Skip to main content

This website is no longer being updated. Visit Dartmouth Now for all news published after June 7, 2010.

Dartmouth News
>  News Releases >   2003 >   February

'I3P' issues 2003 cyber-security agenda

Posted 02/05/03

Consortium identifies national research and development gaps

The 2003 cyber security research and development Agenda identifies the following R&D gaps:

  • Enterprise security management. Security solutions today may be good point solutions, but do not easily integrate to provide blanket protection, especially to new threats and architectures. Research on managing enterprise-wide policies (particularly as security boundaries dissolve), defining and maintaining a targeted risk posture, and addressing specific concerns (such as insider threat) is needed.
  • Trust among distributed autonomous parties. Increasingly, transaction participants (organizations or systems) must establish relationships dynamically without recourse to a centralized or predetermined authority. Research in new trust models to address dynamic ad hoc relationships and the rapid proliferation of participants (sensors, phones, etc.), is needed.
  • Discovery and analysis of security properties and vulnerabilities. Systems being developed and deployed today are rife with vulnerabilities and poorly understood security properties that are undermining our infrastructure security. Tools and techniques are required that can analyze code, devices and systems in complex, dynamic large-scale environments to highlight vulnerabilities.
  • Secure system and network response and recovery. Response and recovery from attacks are hindered by the complexity, diffuse control and heterogeneity of large infrastructures. Research into prediction and pre-incident detection is required. Also, holistic approaches to infrastructure recovery and reconstitution, including models for automatic response and tradeoff analyses, are needed.
  • Traceback, identification and forensics. During and following an attack, organizations (such as infrastructure owners, law enforcement, military services) must have prompt and reliable information regarding the attack to determine an appropriate response. Research to reliably determine attack sources and methods are needed, as are techniques for identifying individuals or groups originating the attack.
  • Wireless security. Existing wireless technologies are vulnerable, not only to attacks analogous to those in the wired world, but to novel techniques. Research is required to develop the basic science of wireless security and to ensure security is a fundamental component of wireless networks.
  • Metrics and models. Government and industry leaders need to be convinced to invest in security, and they require a rational and defensible basis for making security decisions. A range of tools (models, metrics and simulations) that express the cost, benefits and impacts of choices across economic, organizational, technical and risk considerations are required. Such tools must be augmented by scientifically meaningful data about current risks, practices and impacts.
  • Law, policy and economics. A robust environment for industry requires that the framework of economic factors, laws, regulations and government policy in which the information infrastructure exists be properly and crisply defined, and incentives for cyber security to be understood and implemented. A developed understanding of the forces that shape information infrastructure protection must be leveraged to analyze and assess the potential impacts of any proposed voluntary and mandated policies.

Back to 'I3P' issues 2003 cyber-security agenda

Dartmouth has television (satellite uplink) and radio (ISDN) studios available for domestic and international live and taped interviews. For more information, call 603-646-3661 or see our Radio, Television capability webpage.

Recent Headlines from Dartmouth News: