This page shows textual changes in the document between the two versions indicated in the dates above. Textual matter removed in the later version is indicated with red strikethrough and textual matter added in the later version is indicated with blue.
Much is written on the topics of current gaps in the education and training of a cybersecurity workforce and the need for technology research and development (R&D) to solve cybersecurity technical issues. This CRS report directs the reader to authoritative sources that address these issues. The annotated descriptions of these sources are listed in reverse chronological order, with an emphasis on material published in the past several years. This report also includes resources and studies from government agencies (federal, state, local, and international), think tanks, academic institutions, news organizations, and other sources.
Table 1 provides education and training resources, including scholarships, internships, the cybersecurity workforce, and the National Cybersecurity Centers of Excellence (NCCoE).
Table 2 provides R&D resources, including the Defense Advanced Research Project Agency (DARPA), National Science Foundation (NSF), Department of Defense (DOD), and private industry R&D programs and funding.
The following CRS reports comprise a series that compiles authoritative reports and resources on these cybersecurity topics:
For access to additional CRS reports and other resources, see the Science & Technology: Science for Security and Homeland Security & Immigration: Cybersecurity Issue Pages at http://www.crs.gov.
Much is written on the topics of current gaps in the education and training of a cybersecurity workforce and the need for technology research and development (R&D) to solve cybersecurity technical issues. This CRS report directs the reader to authoritative sources that address many of these prominent issues. The annotated descriptions of these sources are listed in reverse chronological order, with an emphasis on material published in the past several years. It includes resources and studies from government agencies (federal, state, local, and international), think tanks, academic institutions, news organizations, and other sources related to
Table 1. Education and Training
(includes scholarships, internships, cybersecurity workforce, and the National Cybersecurity Center of Excellence [NCCoE])
|
Title |
Source |
Date |
Notes |
|||||||||||||||
|
U.S. Cyber Challenge (USCC) |
Center for Internet Security |
Continuously Updated |
USCC's goal is to find 10,000 of America's best and brightest people to fill the ranks of cybersecurity professionals where their skills can be of the greatest value to the nation. |
|||||||||||||||
|
Department of Defense (DOD) |
Continuously Updated |
The Information Assurance Scholarship Program is designed to increase the number of qualified personnel entering the information assurance and information technology fields within the department. The scholarships also are an attempt to effectively retain military and civilian cybersecurity and IT personnel. |
||||||||||||||||
|
National Initiative for Cybersecurity Careers and Studies (NICCS) |
Department of Homeland Security (DHS) |
Continuously Updated |
NICCS is an online resource for cybersecurity career, education, and training information. It is a partnership between DHS, the National Institute of Standards and Technology (NIST), the Office of the Director of National Intelligence (ODIN), DOD, the Department of Education (ED), the National Science Foundation (NSF), and the Office of Personnel Management (OPM). |
|||||||||||||||
|
DHS |
Continuously Updated |
The DETER testbed is used to test and evaluate cybersecurity technologies of more than 200 organizations from more than 20 states and 17 countries, including DHS-funded researchers, the larger cybersecurity research community, government, industry, academia, and educational users. |
||||||||||||||||
|
DHS Secretary's Honors Program: Cyber Student Volunteer Initiative |
DHS |
Continuously Updated |
The Initiative is for current college students pursuing a program of study in a cybersecurity-related field. Selected students learn about the DHS cybersecurity mission, complete hands-on cybersecurity work, and build technical experience in key areas, such as digital forensics, network diagnostics, and incident response. |
|||||||||||||||
|
National Centers of Academic Excellence (CAE) in Information Assurance (IA)/Cyber Defense (CD) |
DHS and National Security Agency (NSA) |
Continuously Updated |
These programs promote higher education and research in IA and increasing the number of professionals with IA expertise in various disciplines. Postsecondary institutions may receive a CAE/IAE or CAE-R designation that is valid for five academic years. A school must successfully reapply to retain its CAE designation. Students attending these designated schools are eligible to apply for scholarships and grants through the DOD's Information Assurance Scholarship Program (IASP) and the Scholarship for Service (SFS) program. |
