Cybersecurity: Think Globally, Act Locally

1. Cybersecurity: Think Globally, Act Locally Dr. Peter FreemanNSF Assistant Director for CISE Educause Net2003April 30, 2003

2. Agenda • The Problem • National Initiatives • NSF’s Cyber Trust Initiative • Current activities • Plans

3. Assumptions • Insufficient investment in cybersecurity by public and private bodies • Few top scholars and students in the field • Approaches to cybersecurity unchanged for decades • From Congressman Boehlert’s speech to ITAA, 3/27/2003

4. Responses • A few academic and industrial efforts prior to 2001 • The National Strategy to Secure Cyberspace • Cyber Security R&D Act of 2002 • NSF’s Cyber Trust Initiative

5. Cyber Trust Vision A society in which: • People can justifiably rely on computer-based systems to perform critical functions • national scale infrastructures: water, power, communication, transportation, ... • localized systems: cars, homes, ... • People can justifiably rely on systems processing sensitive information about them to conform to public policy • health, banking, libraries, e-commerce, government records Without fear of sudden disruption by cyber attacks

6. Background • NSF has been funding basic research on IT security for many years (about $11M in 1999) • The need became more critical with the rapid growth in the use of the Internet • Vulnerability of these systems was highlighted by several disastrous attacks on the Internet and e-commerce in 1997-2000 • Trusted systems program announced 9/05/2001

7. National Cybersecurity Needs(aka Cyber Trust) • Awareness: inform the public and decision makers; general education • Make the current systems less vulnerable/more resilient • Increase supply of appropriate technical personnel • Provide for stronger future infrastructure • Change practice

8. NSF’s CyberTrust Initiative • NSF’s coordinated effort for research and education in • Security • Reliability • Privacy, etc. • Essentially, all the attributes so that a computing, communication, or information system can be trusted.

9. Implementation • Research and education programs established: • Trusted Computing, FY ‘02 • Data & Application Security, FY ‘03 • Network Security, FY ‘03 • Embedded and Hybrid Systems (Security of computing & control hardware), FY ‘02 • ITR High Confidence Software & Systems component used for diversified modes of support for cybersecurity, FY ‘03 • “Scholarship for Services” for traineeship, FY 01

10. Planned Actions • Meeting of all relevant PI’s this summer (Aug 11-12) • Adding to research funds • Increasing dedicated internal resources • Exploring best means to integrate technical, policy, and management efforts (tent. Sept) • Exploring how to increase the supply of cybersecurity personnel (tent. Oct)

11. Conclusions • Long-term research needed in addition to short-term fixes • Top scholars and students are being increasingly attracted to the field • Campus computing operations can be test-beds and early adopters • Local action by you is essential National initiatives can only encourage and show the way; real progress can only be made locally.

12. Dr. Peter A. Freeman NSF Assistant Director for CISE Phone: 703-292-8900 Email: pfreeman@nsf.gov Visit the NSF Web site at: www.nsf.gov