VW diesel autos were all subjected to misrepresentation of fuel efficiency mode, which ran ONLY when smog testing was in progress. Proprietary electronic voting machines have long had similar modes of potential misuse, especially in cases in which the test run before an election often involved checking to see if the first vote cast for the first candidate was successfully recorded, without any real assurance that the ...more »
Open Ideation Forum
A Trusted Cyber Future:
Protecting Privacy, Commerce, and Community
What are your ideas for how we can work together to establish an underlying digital infrastructure that will be self-detecting, self-protecting, and self-healing? How should we work toward a future where users will trust that information is protected, illegal use is deterred, and privacy is not compromised?
HOW TO SUBMIT YOUR IDEAS!
Consider your thoughts on the following questions to help frame your ideas. To post your ideas, just click the “Submit New Idea” button at the top of the screen (on the right!).
- Is a shift needed in the way the government approaches cyber research?
- What will be the most pertinent cyber concerns of the next five years?
- As the Internet of Things (IoT) ecosystem grows, how do we protect and secure the supporting cyber infrastructure?
- How can the government and the research community maximize the impact of cyber research?
- What areas should cybersecurity research focus on over the next five years?
- What needs to be done to accelerate the transition of cybersecurity solutions into the marketplace?
- What will be the biggest key to improving cybersecurity over the next five years?
If you have any questions, send us an email.
Given the reality that almost all computer systems are fundamentally compromisible, it is clear that commercial (and even open-source) system developers are not doing everything they could. The argument seems to be that there is no bottom-line business model for security and privacy, but the frequent penetrations, outages, and massive leaks do not seem to hamper business. Incentives? Liabilities? Penalties? Legislation? ...more »
As the Internet of Things (IoT) morphs to the Internet of Everything (IoE) I see more and devices being put on Government Networks. Add to that mix a BYOD implementation its easy to see that Identity Management is crucial and there is a strong need for authenticating devices and users. One vulnerability I am researching has to deal with devices that are not 802.1x (Dot1x) capable. MAC Authentication Bypass (MAB) is a ...more »
There are lots of Computer Science and Engineering PhD Researchers in the US from third world countries. They are born and raised in a third world country then they move to the US. They end up working in cyber security or national security for America, yet they seem to think it is acceptable for them to return to their countries of origin from time to time and work there too. How does this not constitute a breach of security ...more »
Lack of control over the internet has created a laissez-faire attitude in terms of declassifying military work. We have all become conditioned to believe that it's 'normal' for everybody to know everything about everybody, everywhere. How stupid is this? We have to realize that this notion is conversely a one-way street. One side gives up all the information, whereby the opposite side doesn't act in similar good faith ...more »
Global cooperation in STEM has made everyone believe that everything should become declassified. This in my opinion, is like selling out to the opposite camp. US and NATO declassify too much, but rogue nations declassify nothing or very little. Where's the fairness? It's not a give and take. It is a take and give nothing situation, the way I see it. The West is too lax in giving up STEM secrets and work to the rest of ...more »
I have a problem understanding why US and NATO military work would ever become declassified if it was once classified. What warrants such disclosure? If you come to think about it, my opinion is this: if a rogue nation wanted to learn the West's military secrets, all they needed to do is gather all the unclassified stuff that was once classified and they could easily piece together the answers, using very shrewd engineering ...more »
International visitors from Third World countries at US Computer Science and Engineering conferences are plentiful. How do we assure the non-disclosure of classified US military science and engineering work to characters from rogue nations? The reason I ask this question is because I am wondering how we can protect this military work when very shrewd means of extorting information are used, such as dispatching third world ...more »
Most experts agree that the core infrastructure of the Internet is vulnerable to large-scale debilitating attacks. In response, there may be insufficient technical plans to transform the cyber infrastructure to defend against strategic damage and to make the Internet resistant to attack. What if we do not succeed? What if the Internet were degraded or entirely disabled for a significant period of time? No one really ...more »
"Host-based" security protection for all embedded devices, including critical devices used by responders - cars, comm devices, field equipment of all sort - and all devices in homes and offices - printers, thermostats, any IoT devices - and of course critical infrastructure - routers, PLC's. All of these things are insecure and unsafe. Commercial AV won't operate on these for a plethora of technical reasons.
One of the largest redundant costs of government IT programs and high security commercial systems is independent compliance testing. Homeland Security should create a centralized repository of pretested configurations for proprietary and open source software. The repository should be compatible with existing package management systems such as yum, apt-get, homebrew, and chocolatey. Pretested configurations should secure ...more »
A topic that has been increasingly critical involves the ability to build systems (and indeed systems of systems) by composing components and subsystems that have been carefully analyzed. Predictably trustworthy composition relates to requirements (which may interfere with one another), specifications, algorithms, implementations, and evaluations (formal or otherwise). This deserves some discussion in this forum. I ...more »
Ultimately, we need better foundations for applications than we have today. The username + password per service approach is deeply flawed and is failing us. Users should be able to create an identity (it does not have to be tied to a real world identity) and register it with systems. Those systems could then securely share data, authorize access, etc., without a reliance on fractured federations of accounts, passwords, ...more »
We will never stem the tide of vulnerabilities when we produce upwards of 40,000 new programmers every year and none of them have been instructed in the basics of writing secure applications.
I submitted an item for this open ideation forum but apparently I did not properly link it to this topic. I believe it to be an extremely important item for discussion, and hope that you will have contributions.