|||||||||||||||
|
George Washington University |
Continuously Updated |
The initiative focuses Interdisciplinary approaches to cybersecurity education, active defense, intellectual property and trade secrets, and workforce development. |
||||||||||||||||
|
Michigan Cyber Range (MCR) |
Merit Networks |
Continuously Updated |
MCR enables individuals and organizations to develop detection and reaction skills through simulations and exercises. This is a partnership between the state of Michigan, Merit Network, federal and local governments, colleges and universities, and the private sector. |
|||||||||||||||
|
National Integrated Cyber Education Research Center (NICERC) |
Continuously Updated |
One of the organization's objectives is to develop the nation's cyber workforce through the creation and enhancement of STEM and cyber educational opportunities for teachers and students. |
||||||||||||||||
|
National Institute of Standards and Technology (NIST) |
Continuously Updated |
CyberSeek is an interactive online tool designed to make it easier for cybersecurity job seekers to find openings and employers to identify skilled workers. It focuses on cybersecurity education, training, and workforce development. The tool fills in knowledge gaps so |
||||||||||||||||
|
NIST |
Continuously Updated |
NICE is an ongoing program to teach Americans sound cybersecurity practices. The program's goals are to enhance the security of the country, improve computer security in the workplace and at home, and prepare future employees in the cybersecurity workforce. |
||||||||||||||||
|
National Science Foundation (NSF) |
Continuously Updated |
Provides funds to institutions of higher education (IHE) through two tracks: |
||||||||||||||||
|
Campus Cyberinfrastructure - Data, Networking, and Innovation Program (CC*DNI) |
NSF |
Continuously Updated |
CC*DNI invests in campus-level data and networking infrastructure and integration activities tied to achieving higher levels of performance, reliability and predictability for science applications, and distributed research projects. |
|||||||||||||||
|
National Security Agency (NSA) |
Continuously Updated |
Information on internships, fellowships, co-op programs, scholarships, and high school programs for high school, undergraduate, and graduate students. |
||||||||||||||||
|
NSA/NSF |
Continuously Updated |
The program sponsors summer camps across the nation designed for elementary, middle, and high school students and teachers that focus on engaging the learners with sound cybersecurity principles and teaching techniques. |
||||||||||||||||
|
Office of Personnel Management |
Continuously Updated |
The website is aimed at reaching federal managers, current employees, job seekers, and academic organizations and students. The site is designed as a one-stop shop to better educate those audiences about new federal cyber opportunities and provide resources to help them develop their careers in the field. |
||||||||||||||||
|
SANS Cyber Talent Academies (Vet Success and Women's Immersion) |
SANS Institute |
Continuously Updated |
The SANS VetSuccess Academy provides U.S. military veterans with advanced technical training, industry-recognized certifications, and connections to high-paying jobs and rewarding careers in cybersecurity. The Women's Immersion Academy is an intensive, accelerated program designed for completion in six to eight months, depending upon program selected. The program is at no cost to the selected women who attend and includes training and certification. The academy is 100% scholarship-based, and includes two to three SANS training courses taught by expert faculty as well as the associated GIAC certifications. |
|||||||||||||||
|
Symantec |
Continuously Updated |
The program provides underserved young adults and veterans with targeted education, training, and certifications that position them to fill in-demand cybersecurity jobs and enter long-term careers. SC3 provides a mix of classroom and hands-on education, followed by on-the-job experience at cybersecurity internships with some of America's leading employers. |
||||||||||||||||
|
U.S. Air Force |
Continuously Updated |
There are three main programs within CyberPatriot: the National Youth Cyber Defense Competition, Air Force Association (AFA) CyberCamps, and the Elementary School Cyber Education Initiative. CyberPatriot was conceived by the AFA to inspire students toward careers in cybersecurity or other science, technology, engineering, and mathematics (STEM) disciplines. |
||||||||||||||||
|
