References

A Scientific Research and Development Approach to Cyber Security

The Department of Energy has the responsibility to address the energy, environmental, and nuclear security challenges that face our nation. In support of this mission, it operates national laboratories and scientific user facilities, performs basic and applied research and engineering, and works to assure reliableenergy delivery and to maintain our nuclear deterrence capabilities. Despite ubiquitous dependence on electronic information and on networked computing infrastructure,  cyber security practice and policy is largely heuristic,reactive, and increasingly cumbersome, struggling  to keep pace with rapidly evolving threats. Advancing beyond this reactive posture will requiretransformation in information system architecture  and  new  capabilities that  do not merely solve today’s security challenges!they must render them obsolete. The need is critical not only to the Department of Energy but also to other federal agencies and to the private sector.  The Department of Energy is uniquely poised to undertake this work, complementing efforts at other agencies and industry.

Complexity Science Challenges in Cybersecurity

Computers and the Internet are indispensable to our modern society, but by the standards of critical infrastructure, they are notably unreliable. Existing analysis and design approaches have failed to curb the frequency and scope of malicious cyber exploits. A new approach based on complexity science holds promise for addressing the underlying causes of the cybersecurity problem. The application of complexity science to cybersecurity presents key research challenges in the areas of network dynamics, fault tolerance, and large-scale modeling and simulation. We believe that the cybersecurity problem is urgent enough, the limits of traditional reductive analysis are clear enough, and the possible benefits of reducing cyber exploits are great enough, that the further development of cybersecurity-targeted complexity-science tools is a major research need.  

JASON report: Science of Cyber-Security

JASON was requested by the DoD to examine the theory and practice of cyber-security, and evaluate whether there are underlying fundamental principles that would make it possible to adopt a more scientific approach,  identify what is needed in creating a science of cyber-security, and recommend specific ways in which scientific methods can be applied. Our study identified several sub-fields of computer science that are specifically relevant and also provides some recommendations on further developing the science of cyber-security.