Cybersecurity Policy

The Cybersecurity Summit meetings have proven to be a useful forum to foster dialog between awardees, cybersecurity experts and NSF. NSF will provide feedback on the 2007 Summit meeting and discuss best practices in cybersecurity that might be useful to large facilities.

There has been much improvement in securing cyberspace in the last five years, but much still needs to be done. The Center for Strategic and International Studies (CSIS) has established a Commission on Cyber Security for the 44th Presidency, the administration that will take office in January 2009. The goal of the commission is to identify a strategy and set of recommendations for the next administration to move ahead in securing cyberspace. This session will provide a status report on the commission's work to date. It will also provide an opportunity to offer input regarding progress that has been made in the higher education sector, remaining challenges and opportunities, and the role of the federal government to help improve cybersecurity at colleges and universities.

This "Briefing to CSIS Commission on Cyber Security for the 44th Presidency" By Rodney Petersen and Jack Suess on behalf of the EDUCAUSE/Internet2 IT Security Task Force was presented to the Commission on Cyber Security for the 44th Presidency. The agenda was "Improving Cybersecurity: Recommendations from Private Sector Experts".

The E-Government Act of 2002 (Public Law 107-347), recognized the importance of information security to the economic and national security interests of the United States. Title III of the E-Government Act, entitled the Federal Information Security Management Act of 2002 (FISMA), tasked NIST with responsibilities for standards and guidelines, including the development of:
- Standards to be used by all federal agencies to categorize all information and information systems collected or maintained by or on behalf of each agency based on the objectives of providing appropriate levels of information security according to a range of risk levels;
- Guidelines recommending the types of information and information systems to be included in each category; and
- Minimum information security requirements (i.e., management, operational, and technical controls), for information and information systems in each such category.

The Directorate for Science and Technology (S&T) is the primary research and development arm of the U.S. Department of Homeland Security. S&T uses the Homeland Security Advanced Research Project Agency to engage industry, academia, government, and other sectors in innovative research and development, rapid prototyping, and technology transfer to meet operational needs. Academic organizations such as the Computing Research Association and industry groups have called for increased funding for cybersecurity R&D. This keynote will describe what the S&T directorate is doing to drive, discover, and deliver new solutions to address cybervulnerabilities as well as what research areas it considers as priorities in the near term.

Why is it risky for technologists to ignore the nontechnical context where their systems will be deployed? Furthermore, what is the risk when policymakers ignore the limits and potential of technology? How can we structure dialogue between technologists and policymakers to address security failings—to revisit identity theft, electronic voting machines, digital rights management, and network neutrality? Fred Schneider, editor of the National Research Council study Trust in Cyberspace and longtime researcher on what makes computer systems secure, will consider these and other questions.