Safe Online Surfing Internet Challenge: Free Cyber Safety Program Redesigned for New School Year FBI September 12, 2017 The FBI's Safe Online Surfing (SOS) Internet Challenge—a free, educational program for children that teaches cyber safety—has been redesigned for the 2017-2018 school year, with new graphics and updated content. The new SOS program, created for students in third through eighth grades, covers age-appropriate topics, such as cyberbullying, passwords, malware, social media, and more. The program also provides teachers with a curriculum that meets state and federal Internet safety mandates. National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework NIST August 2017 Updated version of workforce framework. Veterans, vocational schools and loan forgiveness could all be key to building tomorrow's cybersecurity workforce. NIST July 12, 2017 NIST is seeking information on the scope and sufficiency of efforts to educate and train the Nation's cybersecurity workforce and recommendations for ways to support and improve that workforce in both the public and private sectors. (3 pages) SANS Institute May 2017 The report provides a methodology for ranking employers on their success in recruiting and retaining a critical mass of cyber ninjas, names leaders in that ranking among federal IT contractors, and adds substance to the CSIS findings by naming two of the best places to work and by publishing interviews with ninjas who work for those leading employers. |
GAO |
April 4, 2017 |
The statement discusses challenges agencies face in ensuring an effective cybersecurity workforce, recent initiatives aimed at improving the federal cyber workforce, and ongoing activities that could assist in recruiting and retaining cybersecurity professionals. GAO relied on published work related to federal cybersecurity workforce efforts, and information reported by other federal and |
|||||||||||||||
|
Information Technology and the U.S. Workforce: Where Are We and Where Do We Go from Here? |
National Academies Press |
March 2017 |
The book explores the interactions between technological, economic, and societal trends and identifies possible near-term developments for work. It emphasizes the need to understand and track these trends and develop strategies to inform, prepare for, and respond to changes in the labor market. It offers evaluations of what is known, notes open questions to be addressed, and identifies promising research pathways moving forward. (198 pages) |
|||||||||||||||
|
OPM |
January 4, 2017 |
OPM revised standard data codes for information technology and cyber-related positions. New guidance recognizes nine categories and 31 specialty areas of cyber functions. Using these codes will help agencies better understand their work requirements and skills and compare them to the private sector and academia. |
||||||||||||||||
|
Compensation Flexibilities to Recruit and Retain Cybersecurity Professionals |
OPM |
November 29, 2016 |
The guidance outlines the special rates under the General Schedule that can be paid to IT management and computer professionals and other incentive tools. For example, agency leaders can offer up to 25% of annual pay bonus for retaining an employee and 10% for a group of employees. There are also relocation incentives and student loan repayment up to $60,000. (25 pages) |
|||||||||||||||
|
NIST |
November 2016 |
The publication serves as a fundamental reference to describe how the NCWF provides organizations with a common, consistent lexicon to categorize and describe cybersecurity work. It describes a superset of cybersecurity tasks for each work role and the Knowledge, Skills, and Abilities (KSAs) demonstrated by a person whose cybersecurity position includes each work role. (130 pages) |
||||||||||||||||
|
NIST |
September 21, 2016 |
Five nonprofits have been awarded NIST grants totaling nearly $1 million for projects supporting cybersecurity education, training, and workforce development. The Regional Alliances and Multistakeholder Partnerships to Stimulate Cybersecurity and Workforce Development projects will run for 15 months and will support students and marketplace stimulation, aligning them with the National Cybersecurity Workforce Framework's sets of tasks and KSAs that define cybersecurity work. |
||||||||||||||||
|
White House |
July 12, 2016 |
The strategy establishes four key initiatives: (1) Expand the Cybersecurity Workforce through Education and Training, (2) Recruit the Nation's Best Cyber Talent for Federal Service, (3) Retain and Develop Highly Skilled Talent, and (4) Identify Cybersecurity Workforce Needs. |
||||||||||||||||
|
Regional Alliances and Multistakeholder Partnerships to Stimulate (RAMPS) |
NIST |
May 11, 2016 |
