"Both traditional and unorthodox approaches will be necessary," the report warned. "Traditional research is problem-specific, and there are many cybersecurity problems for which good solutions are not known. ... Research is and will be needed to address these problems."

However, it continued, "Problem-by-problem solutions, or even problem-class by problem-class solutions, are highly unlikely to be sufficient to close the gap by themselves.

"Unorthodox, clean-slate approaches will also be needed to deal with what might be called a structural problem in cybersecurity research now, and these approaches will entail the development of new ideas and new points of view that revisit the basic foundations and implicit assumptions of security research," the Computer Science and Telecommunications Board research report said.

"Addressing both of these reasons for the lack of security in cyberspace is important, but it is the second -- closing the knowledge gap -- that is the primary goal of cybersecurity research," it concluded.

The Computer Science and Telecommunications Board report goes on to lay out an appropriate research agenda including such issues as deterring would-be attackers and managing the degradation and reconstitution of systems in the face of concerted attacks.

A further step in implementing any truly effective national cybersecurity strategy for the United States must be to "get safe."

Encouraging innovation is perhaps the quickest and most effective way to promote public-private engagement and build a national ability to mitigate and respond to cyber threats. Providing liability protection is one proven means of promoting private-sector innovation.

Since the terrorist attacks of Sept. 11, 2001, the U.S. Congress has acted decisively and to good effect in one area of liability protection: The Support Anti-Terrorism by Fostering Effective Technologies Act lowered the liability risks of manufacturers that provide products and services used in combating terrorism.

The act, passed in 2002 and known as the SAFETY Act, protects the incentive to produce products that the secretary of homeland security designates as Qualified Anti-Terrorism Technologies. The Department of Homeland Security has made a concerted effort to implement the program, and about 200 companies have obtained SAFETY Act certification.

earlier related report
How the 2002 SAFETY Act should be further used
As we have previously noted, since the terrorist attacks on the United States of Sept. 11, 2001, the U.S. Congress has acted decisively and to good effect in one area of liability protection.

The Support Anti-Terrorism by Fostering Effective Technologies Act lowered the liability risks of manufacturers that provide products and services used in combating terrorism.

The act, passed in 2002, protects the incentive to produce products that the secretary of homeland security designates as Qualified Anti-Terrorism Technologies. The Department of Homeland Security has made a concerted effort to implement the program, and about 200 companies have obtained SAFETY Act certification. This process is explored in the Heritage Foundation paper "Fighting Terrorism, Addressing Liability: A Global Proposal" by James Jay Carafano, Backgrounder No. 2138, published May 21, 2008. It is available online.

This SAFETY Act-generated program should be used to accelerate the fielding of commercial products and services for U.S. national cybersecurity.

It is also essential to implement the National Security Professional Development program. The Obama administration should build on this program, a process to educate, certify and track national-security professionals. This program was launched by President George W. Bush in an executive order in May 2007. It is available online.

The National Security Professional Development program should be modified based on the experience of the last two years in attempting to implement the program and be used to develop leaders skilled in cyber-strategic leadership and other critical national-security missions. This process is explored in James Jay Carafano's paper, "Missing Pieces in Homeland Security: Interagency Education, Assignments, and Professional Accreditation," Executive Memorandum No. 1013, published October 16, 2006. It is available at heritage.org/Research/HomelandSecurity/em1013.cfm.

Taking these cumulative steps to advance U.S. national cybersecurity are only the first steps on a long road.

Efforts to use the cyber domain for malicious purposes have matured in scope and sophistication over the past two decades. This threat will only intensify as terrorists continue to embrace its low costs to entry and states operationalize its power as a new domain of 21st-century warfare.

Meeting this challenge in both the public and private sectors will require careful planning and consideration in the coming years. Initiating a professional-development, cyber-strategic leadership program to begin training future leaders in the complexities of the cyberspace arena is imperative to the future security of America's cyber infrastructure.

(James Jay Carafano, Ph.D., is assistant director of the Kathryn and Shelby Cullom Davis Institute for International Studies and senior research fellow for national security and homeland security in the Douglas and Sarah Allison Center for Foreign Policy Studies, a division of the Davis Institute, at the Heritage Foundation. Eric Sayers is a research assistant in the Allison Center for Foreign Policy Studies at the Heritage Foundation.)

(United Press International's "Outside View" commentaries are written by outside contributors who specialize in a variety of important issues. The views expressed do not necessarily reflect those of United Press International. In the interests of creating an open forum, original submissions are invited.)

Share This Article With Planet Earth

del.icio.us	Digg	Reddit
YahooMyWeb	Google	Facebook

Related Links
Cyberwar - Internet Security News - Systems and Policy Issues

Memory Foam Mattress Review

SPACE MEDIA NETWORK PROMOTIONS Solar Energy Solutions Tempur-Pedic Mattress Comparison ... Newsletters :: SpaceDaily :: SpaceWar :: TerraDaily :: Energy Daily XML Feeds :: Space News :: Earth News :: War News :: Solar Energy News