Visible to the public SoS Musings #14 - Concerns with a Ray of HopeConflict Detection Enabled

SoS Musings #14

Concerns with a Ray of Hope

Nextgov reports the Trump 2019 budget boosts Cyber spending but cuts research. There are proposed funding hikes at DHS and Defense. The DHS cyber research has been in the Science and Technology Directorate but will now be in the cyber and infrastructure protection, NPPD. The budget, however, includes a massive cut of 18 percent to the government's main cyber standards organization, the National Institute of Standards and Technology. NIST just issued Version 1.1 of the Framework for Improving Critical Infrastructure Cybersecurity and has plans to produce a companion document "Roadmap for Improving Critical Infrastructure Cybersecurity" highlighting key areas for further collaboration.

This certainly will increase tactical research at the price of strategic research. It appears it will be aimed at current problems plugging known gaps as opposed to trying to get ahead by anticipating and providing research that can solve future problems.

Are we eating our seed corn?

We certainly require both types of advances.

A 15-year old security researcher was able to compromise the firmware on Leger's virtual wallet.

At the end of March, the U.S. Justice Department charged nine Iranian nationals involved in a massive attack on behalf of the Iranian National Guard. The intellectual capital of academic institutions was targeted.

Eight novel flaws in computer chips have been found, dubbed Spectra Next Generation.

The TechNewsWorld points out retail, industrial and government breaches that signal increasing consumer and business vulnerabilities in an article "No Cure for Cyber Insecurity?"

Some current work:

Army scientists recently found that the best, high-performing cybersecurity teams have relatively few interactions with their team-members and team captain. While this result may seem counterintuitive, it is actually consistent with major theoretical perspectives on professional team development.

ARL also published a paper detailing "Current and Future Applications of Machine Learning for the US Army." There are those in the community who caution that it is possible to discover the way a particular program "learns" and to use that knowledge to spoof the system.

Security magazine notes that at RSA 2018 we were cautioned that "In the Golden Age of Cyber Crime we have a People Problem."

McAfee offers some suggestions.

How the direction of the ongoing research will fulfill the needs will be seen.