NIST is providing assistance to establish Regional Alliances and Multistakeholder Partnerships to Stimulate (RAMPS) Cybersecurity Education and Workforce Development. Effective multistakeholder workforce partnerships focus on organizing multiple employers with skill shortages in specific occupations to focus on developing the skilled workforce to meet industry needs within the local or regional economy. |
|||||||||||||||
|
OPM |
April 15, 2016 |
OPM tasked chief human capital officers with identifying specific skills gaps in their agencies. The memo calls on agencies to develop 4-year and 10-year plans for closing gaps in those areas. (1 page) |
||||||||||||||||
|
White House |
January 30, 2016 |
Provides $4 billion in funding for states, and $100 million directly for districts in the President's budget to increase access to K-12 Computer Science by training teachers, expanding access to high-quality instructional materials, and building effective regional partnerships. |
||||||||||||||||
|
Guidance on Recruitment, Relocation and Retention (3R) Incentives |
OPM |
January 15, 2016 |
OPM has enhanced the ability of federal human resources managers to use recruitment, relocation and retention (3R) incentives to attract or hang onto cybersecurity workers. (1 page) |
|||||||||||||||
|
National Institute for Cybersecurity Education (NICE) |
October 27, 2015 |
NIST will fund a project developing a visualization tool that will show the demand for and availability of cybersecurity jobs across the U.S. CompTIA, a nonprofit information technology trade association, in partnership with job market research and analytics company Burning Glass Technologies, received a three-year grant to create a "heat map" visualizing the need for and the supply of cybersecurity professionals across the country. |
||||||||||||||||
|
Increasing the Effectiveness of the Federal Role in Cybersecurity Education |
National Academy of Public Administration |
October 2015 |
The study examines two of the nation's leading cybersecurity education programs—the National Centers for Academic Excellence in Information Assurance/Cyber Defense (CAE) program and the CyberCorps: Scholarship for Service (SFS) program. The report covers various aspects of these programs, including funding, performance indicators, curriculum, and designation standards. The report recommends more closely involving the Defense Department, expanding the programs to encompass the entire public sector, incorporating more hands-on elements in the training, and improving metrics to track the programs. (52 pages) |
|||||||||||||||
|
White House |
March 9, 2015 |
Under TechHire, 21 regions, with over 120,000 open technology jobs and more than 300 employer partners in need of this workforce, are announcing plans to work together to new ways to recruit and place applicants based on their actual skills and to create more fast track tech training opportunities. |
||||||||||||||||
|
U.S. Department of Energy to Offer $25M Grant for Cybersecurity |
White House |
January 15, 2015 |
Vice President Joe Biden and Energy Secretary Ernest Moniz announced a $25 million DOE grant over five years for cybersecurity education. The grant program will establish a Cybersecurity Workforce Pipeline Consortium within the DOE with funding from its Minority Serving Institutions Partnerships Program under its National Nuclear Security Administration. The participants are historically black colleges and universities, national labs, and K-12 school districts. |
|||||||||||||||
|
VetSuccess: Scholarships and Jobs for Veterans in Cybersecurity |
SANS Institute and Center for Strategic & International Studies (CSIS) |
December 11, 2014 |
VetSuccess will provide scholarships to 12 Air Force veterans to receive training and certifications in network intrusion detection, incident handling, and cybersecurity foundations. Scholarship recipients will also be matched with highly sought-after jobs in cybersecurity. |
|||||||||||||||
|
Training for High-Growth Information Technology and Cybersecurity Jobs |
Department of Labor (DOL) |
September 29, 2014 |
The Trade Adjustment Assistance Community College and Career Training (TAACCCT) competitive grant program funded $450 million in job-driven training grants to nearly 270 community colleges across the country. The program is co-administered by the DOL and ED. |
|||||||||||||||
|
(ISC)2 Foundation and Booz Allen Hamilton |
June 21, 2013 |
The (ISC)2 Foundation and Booz Allen Hamilton announced the launch of the U.S.A. Cyber Warrior Scholarship program, which will provide scholarships to veterans to obtain specialized certifications in the cybersecurity field. The scholarships are intended to cover all of the expenses associated with certification, such as training, textbooks, mobile study materials, certification testing, and the first year of certification maintenance fees. |
Source: Highlights compiled by the Congressional Research Service (CRS) from the sources.
