Our nation's computers face ever-increasing threats from malicious individuals, organizations, and nation states. Effective computer security tools are often too complex for most administrators to understand and use. This allows many attacks to succeed, causing significant damage and undermining confidence in vital commercial and public information systems. The result is a large, direct economic impact—estimates show that Americans lose billions of dollars1 each year to cyber crime.
Proposed NIST Program
NIST is a recognized world leader in the field of cybersecurity. This initiative will allow NIST to:
- collaborate with academic and government organizations to strengthen U.S. standards for managing "cryptographic keys," secret numbers absolutely vital to protecting the confidentiality and integrity of sensitive information;
- develop a framework and plan for multifactor authentication that uses interoperable biometric or cryptographic credentials (in addition to passwords) to increase assurance of a user's claimed identity;
- determine how to make security mechanisms more usable, so that it is easy for users to do the right thing and hard for them to do the wrong thing;
- develop new security automation standards and create sets of minimum requirements to more easily and effectively secure widely used software;
- improve measurement of the fundamental properties of networked computers that make them either resistant or vulnerable to attacks;
- conduct research on technologies to securely isolate information within a computer shared by multiple users; and
- partner with the financial services sector and several federal agencies to develop a critical infrastructure testbed for testing game-changing strategies for improving cybersecurity.
This work will help to:
- reduce the economic cost of cyber crime and lower operational costs for security;
- improve user confidence in e-commerce and cyber infrastructure, despite the escalation of threats; and
- expedite adoption of emerging information technologies, such as cloud computing and social networks.