Information technology (IT) provides exceptional benefits to society. However, the more society relies on IT, the greater the potential disruption and destruction that adversaries can create via malicious cyber activities. Advances in cybersecurity are urgently needed to preserve the Internet’s social and economic benefits—as well as the security of the Nation and its online commercial and public infrastructure—by thwarting adversaries and strengthening public trust in cyber systems.
The Cybersecurity Enhancement Act of 2014 (Public Law 113-274) requires the National Science and Technology Council and the Networking and Information Technology Research and Development Program to develop, maintain, and update every four years a cybersecurity research and development (R&D) strategic plan to guide the overall direction of federally funded R&D in cybersecurity. This strategic plan (this “Plan”) fulfills this mandate and updates the 2016 Federal Cybersecurity Research and Development Strategic Plan. This Plan also addresses priorities established by the 2018 National Cyber Strategy of the United States of America, including both its domestic and foreign policy priorities, and by the Administration’s FY 2021 Research and Development Budget Priorities Memorandum.
The Plan identifies the following goals for cybersecurity R&D:
- Understand human aspects of cybersecurity
- Provide effective and efficient risk management
- Develop effective and efficient methods for deterring and countering malicious cyber activities
- Develop integrated safety-security-privacy framework and methodologies
- Improve systems development and operation for sustainable security
To realize the goal of a secure cyberspace, the Plan carries forward the essential concepts from the 2016 Federal Cybersecurity Research and Development Strategic Plan, including the framework of four interdependent defensive capabilities:
To advance the priorities and objectives of the 2018 National Cyber Strategy of the United States of America and the Administration’s FY 2021 Research and Development Budget Priorities Memorandum, the Plan outlines research objectives in the following priority areas:
- Artificial Intelligence
- Quantum Information Science
- Trustworthy Distributed Digital Infrastructure
- Secure Hardware and Software
- Education and Workforce Development
Advancements in the defensive capabilities and priority areas critically depend on progress in human aspects, research infrastructure, risk management, scientific foundations, and transition to practice.
The Plan closes with identifying roles in cybersecurity R&D for the Federal Government, industry, and academia and with recommendations for supporting activities. Implementing this Plan and these recommendations will create science and technology for cybersecurity that effectively and efficiently sustain a trustworthy cyberspace to support the Nation’s prosperity and security well into the future.