opment, and education, as well as invest-ing in “leap-ahead” technologies.
No single federal agency “owns”
the issue of cybersecurity. In fact, the
federal government does not uniquely
own cybersecurity. It is a national and
global challenge with far-reaching
consequences that requires a cooperative, comprehensive effort across the
public and private sectors. However,
as it has done historically, the U.S. government R&D community, working in
close cooperation with private-sector
partners in key technology areas, can
jump-start the necessary fundamental
technical transformation.
Partnerships
The federal government must reenergize two key partnerships to successfully secure the future cyberspace: the
partnership with the educational system and the partnership with the private
sector. The Taulbee Survey2 has shown
that our current educational system is
not producing the cyberspace workers
of the future and the current public-private partnerships are inadequate for
taking R&D results and deploying them
across the global infrastructure.
Education. A serious, long-term
problem with ramifications for na-
tional security and economic growth is
looming: there are not enough U.S. cit-
izens with computer science (CS) and
science, technology, engineering, and
mathematics (STEM) degrees being
produced. The decline in CS enroll-
ments and degrees is most acute. The
decline in undergraduate CS degrees
portends the decline in master’s and
doctoral degrees as well. Enrollments
in major university CS departments
have fallen sharply in the last few years,
while the demand for computer scien-
tists and software engineers is high
and growing. The Taulbee Survey2
confirmed that CS (including comput-
er engineering) enrollments are down
50% from only five years ago, a pre-
cipitous drop by any measure. Since
CS degrees are a subset of the overall
requirement for STEM degrees and
show the most significant downturn,
CS degree production can be consid-
ered a bellwether to the overall condi-
tion and trend of STEM education. The
problems with other STEM degrees are
equally disconcerting and require im-
mediate and effective action. At the
same time, STEM jobs are growing,
and CS jobs are growing faster than
the national average.
technical Agenda
Over the past decade there have been
a significant number of R&D agendas
the current public-
private partnerships
are inadequate for
taking R&D results
and deploying them
across the global
infrastructure.
published by various academic and industry groups, and government departments and agencies (these documents
can be found online at http://www.cyber.
st.dhs.gov/documents.html). A 2006
federal R&D plan identified at least
eight areas of interest with over 50
project topics that were either being
funded or should be funded by federal
R&D entities. Many of these topic areas
have been on the various lists for over a
decade. Why? Because the U.S. has un-derinvested in these R&D areas, both
within the government and private
R&D communities.
The Comprehensive National Cy-
ber Initiative (CNCI) and the Presi-
dent’s Cyberspace Policy Review3
challenged the federal networks and
IT research community to figure out
how to “change the game” to address
these technical issues. Over the past
year, through the National Cyber Leap
Year (NCLY) Summit and a wide range
of other activities, the U.S. government
research community sought to elicit
the best ideas from the research and
technology community. The vision of
the CNCI research community over the
next 10 years is to “transform the cyber-
infrastructure to be resistant to attack
so that critical national interests are
protected from catastrophic damage
and our society can confidently adopt
new technological advances.”
The leap-ahead strategy aligns with
the consensus of the U.S. networking
and cybersecurity research communi-
ties: That the only long-term solution to
the vulnerabilities of today’s network-
ing and information technologies is to
ensure that future generations of these
technologies are designed with security
built in from the ground up. Federal
agencies with mission-critical needs
for increased cybersecurity, which in-
cludes information assurance as well as
network and system security, can play a
direct role in determining research pri-
orities and assessing emerging technol-
ogy prototypes.
The Department of Homeland Security Science and Technology Directorate has published its own roadmap in
an effort to provide more R&D direction
for the community. The Cybersecurity
Research Roadmap1 addresses a broad
R&D agenda that is required to enable
production of the technologies that will
protect future information systems and
