Cyber Security: Innovative Technologies for National Security (+$2 million)
Problem/Challenge While both the public and private sectors are working to secure what is inherently an open network, these systems remain vulnerable. According to the Cyber Security Industry Alliance, “Cyber attacks and security breaches cost billions of dollars in direct losses, downtime, stolen identities and intellectual property. Misunderstanding or even neglect of information security can bring huge economic consequences.” Most of today’s cyber security efforts are aimed at determining whether well-known security practices have been applied to particular components of the infrastructure or at identifying known vulnerabilities. Right now, there is no known way to measure the absolute security of a given system. Without the necessary metrics and measurement technologies, we can’t determine the overall effectiveness of our cyber security initiatives. Proposed NIST Program NIST has decades of experience in IT security; specific, statutory assignments in cyber security, most recently under the Cyber Security Research and Development Act of 2002 and the Federal Information Security Management Act of 2002; and strong links to both the private sector and government agencies. For instance, NIST develops cryptographic standards and methods to protect the integrity, confidentiality, and authenticity of information resources, primarily for the federal government. However, they are widely used by the private sector. For example, NIST’s encryption standards are estimated to have saved private industry more than $1 billion—and enable consumers and business to be confident about the security of billions of dollars worth of electronic data transactions daily. NIST also develops services and programs to test, evaluate, and validate security products. Expected Impacts Created: February 6, 2005 |