Agencies Seek Public Input on Updates to Guiding Plan for Cyber R&D

Members of the public have the opportunity to provide their insight on the newest version of the federal government’s guiding document for cybersecurity research and development. The National Science Foundation and the Networking and Information Technology Research and Development’s National Coordination Office filed a request for information, scheduled to be published in the Federal Register Feb. 7, on the 2023 Federal Cybersecurity Research and Development Strategic Plan as they work to update the document. 

As required by the Cybersecurity Enhancement Act of 2014, the federal cybersecurity research and development plan must be updated every four years. The agencies note that the plan will “be used to guide and coordinate federally funded research in cybersecurity, including cybersecurity education and workforce development, and the development of consensus-based standards and best practices in cybersecurity.”

The most recent plan was last updated in 2019 in an effort to “coordinate and guide federally funded R&D in cybersecurity, including development of consensus-based standards and best practices.” The 2019 plan details four interrelated defense capabilities—deter, protect, detect and respond—and six cybersecurity R&D priority areas—artificial intelligence, quantum information science, trustworthy distributed digital infrastructure, privacy, secure hardware and software as well as education and workforce development—as federal focus areas.

For the newest iteration, NSF and NITD NCO asked those responding to consider a 10-year time frame for challenges, potential research activities and outcomes. 

The RFI includes seven questions for consideration:

• What new innovations could greatly improve the security, reliability, resiliency, trustworthiness and privacy protections of the digital ecosystem?
• Are there mature solutions that address the deficiencies identified in the 2019 plan? And what research or topic areas from the 2019 plan do not need to be prioritized anymore?
• What research or topics should continue to be a priority that were identified in the 2019 plan?
• What objectives not included in the 2019 plan should be strategic priorities for federally funded cybersecurity R&D?
• What scientific, technological, economic, legal or societal changes or developments could disrupt the ability to secure the digital ecosystem and make it resilient? What R&D could improve the understanding of these developments and improve our ability to address disruptions?
• What cybersecurity education and workforce development advancements should be considered to prepare current and future workers in emerging issues like quantum computing? 
• What other R&D strategies, plans, etc. in the U.S. or abroad should be considered to update the new plan?

Responses must be submitted by 11:59pm ET on March 3, 2023, by email, mail or fax.