Open Ideation Forum

A Trusted Cyber Future:
Protecting Privacy, Commerce, and Community

What are your ideas for how we can work together to establish an underlying digital infrastructure that will be self-detecting, self-protecting, and self-healing? How should we work toward a future where users will trust that information is protected, illegal use is deterred, and privacy is not compromised?


HOW TO SUBMIT YOUR IDEAS!

Consider your thoughts on the following questions to help frame your ideas. To post your ideas, just click the “Submit New Idea” button at the top of the screen (on the right!).


- Is a shift needed in the way the government approaches cyber research?


- What will be the most pertinent cyber concerns of the next five years?


- As the Internet of Things (IoT) ecosystem grows, how do we protect and secure the supporting cyber infrastructure?


- How can the government and the research community maximize the impact of cyber research?


- What areas should cybersecurity research focus on over the next five years?


- What needs to be done to accelerate the transition of cybersecurity solutions into the marketplace?


- What will be the biggest key to improving cybersecurity over the next five years?


If you have any questions, send us an email.


Learn more by visiting the S&T Cyber Security Divison website and by downloading key reference materials.

Open Ideation Forum

What lessons should we learn from the VW fiasco?

VW diesel autos were all subjected to misrepresentation of fuel efficiency mode, which ran ONLY when smog testing was in progress. Proprietary electronic voting machines have long had similar modes of potential misuse, especially in cases in which the test run before an election often involved checking to see if the first vote cast for the first candidate was successfully recorded, without any real assurance that the ...more »

Submitted by (@peterg.neumann)

Voting

0 votes
Active

Open Ideation Forum

How Can We Get the Computer Industry Seriously Involved in Developing Trustworthy Systems

Given the reality that almost all computer systems are fundamentally compromisible, it is clear that commercial (and even open-source) system developers are not doing everything they could. The argument seems to be that there is no bottom-line business model for security and privacy, but the frequent penetrations, outages, and massive leaks do not seem to hamper business. Incentives? Liabilities? Penalties? Legislation? ...more »

Submitted by (@peterg.neumann)

Voting

1 vote
Active

Open Ideation Forum

Identity Management: 802.1x versus MAB Devices

As the Internet of Things (IoT) morphs to the Internet of Everything (IoE) I see more and devices being put on Government Networks. Add to that mix a BYOD implementation its easy to see that Identity Management is crucial and there is a strong need for authenticating devices and users. One vulnerability I am researching has to deal with devices that are not 802.1x (Dot1x) capable. MAC Authentication Bypass (MAB) is a ...more »

Submitted by (@adam.j.vanslyke)

Voting

1 vote
Active

Open Ideation Forum

Computer Science and Engineering PHD Researchers Crossing Borders

There are lots of Computer Science and Engineering PhD Researchers in the US from third world countries. They are born and raised in a third world country then they move to the US. They end up working in cyber security or national security for America, yet they seem to think it is acceptable for them to return to their countries of origin from time to time and work there too. How does this not constitute a breach of security ...more »

Submitted by (@junermassoud)

Voting

-2 votes
Active

Open Ideation Forum

Using the Concept of the Pervasiveness of the Internet as a reason to Declassify Military Work

Lack of control over the internet has created a laissez-faire attitude in terms of declassifying military work. We have all become conditioned to believe that it's 'normal' for everybody to know everything about everybody, everywhere. How stupid is this? We have to realize that this notion is conversely a one-way street. One side gives up all the information, whereby the opposite side doesn't act in similar good faith ...more »

Submitted by (@junermassoud)

Voting

-1 votes
Active

Open Ideation Forum

Believing the Unbelievable

Global cooperation in STEM has made everyone believe that everything should become declassified. This in my opinion, is like selling out to the opposite camp. US and NATO declassify too much, but rogue nations declassify nothing or very little. Where's the fairness? It's not a give and take. It is a take and give nothing situation, the way I see it. The West is too lax in giving up STEM secrets and work to the rest of ...more »

Submitted by (@junermassoud)

Voting

-1 votes
Active

Open Ideation Forum

Declassifying military work - Who decides and How?

I have a problem understanding why US and NATO military work would ever become declassified if it was once classified. What warrants such disclosure? If you come to think about it, my opinion is this: if a rogue nation wanted to learn the West's military secrets, all they needed to do is gather all the unclassified stuff that was once classified and they could easily piece together the answers, using very shrewd engineering ...more »

Submitted by (@junermassoud)

Voting

0 votes
Active

Open Ideation Forum

What should be disclosed and undisclosed at Computer Science Conferences in the US

International visitors from Third World countries at US Computer Science and Engineering conferences are plentiful. How do we assure the non-disclosure of classified US military science and engineering work to characters from rogue nations? The reason I ask this question is because I am wondering how we can protect this military work when very shrewd means of extorting information are used, such as dispatching third world ...more »

Submitted by (@junermassoud)

Voting

-1 votes
Active

Open Ideation Forum

Rebooting the Internet after Cyber War

Most experts agree that the core infrastructure of the Internet is vulnerable to large-scale debilitating attacks. In response, there may be insufficient technical plans to transform the cyber infrastructure to defend against strategic damage and to make the Internet resistant to attack. What if we do not succeed? What if the Internet were degraded or entirely disabled for a significant period of time? No one really ...more »

Submitted by (@sal000)

Voting

1 vote
Active

Open Ideation Forum

Safe and Secure Embedded Systems

"Host-based" security protection for all embedded devices, including critical devices used by responders - cars, comm devices, field equipment of all sort - and all devices in homes and offices - printers, thermostats, any IoT devices - and of course critical infrastructure - routers, PLC's. All of these things are insecure and unsafe. Commercial AV won't operate on these for a plethora of technical reasons.

Submitted by (@sal000)

Voting

2 votes
Active

Open Ideation Forum

Create a Publicly Accessible Configuration Management Repository

One of the largest redundant costs of government IT programs and high security commercial systems is independent compliance testing. Homeland Security should create a centralized repository of pretested configurations for proprietary and open source software. The repository should be compatible with existing package management systems such as yum, apt-get, homebrew, and chocolatey. Pretested configurations should secure ...more »

Submitted by (@chaseadams)

Voting

1 vote
Active

Open Ideation Forum

Predictable Composability

A topic that has been increasingly critical involves the ability to build systems (and indeed systems of systems) by composing components and subsystems that have been carefully analyzed. Predictably trustworthy composition relates to requirements (which may interfere with one another), specifications, algorithms, implementations, and evaluations (formal or otherwise). This deserves some discussion in this forum. I ...more »

Submitted by (@peterg.neumann)

Voting

2 votes
Active