Companies, universities, and other entities that have existing but unfunded, innovative cyber security projects should take advantage of new funding from the Homeland Security Department to advance their research, according to a new report from Forrester Research of Cambridge, Mass.
The DHS cyber research effort comes at a time when cyber attacks by well-funded crime groups around the globe and hostile nation-states are on the rise, and there is a shortage of funding for technologies to help vital sectors of the economy combat a daily barrage of attacks.
Although there are dozens of legislative proposals for cyber security before Congress, no meaningful cyberbreach legislation is being considered at the moment, according to report author Ed Ferrara, Forrester's principal analyst serving Security & Risk Professionals.
[How do ex-military and ex-hackers approach cybersecurity? Read Hacker Or Military? Best Of Both In Cyber Security.]
"At the tactical agency level... this particular effort is a bright spot in a pretty bleak governmental landscape," Ferrara said. "It's not nearly enough, but it is certainly a step in the right direction."
The department earlier this year issued a broad agency announcement seeking targeted research and development for innovative cyber security tools. DHS has $95 million that it will disburse in multiple phases over the next three to five years, according to government documents.
DHS wants pragmatic tools that can be deployed rapidly to boost the security of public and private organizations that are part of the nation's critical infrastructure, including financial, energy, healthcare, and other sectors.
The first phase of the funding is available for tools in four key domains: data and privacy, distributed denial of service, mobile security, and cyber and physical system integration. Forrester provided more details on what's needed in each domain:
Data privacy and security
DHS seeks methods to boost privacy controls that protect individuals' personal information. To achieve this goal, the department is interested in tools and concepts related to privacy compliance, privacy-preserving federated search capabilities, and mobile computing privacy.
Distributed denial of service
The department wants to develop ways to measure such attacks, enhance communications among affected parties, drive the adoption of existing technologies to mitigate DDoS attacks, and fund the further development of DDoS defense technologies.
DHS wants ideas that address a number of pressing needs. One need is instrumentation for mobile devices that can authenticate users and also perform risk-based assessments on the use of the device. Other needs include a secure approach for accessing mobile device data, new security management tools for mobile devices, and innovative approaches for protecting the component layers of devices from malicious applications.
Cyber and physical integration
DHS wants tools and concepts that address secure system design, and experimental and pilot implementations of such integrated cyber and physical security systems.
Ideally, organizations benefiting from advances in integrated cyber and physical security would be able to deploy them for building and system access, enhanced payment system security, and other applications that require multifactor authentication, according to Forrester.
"Things are getting worse," Ferrara said. "The number of attacks is up, the severity of the attacks is up, and the visibility of the attacks is up. You never saw things like this on the front pages [before], and now it is front page news."
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge. Get the new Flexibility Equals Strength issue of InformationWeek Government Tech Digest today. (Free registration required.)