Notes: Listed in alphabetical order by source. Page counts are for documents, other cited resources are web pages.
Table 2. Research and Development (R&D)
(includes DARPA, NSF, DOD, and private industry R&D programs and funding)
|
Title |
Source |
Date |
Notes |
|||
|
CERT Software Engineering Institute (Carnegie Mellon) |
Continuously Updated |
Current tools and processes are inadequate for responding to increasingly sophisticated attackers and cybercrimes. To address this problem, the Digital Intelligence and Investigation Directorate (DIID) conducts research and develops technologies, capabilities, and practices that organizations can use to develop incident response capabilities and facilitate forensics investigations. DIID team members also develop advanced tools and techniques to address gaps that are not covered by existing resources. |
||||
|
Cyber Independent Testing Laboratory (CITL) |
Continuously Updated |
CITL has developed ways to score and compare the security of software products, such as web browsers and operating systems. |
||||
|
Defense Advanced Research Projects Agency (DARPA) |
Continuously Updated |
The Transparent Computing (TC) program aims to develop basic technologies that are separable and usable in isolation (e.g., within a given software layer or application environment, such as web middleware) while exploring the best way to integrate multiple TC technologies in an experimental prototype. |
||||
|
DARPA |
Continuously Updated |
Seeks to address active authentication by developing novel ways of validating the identity of the person at the console that focus on the unique aspects of the individual through the use of software based biometrics. |
||||
|
DARPA |
Continuously Updated |
Cyber Grand Challenge (CGC) is a contest to build high-performance computers capable of playing in a Capture-the-Flag style cybersecurity competition. During all competition events, fully automated systems will compete with no human involvement. The final competition event will be visualized, narrated, and streamed worldwide. CGC is open at no cost to teams around the world, and the top prize at the final competition event will be $2M. |
||||
|
Rapid Attack Detection, Isolation and Characterization Systems (RADICS) |
DARPA and BAE Systems |
Continuously Updated |
RADICS are testing technologies that can detect and respond to cyberattacks on U.S. critical infrastructure, especially those parts critical to the Defense Department. The goal of the protective technology is to detect and disconnect unauthorized internal and external users from local networks within minutes and create a robust, hybrid network of data links secured by multiple layers of encryption and user authentication. |
|||
|
Fortinet and Palo Alto Networks |
Continuously Updated |
The consortium seeks to share intelligence on threats across large security vendors and aid a coordinated response to incidents. No customer data is shared, only malware samples. The two companies also extend an open invitation to other security firms to join them, provided these firms can share at least 1,000 samples of new malware executables daily. |
||||
|
Institute of Electrical and Electronics Engineers (IEEE) Cyber Security |
Continuously Updated |
The Center for Secure Design aims to shift some of the focus in security from finding bugs to identifying common design flaws in the hope that software architects can learn from others' mistakes. |
||||
|
National Security Agency (NSA) |
Continuously Updated |
The competition is for scientific papers that show an outstanding contribution to cybersecurity science. The competition was created to stimulate research toward the development of systems that are resilient to cyberattacks. Entries are judged on scientific merit, the strength and significance of the work reported, and the degree to which the paper exemplifies how to perform and report scientific research in cybersecurity. |
||||
|
National Institute of Standards and Technology (NIST) |
Continuously Updated |
The NCCoE is a new public-private collaboration to bring together experts from industry, government, and academia to design, implement, test, and demonstrate integrated cybersecurity solutions and promote their widespread adoption. |
||||
|
SAIC |
Continuously Updated |
SAIC helps bolster the design of cyber-risk management programs that identify and neutralize cyberattacks and will assist in performing certification and accreditation testing of information technology systems. |
||||
|
