Digitaleclub
Best for you!

Cyber LEAP Act aims for innovations through Cybersecurity Grand Challenges

The Senate Commerce Committee approved last week what could prove to be an essential piece of legislation for cybersecurity researchers: The Cybersecurity Competitions to Yield Better Efforts to Research the Latest Exceptionally Advanced Problems, or Cyber LEAP Act of 2020. Sponsored by Commerce Committee Chairman Roger Wicker (R-MS) and Senators Cory Gardner (R-CO) and Jacky Rosen (D-NV), the bill establishes a national series of Cybersecurity Grand Challenges so that the country can “achieve high-priority breakthroughs in cybersecurity by 2028.”

The challenges set up under the legislation will offer prizes, including cash and non-cash prizes, to competition winners, although the prizes aren’t yet spelled out. The legislation directs the secretary of commerce to set up the competitions in six key areas:

  1. Economics of a cyber attack, focused on building more resilient systems while raising the costs for adversaries
  2. Cyber training, to give Americans digital security literacy and boost the skills of the cyber workforce
  3. Emerging technology, to advance cybersecurity knowledge in emerging technologies such as artificial intelligence
  4. Reimagining digital identity, aimed at protecting the digital identities of US internet users
  5. Federal agency resilience, to reduce cybersecurity risks to federal networks and improve the federal response to cyberattacks
  6. Other challenges as determined by the secretary of commerce

Transforming society’s approach to security

The legislation further says the commerce secretary should consider the recommendations of a 2018 report produced by the National Security Telecommunications Advisory Committee entitled NSTAC Report to the President on a Cybersecurity Moonshot. That report recommended an approach called the “Cybersecurity Moonshot” named after NASA’s efforts to send a man to the moon.

Unlike a moon landing, the cybersecurity moonshot outlined in the 2018 report seeks societal transformation rather than one big, recognizable triumph. The moonshot approach outlined by NSTAC should also result in a clear, strategic “whole of nation” framework to help the government, private industry, academia, and civil society achieve the objectives of the moonshot, according to the report.

The NSTAC report was an industry-led initiative, spearheaded by executives from Unisys and Palo Alto Networks and governed by a committee of industry and government representatives from AT&T, Microsoft, Raytheon, CenturyLink, McAfee, Neustar, NSA and other organizations. The use of competitions or challenges to achieve strategic goals is “a well-established model for accelerating whole-of-nation innovation in critical areas,” Ryan Gillis, vice president, cybersecurity strategy and global policy, Palo Alto Networks, tells CSO.

Grand cybersecurity challenges are a recent phenomenon. The first and, so far, only big Cyber Grand Challenge (CGC) was created by the Defense Advanced Research Projects Agency (DARPA) and culminated in a final contest in 2016 at the 24th DEF CON in Las Vegas. The goal was to host the “world’s first automated network defense tournament,” modeled on the hugely popular capture-the-flag contests held at most major hacking conferences, including DEF CON.

Leave A Reply

Your email address will not be published.