses on interagency research and development (R&D) priorities and is intended to complement agency-specific prioritization and R&D planning efforts in cyber security and information assurance. The Plan also describes the key Federal role in supporting R&D to strengthen the overall security of the IT infrastructure through development of fundamentally more secure next-generation technologies.
The Plan also serves as a foundational document for the National Critical Infrastructure Protection Research and Development Plan (NCIP R&D Plan), which is required by Homeland Security Presidential Directive 7 (HSPD-7). Developed by the NSTC’s Subcommittee on Infrastructure, this latter plan focuses on R&D needs in support of protecting the U.S.’s critical infrastructures. The CSIA Plan focuses on R&D to help meet IT needs outlined in the NCIP Plan, supporting CSIA elements of key NCIP strategic goals, including a national common operating picture, a secure national communication network, and a resilient, self-healing, self-diagnosing infrastructure.
Contents of the plan
The Plan comprised the following sections:
- Types of vulnerabilities, threats, and risk
- Analysis of recent calls for Federal R&D
- Strategic Federal objectives
- Technical topics in cyber security and information assurance R&D
- Current technical and investment priorities of Federal agencies in cyber security and information assurance R&D
- Results of technical and funding gaps analysis
- Findings and recommendations
- R&D technical topic perspectives, including assessments of the state of the art and key technical challenges
- CSIA IWG agencies’ roles and responsibilities.
The Plan recommended that cyber security and information assurance be accorded high priority at all levels of the Government and be integral to the design, implementation, and use of all components of the IT infrastructure.
The Plan pointed to the need for coordinated Federal R&D to solve the hard technical problems that are barriers to fundamental advances in next-generation cyber security and information assurance technologies; such R&D is typically multidisciplinary, long-term, and high-risk.