UL Cybersecurity Assurance Program Underwriters Laboratory Continuously Updated UL CAP uses the new UL 2900 series of standards to offer testable cybersecurity criteria for network-connectable products and systems to assess software vulnerabilities and weaknesses, minimize exploitation, address known malware, review security controls and increase security awareness. |
MIT's Internet Policy Research Initiative (IPRI) |
May 19, 2017 |
IPRI has awarded $1.5 million to a select group of principal investigators for early-stage Internet policy and cybersecurity research projects. The seed fund grants cover five interdisciplinary projects, with lead researchers from across campus including the MIT Sloan School of Management, the Department of Urban Studies and Planning (DUSP), and CSAIL. |
|||
|
DHS S&T transition to practice program announces 2017 cohort |
Science and Technology Directorate's (S&T) Transition to Practice (TTP) program |
May 11, 2017 |
Eight new cybersecurity technologies developed by researchers at federally funded laboratories and academic research centers are ready for the commercial market. |
|||
|
Foundational Cybersecurity Research: Improving Science, Engineering and Research (prepublication copy) |
National Academy of Sciences |
May 2017 |
The report focuses on foundational research strategies for organizing people, technologies, and governance. These strategies seek to ensure the sustained support needed to create an agile, effective research community, with collaborative links across disciplines and between research and practice. This report is aimed primarily at the cybersecurity research community, but takes a broad view that efforts to improve foundational cybersecurity research will need to include many disciplines working together to achieve common goals. |
|||
|
DARPA |
April 10, 2017 |
DARPA's new System Security Integrated Through Hardware and Firmware (SSITH) program seeks to address the seven classes of hardware vulnerabilities listed in the Common Weakness Enumeration (http://cwe.mitre.org), a crowd-sourced compendium of security issues that is familiar to the information technology security community. In cyberjargon, these classes are permissions and privileges, buffer errors, resource management, information leakage, numeric errors, crypto errors, and code injection. Researchers have documented some 2800 software breaches that have taken advantage of one or more of these hardware vulnerabilities, all seven of which are variously present to in the integrated microcircuitry of electronic systems around the world. According to research, "Remove those hardware weaknesses, and you would effectively close down more than 40% of the software doors intruders now have available to them." |
||||
|
Consumer Reports to Begin Evaluating Products, Services for Privacy and Data Security |
Consumer Reports |
March 8, 2017 |
Consumer Reports is launching the first phase of a collaborative effort to create a new standard that safeguards consumers' security and privacy—and hopes industry will use that standard when building and designing digital products such as connected devices, software, and mobile apps. The goal is to help consumers understand which digital products do the most to protect their privacy and security and give them the most control over their personal data. The standard can also eventually be used by CR and others in developing test protocols to evaluate and rate products—which will help consumers make more informed purchasing decisions. |
|||
|
DHS Science and Technology, Homeland Security Advanced Research Projects Agency's Cyber Security Division (CSD) |
February 16, 2017 |
The project is spearheading a three-pronged approach to shift the advantage to network infrastructure defenders. The project's two primary focuses are on (1) increasing deployment of best practices to slow attack scale growth and (2) defending networks against a one Tbps attack through development of collaboration tools that can be used by medium-size organizations. A third project focus addresses other types of denial of service attacks, such as attacks against 911 and Next Generation 911 emergency management systems. |
||||
|
CyLab researchers create network traffic visualization tool to help thwart cyber attacks |
Carnegie Mellon |
November 7, 2016 |
Researchers have created a tool that allows visualization of network traffic to more easily identify key changes and patterns. The researchers have used this tool to inspect network traffic during distributed denial-of-service (DDoS) attacks and map out the structure of malware distribution networks. |
|||
|
Princeton University Engineering School |
October 27, 2016 |
A new technique hopes to detect malicious websites as early as when the domains are registered. |
||||
|
George Mason University |
March 22, 2016 |
