Federal Cybersecurity Research and Development Strategic Plan: 2016

Computers and computer networking provide major benefits to modern society, yet the growing costs of malicious cyber activities and cybersecurity itself diminish these benefits. Advances in cybersecurity are urgently needed to preserve the Internet’s growing social and economic benefits by thwarting adversaries and strengthening public trust of cyber systems. On December 18, 2014 the President signed into law the Cybersecurity Enhancement Act of 2014. This law requires the National Science and Technology Council (NSTC) and the Networking and Information Technology Research and Development (NITRD) Program to develop and maintain a cybersecurity research and development (R&D) strategic plan (the Plan) using an assessment of risk to guide the overall direction of Federally-funded cybersecurity R&D. This plan satisfies that requirement and establishes the direction for the Federal R&D enterprise in cybersecurity science and technology (S&T) to preserve and expand the Internet’s wide-ranging benefits. This strategic plan updates and expands the December 2011 plan, Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program. The 2011 plan defined a set of interrelated breakthrough objectives for Federal agencies that conduct or sponsor R&D in cybersecurity. This Plan incorporates and expands the priorities in the 2011 plan and adds a strong focus on evidence-validated R&D. Evidence of cybersecurity efficacy and efficiency, such as formal proofs and empirical measurements, drives progress in cybersecurity R&D and improves cybersecurity practice.