Wanted By DHS: Breakout Ideas On Domestic Cybersecurity
Department of Homeland Security plans to fund cyber defense research efforts to develop pragmatic tools that can be deployed quickly, says Forrester.
Government Data + Maps: 10 Great Examples
(Click image for larger view and slideshow.)
Companies, universities, and other entities that have existing but unfunded, innovative cyber security projects should take advantage of new funding from the Homeland Security Department to advance their research, according to a new report from Forrester Research of Cambridge, Mass.
The DHS cyber research effort comes at a time when cyber attacks by well-funded crime groups around the globe and hostile nation-states are on the rise, and there is a shortage of funding for technologies to help vital sectors of the economy combat a daily barrage of attacks.
Although there are dozens of legislative proposals for cyber security before Congress, no meaningful cyberbreach legislation is being considered at the moment, according to report author Ed Ferrara, Forrester's principal analyst serving Security & Risk Professionals.
"At the tactical agency level... this particular effort is a bright spot in a pretty bleak governmental landscape," Ferrara said. "It's not nearly enough, but it is certainly a step in the right direction."
The department earlier this year issued a broad agency announcement seeking targeted research and development for innovative cyber security tools. DHS has $95 million that it will disburse in multiple phases over the next three to five years, according to government documents.
DHS wants pragmatic tools that can be deployed rapidly to boost the security of public and private organizations that are part of the nation's critical infrastructure, including financial, energy, healthcare, and other sectors.
The first phase of the funding is available for tools in four key domains: data and privacy, distributed denial of service, mobile security, and cyber and physical system integration. Forrester provided more details on what's needed in each domain:
Data privacy and security DHS seeks methods to boost privacy controls that protect individuals' personal information. To achieve this goal, the department is interested in tools and concepts related to privacy compliance, privacy-preserving federated search capabilities, and mobile computing privacy.
Distributed denial of service The department wants to develop ways to measure such attacks, enhance communications among affected parties, drive the adoption of existing technologies to mitigate DDoS attacks, and fund the further development of DDoS defense technologies.
Mobile security DHS wants ideas that address a number of pressing needs. One need is instrumentation for mobile devices that can authenticate users and also perform risk-based assessments on the use of the device. Other needs include a secure approach for accessing mobile device data, new security management tools for mobile devices, and innovative approaches for protecting the component layers of devices from malicious applications.
Cyber and physical integration DHS wants tools and concepts that address secure system design, and experimental and pilot implementations of such integrated cyber and physical security systems.
Ideally, organizations benefiting from advances in integrated cyber and physical security would be able to deploy them for building and system access, enhanced payment system security, and other applications that require multifactor authentication, according to Forrester.
"Things are getting worse," Ferrara said. "The number of attacks is up, the severity of the attacks is up, and the visibility of the attacks is up. You never saw things like this on the front pages [before], and now it is front page news."
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge. Get the new Flexibility Equals Strength issue of InformationWeek Government Tech Digest today. (Free registration required.)
William Welsh is a contributing writer to InformationWeek Government. He has covered the government IT market since 2000 for publications such as Washington Technology and Defense Systems. View Full Bio
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.