Cybersecurity and Information Assurance

The CSIA Interagency Working Group (IWG) was created in 2006 to coordinate Federal cybersecurity R&D across 16 participating agencies and support their research activities to protect U.S. information and information systems from cyber threats. Guided by the Federal Cybersecurity Research and Development Strategic Plan and aligned with NIST’s Framework for Improving Critical Infrastructure Cybersecurity, the IWG focuses on the safety and security of systems that underpin a vast array of capabilities and technologies in multiple sectors, including power generation, transportation, finance, healthcare, manufacturing, and national security.

Strategic Priorities

• Cybersecurity Through Human-centered Approaches: Develop capabilities to effectively incorporate human and societal values, needs, and abilities into the design, development, operation, and evaluation of information systems and cybersecurity solutions.
• Empower Organizations to Tackle Cybersecurity Threats: Develop methods, techniques to understand, analyze, and manage cyber security, cyber resilience, and privacy risks. Advance methods and techniques to understand how markets, liabilities, incentives, insurance, and regulation could ensure better cyber security and cyber resilience outcomes.
• Cybersecurity Education and Workforce Development: Advance programs in cybersecurity education, training, professional development, and public awareness. Develop capabilities to improve the productivity of the cybersecurity workforce.
• Establish and Negotiate Trust: Develop capabilities to establish, enforce, and verify the desired level of trust at all layers of computing (e.g., hardware, operating systems, applications, networking, information exchanges). Develop capabilities to establish and ensure trust for identity, access, and interoperation.
• Cyber Resilience by Design: Develop methods and approaches for designing, developing, and validating systems that can withstand and recover from cyberattacks and continue to deliver vital functions even when compromised. Advance science and engineering of cyber resilience.
• Deter: Develop capabilities to efficiently discourage malicious cyber activities by increasing costs, diminishing the spoils of, and increasing risks and uncertainty for potential adversaries.
• Protect: Develop technologies to limit system vulnerabilities through design, construction, and verification, where components, systems, users, and critical infrastructure can efficiently resist malicious cyber activities, and can ensure confidentiality, integrity, availability, and accountability.
• Detect: Develop technologies to ensure that system owners and users have situational awareness and understanding of ongoing activities and can reliably detect malicious cyber activities.
• Respond: Develop technologies to provide real-time assessments of system anomalies, provide adaptive response to disruptions, sustain critical functions, and enable automated recovery.
• Protect Software and Hardware Supply Chain: Develop capabilities to attest to Software and Hardware supply chain integrity through design and development, and to verify and maintain ongoing supply chain integrity throughout operations.
• Realize Secure and Trustworthy Artificial Intelligence: Develop capabilities to realize AI that is verifiably safe, secure, and resilient. Provide capabilities that improve trusted collaboration between humans and AI.
• Secure Clean Energy Future: Develop capabilities to ensure that clean energy technologies and systems are inherently secure and resilient to cyber or cyber-physical threats.