A new report prepared by an academic institute at Dartmouth College suggests four broad research and development (R&D) priorities for cyber security in the coming years and says that attacks on information technology (IT) systems are becoming more subtle.
The R&D priorities center on continuing to develop a more coordinated and collaborative approach to cyber security, the need for security metrics in the development of new security systems and existing ones, the creation of a domestic and international legal policy framework that encourages innovation rather than imposes prescriptive regulations, and the development of a security culture that incorporates insights into human behavior such as easy to use systems and education campaigns. The report was prepared by the Institute for Information Infrastructure Protection and released by Sens. Joseph Lieberman (I/D-Conn.) and Susan Collins (R-Maine), the chairman and ranking member respectively of the Homeland Security and Governmental Affairs Committee.
Collins pointed to the fact that the report was developed through a partnership of academic experts, government officials, and private sector representatives. Given that most of the IT infrastructure in the United States is privately owned and managed, a similar collaboration is “essential to provide effective cyber security for the federal government and the entire nation,” she said in a statement yesterday.
The report, entitled National Cyber Security: Research and Development Challenges Related to Economics, Physical Infrastructure and Human Behavior, says companies are spending a lot of time “blocking” cyber attacks to the point that the senior management of a company doesn’t know that the attacks are even happening.
“The nation is increasingly at risk due to this invisibility and silence,” the report says. People that participated in the data collecting for the report “agreed that economic losses related to IT attacks are reaching a magnitude that could affect U.S. economic security,” it says.