Cyber R&D

Research & Development: Harness Innovation to Improve Cyber Security

At a Glance:

  • Technological innovation is one of the best tools we have to increase our cyber security, as well as fuel economic growth.
  • We need to develop a national cyber security research and development (R&D) plan to harness innovation to improve cyber security.
  • Such a plan would be created jointly by government and industry to identify national-level priorities, a strategy to reach these objectives, and focus government resources on “game-changing”, long-term and basic research.


BSA Position

Currently, the United States does not have a comprehensive national plan for cyber security R&D. Various federal agencies conduct separate activities, but together these efforts do not fully address the nation’s overall cyber security R&D needs. A national cyber security R&D plan should:

  • Identify national-level cyber security R&D objectives. These objectives need to be prioritized, so that we focus our efforts first and foremost on our most critical infrastructures and interests.
  • Be created through a partnership between government and industry, and in particular owners and operators of critical infrastructure, so that the national plan’s objectives reflect the broad needs of the nation rather the priorities of specific agencies.
  • Include a strategy for reaching our national cyber security objectives, i.e., a plan to get from where we are today to where we want to go: who is leading what project, with what resources, what timeline, what deliverables, etc.?
  • Focus federal cyber security R&D on long-term and basic research. BSA supports the White House Cyberspace Policy Review’s emphasis on “game-changing innovation” (see p. 32 of the White House Review).
  • We believe the government should focus its limited resources by conducting applied R&D if it is addressing measurable security gaps that are not addressed by commercially available technological solutions.
  • Facilitate the transition to the marketplace of technologies developed with federal cyber security R&D funding. The status of the intellectual property generated by federally funded cyber security R&D needs to be clarified similarly to what Congress did for small businesses, non-profits and universities through the Bayh-Dole Act in 1980. The federal government also needs to improve its sharing of the innovations generated by cyber security R&D conducted by federal agencies, even with licensing conditions that appropriately reward the agency in question.

Issue

  • Our networks and electronic data are under attacks perpetrated by well-organized criminal elements or entities that threaten our economic and national security. As these attacks are increasingly technologically sophisticated, we need to ensure that our technological defenses are as advanced, if not more.
  • A genuine national cyber security research and development (R&D) strategy would allow the United States to reach that goal, by harnessing technological innovation.

Action Needed

The United States needs to create a national cyber security R&D plan that:

  1. Identifies and prioritizes national-level objectives;
  2. Identifies a strategy to reach these objectives;
  3. Is produced in partnership between government and industry;
  4. Focuses on long-term, game changing innovation;
  5. Allows these innovations to be adopted quickly by the marketplace.