Researchers propose a "moving-target" defense against DDoS attacks. The defense works by repeatedly shuffling client-to-server assignments to identify and eventually quarantine malicious clients. |
||||
|
Rapid Attack Detection, Isolation and Characterization (RADICS) Proposers Day |
DARPA |
November 24, 2015 |
DARPA is interested in technology that can detect network anomalies signaling a threat or attack, map out industrial control systems and analyze system protocols—especially for threats directed at the power grid and related systems. In general, DARPA is seeking an "automation revolution in computer security" so that machines can discover and fix software vulnerabilities within seconds, "instead of waiting up to a year under the current human-centric system." |
|||
|
NSF Awards $74.5 Million to Support Interdisciplinary Cybersecurity Research |
National Science Foundation (NSF) |
October 7, 2015 |
The NSF awarded $74.5 million in research grants through the NSF Secure and Trustworthy Cyberspace (SaTC) program. In total, the SaTC investments include a portfolio of 257 new projects to researchers in 37 states. The largest, multi-institutional awards include research to better understand and offer reliability to new forms of digital currency known as cryptocurrencies, which use encryption for security; invent new technology to broadly scan large swaths of the Internet and automate the detection and patching of vulnerabilities; and establish the "science of censorship resistance" by developing accurate models of the capabilities of censors. |
|||
|
DARPA |
September 25, 2015 |
DARPA is soliciting innovative research proposals in the area of enhanced cyber defense through analysis of involuntary analog emissions. Proposed research should investigate innovative approaches that enable evolutionary advances in science, devices, or systems. Specifically excluded is research that primarily results in evolutionary improvements to the existing state of practice. |
||||
|
International Symposium on Foundations of Open Source Intelligence and Security Informatics |
August 19, 2016 |
Describes CyberTwitter, a system to discover and analyze cybersecurity intelligence on Twitter and serve as a OSINT (Open–source intelligence) source. Researchers analyze real time information updates, in form of tweets, to extract intelligence about various possible threats. (8 pages) |
||||
|
Monitoring Side-Channel Signals Could Detect Malicious Software on IoT Devices |
Georgia Tech Research Horizons |
August 2016 |
A $9.4 million grant from DARPA could lead to development of a new technique for wirelessly monitoring Internet of Things (IoT) devices for malicious software—without affecting the operation of the ubiquitous but low-power equipment. The technique will rely on receiving and analyzing side-channel signals, electromagnetic emissions that are produced unintentionally by the electronic devices as they execute programs. |
|||
|
DISA Secures $9.7 million from DOD Rapid Innovation Fund Program |
Defense Information Systems Agency |
July 26, 2016 |
DISA's Rapid Innovation Fund is pursuing "mature prototypes" of cybersecurity technologies that could be operationalized within two years. |
|||
|
George Mason University |
March 22, 2016 |
Researchers propose a "moving-target" defense against DDoS attacks. The defense works by repeatedly shuffling client-to-server assignments to identify and eventually quarantine malicious clients. |
||||
|
Federal Cybersecurity R&D Strategic Plan: Request for Information |
NSF |
April 27, 2015 |
In response to the Cybersecurity Enhancement Act of 2014 (P.L. 113-274), federal agencies are developing a cybersecurity research and development strategic plan. On behalf of the agencies, the Cyber Security and Information Assurance Research and Development Senior Steering Group seek public input on research objectives for the plan. The strategic plan is intended to be used to guide and coordinate federally funded cybersecurity research. (1 page) |
|||
|
Department of Homeland Security (DHS) Science and Technology Directorate |
December 5, 2014 |
DHS announced it would continue funding technology company Kryptowire so the company could further pursue private-sector clients. Kryptowire sells software that identifies security vulnerabilities in mobile applications and archives the results. (1 page) |
||||
|
Hewlett Foundation |
November 18, 2014 |
The new programs, established with $45 million in grants from the Hewlett Foundation ($15 million to each school), are supported through the foundation's Cyber Initiative. The foundation has now committed $65 million over the next five years to strengthening the nascent field of cybersecurity, the largest such commitment to date by a private donor. |
