Posted by: Troy Tate
cybersecurity, economics, education, government, information security, information security awareness, infosec
The Networking and Information Technology Research and Development (NITRD) Program has announced a cybersecurity game-change research and development program. On May 19, 2010, an event was held to begin a focused research effort on three themes to game-change cybersecurity. The 3 hour event was recorded and is available for viewing.
The three game-changing themes presented are:
- Tailored trustworthy spaces -Security tailored to the needs of a particular transaction rather than the other way around.
- Moving target -Systems that move in multiple dimensions to disadvantage the attacker and increase resiliency.
- Cyber economic incentives -A landscape of incentives that reward good cybersecurity and ensure crime doesn’t pay.
The idea of these themes is that what has been done in the past is not really working. Cybersecurity thinking and actions needs to change. The theme of Tailored trustworthy spaces is very much like the proposals I have presented in my blog before about having trusted network connections and strongly managed information flow rules with monitoring and violation detection. The Moving target theme suggests that the targets should be harder for the attacker to reach and compromise. The targets become more costly to attack. The Cyber economics theme proposes that it is important to gain more understanding about data ownership, the market for data, incentives for socially responsible actions and the loss/risks due to attacks. The Cyber economics theme is critical for organizations to be able to make effective cybersecurity decisions to manage risks.
I urge you to take a look at the presentation from the event at a minimum. This research effort seems worth following and hopefully will result in better cybersecurity management strategies and risks understanding. I heard someone say that we can’t stay ahead of the cybercriminals, but we can stay close behind and build better security based on what we do understand. Another way of saying this could be, “Nothing is foolproof to a sufficiently talented fool.”
Will you be participating in this cybersecurity game-changing research? Share your thoughts with me and other ITKE readers. Thanks for reading and let’s continue to be good network citizens!