The IT Law Wiki
The IT Law Wiki

Citation[]

CSIA IWG, Federal Plan for Cyber Security and Information Assurance Research and Development (Apr. 2006) (full-text).

Overview[]

This Plan was developed by the Cyber Security and Information Assurance Interagency Working Group (CSIA IWG) under the auspices of the National Science and Technology Council. It presents a coordinated interagency framework for addressing critical gaps in current cyber security and information assurance capabilities and technologies.

The Plan focuses on interagency research and development (R&D) priorities and is intended to complement agency-specific prioritization and R&D planning efforts in cyber security and information assurance. The Plan also describes the key Federal role in supporting R&D to strengthen the overall security of the IT infrastructure through development of fundamentally more secure next-generation technologies.

The Plan also serves as a foundational document for the National Critical Infrastructure Protection Research and Development Plan (NCIP R&D Plan), which is required by Homeland Security Presidential Directive 7 (HSPD-7). Developed by the NSTC’s Subcommittee on Infrastructure, this latter plan focuses on R&D needs in support of protecting the U.S.’s critical infrastructures. The CSIA Plan focuses on R&D to help meet IT needs outlined in the NCIP Plan, supporting CSIA elements of key NCIP strategic goals, including a national common operating picture, a secure national communication network, and a resilient, self-healing, self-diagnosing infrastructure.

Contents of the plan[]

The Plan comprised the following sections:

The Plan recommended that cyber security and information assurance be accorded high priority at all levels of the Government and be integral to the design, implementation, and use of all components of the IT infrastructure.

The Plan pointed to the need for coordinated Federal R&D to solve the hard technical problems that are barriers to fundamental advances in next-generation cyber security and information assurance technologies; such R&D is typically multidisciplinary, long-term, and high-risk.