T h e Co m p r e h e n s i v e Nat i o na l C y b e r s e c u r i t y I n i t i at i v e
to develop strategies and programs to enhance the component of the government R&D portfolio that
pursues high-risk/high-payoff solutions to critical cybersecurity problems. The Federal Government has
begun to outline Grand Challenges for the research community to help solve these difficult problems
that require ‘out of the box’ thinking. In dealing with the private sector, the government is identifying
and communicating common needs that should drive mutual investment in key research areas.
Initiative #10. Define and develop enduring deterrence strategies and programs. Our Nation’s
senior policymakers must think through the long-range strategic options available to the United States
in a world that depends on assuring the use of cyberspace. To date, the U.S. Government has been
implementing traditional approaches to the cybersecurity problem—and these measures have not
achieved the level of security needed. This Initiative is aimed at building an approach to cyber defense
strategy that deters interference and attack in cyberspace by improving warning capabilities, articulating roles for private sector and international partners, and developing appropriate responses for both
state and non-state actors.
Initiative #11. Develop a multi-pronged approach for global supply chain risk management.
Globalization of the commercial information and communications technology marketplace provides
increased opportunities for those intent on harming the United States by penetrating the supply chain
to gain unauthorized access to data, alter data, or interrupt communications. Risks stemming from
both the domestic and globalized supply chain must be managed in a strategic and comprehensive
way over the entire lifecycle of products, systems and services. Managing this risk will require a greater
awareness of the threats, vulnerabilities, and consequences associated with acquisition decisions; the
development and employment of tools and resources to technically and operationally mitigate risk
across the lifecycle of products (from design through retirement); the development of new acquisition
policies and practices that reflect the complex global marketplace; and partnership with industry to
develop and adopt supply chain and risk management standards and best practices. This initiative
will enhance Federal Government skills, policies, and processes to provide departments and agencies
with a robust toolset to better manage and mitigate supply chain risk at levels commensurate with the
criticality of, and risks to, their systems and networks.
Initiative #12. Define the Federal role for extending cybersecurity into critical infrastructure
domains. The U.S. Government depends on a variety of privately owned and operated critical infrastructures to carry out the public’s business. In turn, these critical infrastructures rely on the efficient
operation of information systems and networks that are vulnerable to malicious cyber threats. This
Initiative builds on the existing and ongoing partnership between the Federal Government and the
public and private sector owners and operators of Critical Infrastructure and Key Resources (CIKR). The
Department of Homeland Security and its private-sector partners have developed a plan of shared
action with an aggressive series of milestones and activities. It includes both short-term and long-term
recommendations, specifically incorporating and leveraging previous accomplishments and activities
that are already underway. It addresses security and information assurance efforts across the cyber
infrastructure to increase resiliency and operational capabilities throughout the CIKR sectors. It includes
a focus on public-private sharing of information regarding cyber threats and incidents in both government and CIKR.
★
5
★