||||
|
Sandia cyber-testing contributes to DHS Transition to Practice |
DHS and Sandia National Laboratories |
September 10, 2014 |
The Transition to Practice (TTP) program helps move federally funded cybersecurity technologies into broader use. The goal is to generate interest, initiate conversations, and build relationships and business partnerships that put important cyber technologies, including some developed at Sandia, into practice. |
|||
|
Louisiana Tech University Ruston |
August 2014 |
The CRL consists of several unique facilities that include virtualization, visualization, networking, micro-aerial vehicle and sensor networks, and field programmable gate array (FPGA) laboratories. (6 pages) |
||||
|
Big Data and Innovation, Setting The Record Straight: De-identification Does Work |
Information Technology and Innovation Foundation and the Information and Privacy Commissioner, Ontario, Canada |
June 16, 2014 |
The paper examines a select group of articles that are often referenced in support of the idea that de-identified data sets are at risk of re-identifying individuals through linkages with other available data. It examines the ways in which the academic research referenced has been misconstrued and finds that the primary reason for the popularity of these misconceptions is not factual inaccuracies or errors within the literature but rather a tendency on the part of commentators to overstate or exaggerate the risk of re-identification. Although the research does raise important issues concerning the use of proper de-identification techniques, it does not suggest that de-identification should be abandoned. (13 pages) |
|||
|
Cloud Security Alliance |
December 1, 2013 |
The document explains the software defined perimeter (SDP) security framework and how it can be deployed to protect application infrastructure from network-based attacks. The SDP incorporates security standards and security concepts from organizations such as NIST and DOD into an integrated framework. (13 pages) |
||||
|
Resilience Metrics for Cyber Systems (Free registration required to download.) |
Seager, Thomas (Arizona State University) |
November 2013 |
Despite their national and international importance, resilience metrics to inform management decisions are still in the early stages of development. The resilience matrix framework developed by Linkov et al. is applied to develop and organize effective resilience metrics for cyber systems. These metrics link national policy goals to specific system measures such that resource allocation decisions can be translated into actionable interventions and investments. The paper proposes a generic approach and could integrate actual data, technical judgment, and literature-based measures to assess system resilience across physical, information, cognitive, and social domains. (6 pages) |
|||
|
Defence Science And Technology Organisation Edinburgh (Australia), Cyber And Electronic Warfare Division |
October 2013 |
The document reviews the state-of-the-art cyber range implementations and related computer network operations testbeds. It summarizes recently published examples and describes their purpose and functionality. The compiled information should assist organizations in making an informed decision when considering a cyber-range capability. (38 pages) |
||||
|
Center for Strategic and International Studies |
November 2012 |
The top 20 security controls were agreed upon by a consortium. Members of the consortium include NSA, the U.S. Computer Emergency Readiness Team, DOD's Joint Task Force-Global Network Operations, the Department of Energy Nuclear Laboratories, Department of State, DOD Cyber Crime Center, and commercial forensics experts in the banking and critical infrastructure communities. (89 pages) |
||||
|
NSF |
January 17, 2012 |
The NSF is funding research on giving organizations information-security risk ratings, similar to credit ratings for individuals. |
||||
|
DARPA |
November 9, 2011 |
The report describes a system for preventing leaks by seeding believable disinformation in military information systems to help identify individuals attempting to access and disseminate classified information. (74 pages) |
||||
|
NSF |
August 5, 2011 |
The Team for Research in Ubiquitous Secure Technology (TRUST) is a university and industry consortium that examines cybersecurity issues related to health care, national infrastructures, law, and other issues facing the general public. |
Source: Highlights compiled by CRS from the sources.
Notes: Listed in alphabetical order by source. Page counts are for documents, other cited resources are web pages.