Cybersecurity: Think Globally, Act Locally

1
Cybersecurity Think Globally, Act Locally

• Dr. Peter FreemanNSF Assistant Director for CISE
• Educause Net2003April 30, 2003

2
Agenda

• The Problem
• National Initiatives
• NSFs Cyber Trust Initiative
• Current activities
• Plans

3
Assumptions

• Insufficient investment in cybersecurity by
  public and private bodies
• Few top scholars and students in the field
• Approaches to cybersecurity unchanged for decades
• From Congressman Boehlerts speech to ITAA,
  3/27/2003

4
Responses

• A few academic and industrial efforts prior to
  2001
• The National Strategy to Secure Cyberspace
• Cyber Security RD Act of 2002
• NSFs Cyber Trust Initiative

5
Cyber Trust Vision

• A society in which
• People can justifiably rely on computer-based
  systems to perform critical functions
• national scale infrastructures water, power,
  communication, transportation, ...
• localized systems cars, homes, ...
• People can justifiably rely on systems processing
  sensitive information about them to conform to
  public policy
• health, banking, libraries, e-commerce,
  government records
• Without fear of sudden disruption by cyber attacks

6
Background

• NSF has been funding basic research on IT
  security for many years (about 11M in 1999)
• The need became more critical with the rapid
  growth in the use of the Internet
• Vulnerability of these systems was highlighted by
  several disastrous attacks on the Internet and
  e-commerce in 1997-2000
• Trusted systems program announced 9/05/2001

7
National Cybersecurity Needs(aka Cyber Trust)

• Awareness inform the public and decision makers
  general education
• Make the current systems less vulnerable/more
  resilient
• Increase supply of appropriate technical
  personnel
• Provide for stronger future infrastructure
• Change practice

8
NSFs CyberTrust Initiative

• NSFs coordinated effort for research and
  education in
• Security
• Reliability
• Privacy, etc.
• Essentially, all the attributes so that a
  computing, communication, or information system
  can be trusted.

9
Implementation

• Research and education programs established
• Trusted Computing, FY 02
• Data Application Security, FY 03
• Network Security, FY 03
• Embedded and Hybrid Systems (Security of
  computing control hardware), FY 02
• ITR High Confidence Software Systems component
  used for diversified modes of support for
  cybersecurity, FY 03
• Scholarship for Services for traineeship, FY 01

10
Planned Actions

• Meeting of all relevant PIs this summer (Aug
  11-12)
• Adding to research funds
• Increasing dedicated internal resources
• Exploring best means to integrate technical,
  policy, and management efforts (tent. Sept)
• Exploring how to increase the supply of
  cybersecurity personnel (tent. Oct)

11
Conclusions

• Long-term research needed in addition to
  short-term fixes
• Top scholars and students are being increasingly
  attracted to the field
• Campus computing operations can be test-beds and
  early adopters
• Local action by you is essential
• National initiatives can only encourage and show
  the way real progress can only be made locally.

12

• Dr. Peter A. Freeman
• NSF Assistant Director for CISE
• Phone 703-292-8900
• Email pfreeman_at_nsf.gov
• Visit the NSF Web site at
• www.nsf.gov

13
(No Transcript)