In its quest to craft a comprehensive federal cybersecurity research and development strategic plan, the National Science Foundation has decided to leave no technological stone unturned -- even if it’s in the private sector.
On Monday, a notice in the Federal Register stated the agency would be reaching beyond the confines of the federal government’s knowledge and seek input from the public about NSF’s strategic plan.
The announcement was triggered by last year’s Cybersecurity Enhancement Act, created to cut down on cyber risks threatening critical infrastructure. One of the act’s sections directed certain agencies to development a strategic plan to manage cybersecurity research funded by the federal government.
At least 10 agencies affiliated with the National Science and Technology Council and the Networking and Information Technology Research and Development Program have until the yearend to create a plan. Other agencies may be included at the discretion of the president and the director of the Office of Science and Technology Policy.
The Federal Register announcement included a wide array of questions for the public to answer. But individuals were encouraged to answer as few or as many as they wanted.
Among other questions, the request for information asked citizens to describe innovative technologies that have the ability to protect both digital infrastructure and consumer privacy.
It also asked which research subjects found in White House’s 2011 Strategic Plan for the Federal Cybersecurity Research and Development Program should be included in the new framework, and which ones should be eliminated altogether.
The RFI also referenced the cybersecurity objectives included in the act, and queried whether there are any gaps.
“What research goals, for both basic and applied research, could serve as guidance for a federally funded, multiagency portfolio of [research and development] activities to close those gaps?” was a follow-up question.
Submissions may not exceed 25 pages and must be received by June 19.
The strategic plan must be developed and updated every four years, according to the Cybersecurity Enhancement Act.
(Image via Mila Supinskaya/ Shutterstock.com)