Visible to the public Foundational Cybersecurity Research: Report of a Study by NASEMConflict Detection Enabled


Steven B. Lipner is the Executive Director of SAFECode, a non-profit industry organization dedicated to increasing trust in ICT products and services through the advancement of effective software assurance methods. He is also an Adjunct Professor of Computer Science in the Institute for Software Research, School of Computer Science at Carnegie Mellon University. Lipner retired in 2015 as Partner Director of Software Security at Microsoft where he was the creator and long-time leader of the Microsoft Security Development Lifecycle (SDL). He was also responsible for Microsoft’s policies and strategies for security evaluation of products by governments, and for Microsoft’s approach to supply chain security and product integrity. Before joining Microsoft, Lipner worked for several commercial vendors and government contractors as a researcher, consultant, engineering manager and general manager in computer and network security. He has written numerous technical papers on aspects of cybersecurity and served on nine National Academies committees. He holds twelve U.S. patents in computer and network security, and served two terms, a total of ten years, on the Information Security and Privacy Advisory Board. Lipner was elected in 2010 to the Information Systems Security Association Hall of Fame, in 2015 to the National Cybersecurity Hall of Fame, and in 2017 to the National Academy of Engineering.



What is a science of cybersecurity and what should the United States Government do to advance it? Between late 2012 and early 2015, a committee of the National Academies of Science, Engineering, and Medicine conducted a study of future research goals and directions for foundational science in cybersecurity. The committee sought to focus on opportunities where a fresh approach to the problem could prove fruitful and to consider gaps in the Federal research program in the science of cybersecurity.

The committee identified four broad aims for cybersecurity research:

  • Strengthen the scientific underpinnings of cybersecurity.
  • Integrate the social, behavioral, and decision sciences in security science.
  • Address engineering, operational, and life-cycle challenges in security science.
  • Support and sustain foundational research for security science.

The committee also recommended fostering institutional approaches and opportunities to improve security science, and a deliberate focus on incentivizing longer-term research efforts and infrastructure development. The committee’s report is available on the NASEM website; this keynote will summarize the highlights of the report and elaborate on its key insights and contributions.

Creative Commons 2.5

Other available formats:

Foundational Cybersecurity Research: Report of a Study by NASEM