Request for Information on Update to the 2016 Federal Cybersecurity Research and Development Strategic Plan; NSF Cites Education and Workforce Development within Line of Inquiry; Comments Due by January 15, 2019
Pursuant to the Cybersecurity Enhancement Act of 2014, Federal agencies must update the Federal cybersecurity research and development (R&D) strategic plan every four years. The National Science Foundation seeks public input for the 2019 update of the Federal cybersecurity R&D strategic plan. The updated plan will be used to guide and coordinate federally funded research in cybersecurity, including cybersecurity education and workforce development, and the development of consensus-based standards and best practices in cybersecurity.
The Cybersecurity Enhancement Act of 2014 (https://www.gpo.gov/fdsys/pkg/PLAW-113publ274/pdf/PLAW-113publ274.pdf) requires that every four years the applicable Federal agencies, working through the National Science and Technology Council and the Networking and Information Technology R&D (NITRD) program, develop and update a Federal cybersecurity research and development strategic plan.
The most recent version of the strategic plan was released in February 2016 (https://www.nitrd.gov/pubs/2016-Federal-Cybersecurity-Research-and-DevelopmentStrategic-Plan.pdf). This strategic plan identifies four categories of defensive capabilities (deter, protect, detect, adapt) and six critical dependent areas (scientific foundations, risk management, human aspects, transition to practice, workforce development, and infrastructure for research) as the structure for focusing and coordinating Federal cybersecurity R&D activities. The quadrennial strategic plan update (to be released by end of 2019) will leverage this structure.
On behalf of Federal agencies and the NITRD Cyber Security and Information Assurance Interagency Working Group, the NCO for NITRD seeks public input on Federal priorities in cybersecurity R&D. Responders should consider a 10-year time frame when characterizing the challenges, prospective research activities, and desired outcomes. Responders are asked to answer one or more of the following questions:
- What innovative, transformational technologies have the potential to greatly enhance the security, reliability, resiliency, and trustworthiness of the digital infrastructure, and to protect consumer privacy?
- What progress has been made against the goals of the 2016 Federal Cybersecurity R&D Strategic Plan? Are there mature private-sector solutions that address the deficiencies raised in the 2016 Strategic Plan? What areas of research or topics of the 2016 Strategic Plan no longer need to be prioritized for federally funded basic research?
- What areas of research or topics of the 2016 Strategic Plan should continue to be a priority for federally funded research and require continued Federal R&D investments?
- What challenges or objectives not included in the 2016 Strategic Plan should be strategic priorities for federally funded R&D in cybersecurity? Discuss what new capabilities would be desired, what objectives should guide such research, and why those capabilities and objectives should be strategic priorities.
- What changes to cybersecurity education and workforce development, at all levels of education, should be considered to prepare students, faculty, and the workforce in the next decade for emerging cybersecurity challenges, such as the implications of artificial intelligence, quantum computing, and the Internet of Things on cybersecurity?
- What other research and development strategies, plans, or activities, domestic or in other countries, should inform the U.S. Federal cybersecurity R&D strategic plan?
Following the receipt of comments, the NITRD Cyber Security and Information Assurance Interagency Working Group under the National Science and Technology Council will consider the input provided when updating the Federal cybersecurity R&D strategic plan.
To be considered, submissions must be received on or before 11:59 p.m. (ET) on January 15, 2019.