I3P Research Priorities
home > projects > I3P Research Priorities
The I3P was founded in September 2001 to help meet a well-documented need for improved research and development (R&D) to protect the Nation’s information infrastructure against catastrophic failures. The Institute’s main role is to coordinate a national cyber security R&D program, and to help build bridges between academia, industry, and government. The I3P works to identify and address critical problems in information infrastructure protection by opening information channels among researchers, policymakers, and infrastructure operators.
The information infrastructure consists of technologies and capabilities for gathering, handling, and sharing information that are accessible to, or commonly depended upon by, multiple organizations, whether within a single enterprise, a critical infrastructure sector such as banking and finance, the U.S. Government, the nation as a whole, or trans-nationally. The information infrastructure, taken as a whole, is not an engineered system. It is the result of the entrepreneurial efforts and the collective genius of the nation, working to improve efficiency and provide new opportunities for people and businesses. Security was not a major consideration at its inception, and security concerns today do not override market pressures for new uses of technology or innovation, in spite of frequent mention of hackers, criminals, and, increasingly, terrorists and nations using or planning to use the information infrastructure as a weapon to harm the United States.
In the United States, the private, academic, and public sectors invest significant resources in cyber security. The commercial sector primarily performs cyber security research as an investment in future products and services. While the public sector funds R&D in cyber security, the majority of this activity focuses on the specific missions of the government agency funding the work. Thus, broad areas of cyber security remain neglected or underdeveloped and the threat to the information infrastructure continues to grow. The nation’s dependence on information and computer networks for communications, data management, and the operation of critical infrastructures renders it increasingly vulnerable to computer-based, or cyber, attacks against our information infrastructure, including the Internet, telecommunications networks/backbones, and interconnected computer systems. Cyber attacks now threaten not only our information infrastructure but also other critical infrastructures - such as banking and finance, transportation, and energy - that rely on information technology. Moreover, because these infrastructures are highly interdependent, attacks on one infrastructure can damage other infrastructures as well. Concentrated infrastructure attacks could thus have a significant effect on our national security and economy.
Cyber security is also vital to protecting personal privacy and defending against identity theft, issues about which the American public is becoming increasingly concerned. Thieves may use stolen personal information to access a victim’s existing accounts, to create new accounts in the victim’s name, or to commit other types of fraud. Since terrorists use identity theft to facilitate their movements and operations, it is one of several areas in which privacy and national security concerns overlap.
The private sector is in a similar situation, with some corporations taking proactive measures, while others are using much more rudimentary security, if any at all. And just as in the government, no company is impervious to sophisticated attack. Even private companies that employ intrusion detection systems and other computer security measures find that their vulnerabilities are increasing, a fact that is borne out by statistics on vulnerabilities and attacks. While the core technologies underlying the information infrastructure were not built with security in mind, the growing complexity of information technologies multiplies attack routes and makes it harder to anticipate how problems will cascade through information networks.
The I3P has recently undertaken an initiative to explore nationally recognized research challenges and increased focus on important topics such as identity management, infrastructure integrity, and metrics; and contributing to demonstration projects with stakeholders.
To learn more about the I3P's current research projects, or the newly funded projects see:
2007 Projects
- Business Rationale for Cyber Security
- Assessable Identity and Privacy Protection
- Human Behavior, Insider Threat, and Awareness
- Survivability and Recovery of Process Control Systems
