This publication was an attempt to begin to define a national R&D agenda that is required to enable us to get ahead of our adversaries and produce the technologies that will protect our information systems and networks into the future. The research, development, test, evaluation, and other life cycle considerations required are far reaching — from technologies that secure individuals and their information to technologies that will ensure that our critical infrastructures are much more resilient. The R&D investments recommended in the roadmap were intended to tackle the vulnerabilities of today and envision those of the future.
The intent of the Roadmap was to provide detailed research and development agendas for the future relating to 11 hard problem areas in cybersecurity, for use by agencies of the U.S. Government and other potential R&D funding sources. The 11 hard problems are:
- Scalable trustworthy systems (including system architectures and requisite development methodology)
- Enterprise-level metrics (including measures of overall system trustworthiness)
- System evaluation life cycle (including approaches for sufficient assurance)
- Combatting insider threats
- Combatting malware and botnets
- Global-scale identity management
- Survivability of time-critical systems
- Situational understanding and attack attribution
- Provenance (relating to information, systems, and hardware)
- Privacy-aware security
- Usable security.
For each of these hard problems, the Roadmap identifies critical needs, gaps in research, and research agenda appropriate for near, medium, and long term attention.