Abstract
This paper is concerned with increasing the impact of publicly funded research and development (R&D) in cyber security and privacy. In the context of a high level of threat, there is a pressing need for firms and institutions to implement innovative and robust cyber security and privacy technologies. This particular challenge requires a systematic coordinated approach across both the public and private sectors. The innovation ecosystem involves complex interactions between key actors such as policy makers, incumbent service providers, and new innovators, each with their own view of how to increase the impact of R&D in cyber security and privacy. Drawing on R&D literature and roadmapping theory, this paper presents a framework and research tool for establishing an integrated view of innovation management in cyber security and privacy.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Maughan, D., Balenson, D., Lindqvist, U., Tudor, Z.: Crossing the “Valley of Death”: transitioning cybersecurity research into practice. IEEE Secur. Priv. 11(2), 14–23 (2013)
Anderson, R., Boehme, R., Clayton, R. Moore, T.: Security Economics and the Internal Market. ENISA (2008)
Downey, F.: Bridging the “valley of death”: Response to the House of Commons Science and Technology Select Committee Bridging the “valley of death”: Improving the Commercialisation of Research Inquiry from Engineering the Future. The Royal Academy of Engineering, London (2012)
Auerswald, P.E., Branscomb, L.M.: Valleys of death and Darwinian seas: financing the invention to innovation transition in the United States. J. Technol. Transf. 28(3–4), 227–239 (2003). (Kluwer Academic Publishers)
Benzel, T.V., Lipner, S.: Crossing the great divide: transferring security technology from research to the market. IEEE Secur. Priv. 11(2), 12–13 (2013)
D’Amico, A., O’Brien, B., Larkin, M.: building a bridge across the transition chasm. IEEE Secur. Priv. 11(2), 24–33 (2013)
Mankins, J.C.: Technology readiness levels: a white paper. NASA (1995)
NASA: HRST technology assessments technology readiness levels, chart
Mankins, J.C.: Research & Development degree of difficulty (R&D3): a white paper. NASA (1998)
ENISA: Security economics and the internal market: evaluation of stakeholder replies (2008)
ENISA: Security economics and the internal market: ENISA conclusions on follow-up activities (2008)
EUROCONTROL: European operational concept validation methodology, E-OCVM version 3.0, volume I (2010)
EUROCONTROL: European operational concept validation methodology, E-OCVM version 3.0, volume II annexes (2010)
INSEAD: The global innovation index 2012: stronger innovation linkages for global growth. INSEAD and WIPO (2012)
ENISA: EP3R 2012 activity report. European Public+Private Partnership for Resilience (2012)
ENISA: EP3R 2013 work objectives. European Public+Private Partnership for Resilience (2013)
NIST: Between invention and innovation: an analysis of funding for early-stage technology development. NIST GCR 02–841, November 2002
Hartmann, G.C., Myers, M.B.: Technical risk, product specifications, and market risk. In: Branscomb, L.M., Auerswald, P.E. (eds.) Taking Technical Risks: How Innovators, Executives, and Investors Manage High-Tech Risks. MIT Press, Cambridge (2003)
European Commission: Pre-commercial procurement: driving innovation to ensure high public services in Europe. European Communities (2008)
European Commission: Opportunities for public technology procurement in the ICT-related sectors in Europe, final report (2008)
European Commission: Communication from the Commission to the European Parliament, The Council, The European Economic and Social Committee and the Committee of the Regions, Pre-commercial Procurement: Driving innovation to ensure sustainable high quality public services in Europe, SEC(2007) 1668, COM(2007) 799 final, Brussels (2007)
Felici, M., Wainwright, N.: Deliverable 6.4 – Future Internet Initiatives Year 1. SecCord Project No. 316622, November 2013
Probert, D., Radnor, M.: Frontier experiences from industry-academia consortia. IEEE Eng. Manag. Rev. 31(3), 28 (2003)
Groenveld, P.: Roadmapping integrates business and technology. Res. Technol. Manag. 50(6), 49–58 (2007). (Industrial Research Institute)
Cosner, R.R., Hynds, E.J., Fusfeld, A.R., Loweth, C.V., Scouten, C., Albright, R.: Integrating roadmapping into technical planning. Res. Technol. Manag. 50(6), 31–48 (2007). (Industrial Research Institute)
Department for Homeland Security: A roadmap for cybersecurity research. United States Government (2009)
Industrial Control Systems Joint Working Group: Cross-sector roadmap for cybersecurity of control systems. Department for Homeland Security, United States Government (2011)
Dissel, M.C., Phaal, R., Farrukh, C.J., Probert, D.R.: Value roadmapping. Res. Technol. Manag. 52(6), 45–53 (2009). (Industrial Research Institute)
Petrick, I.J., Martinelli, R.: Driving disruptive innovation: problem finding and strategy setting in an uncertain world. Res. Technol. Manag. 55(6), 49–57 (2012). (Industrial Research Institute)
Radnor, M., Probert, D.R.: Viewing the future. Res. Technol. Manag. 47(2), 25–26 (2004). (Industrial Research Institute)
Phaal, R., Farrukh, C., Probert, D.: Customizing roadmapping. IEEE Eng. Manag. Rev. 32(3), 80–91 (2004)
Phaal, R., Farrukh, C.J.P., Probert, D.R.: Developing a technology roadmapping system. In: Technology Management: A Unifying Discipline for Melting the Boundaries, Portland International Conference on Management of Engineering & Technology (PICMET), pp. 99–111 (2005)
European Commission: High Representative of the European Union for Foreign Affairs and Security Policy, Joint Communication to the European Parliament, The Council, The European Economic and Social Committee and the Committee of the Regions, Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace, JOIN (2013) 1 final, Brussels (2013)
Department of Homeland Security, Science and Technology Directorate: A roadmap for cybersecurity research, November 2009
Cybersecurity R&D priorities, United States Homeland Security (2014)
Trustworthy cyberspace: strategic plan for the federal cybersecurity research and development program. Executive Office of the President National Science and Technology Council (2011)
NITRD: Cybersecurity game-change research & development recommendations. The Networking and Information Technology Research and Development (NITRD) Program (2010)
White House: cyberspace policy review: assuring a trusted and resilient information and communications infrastructure. United States Whitehouse publication (2009)
ESCSWG: Roadmap to achieve energy delivery systems cybersecurity. The Energy Sector Control Systems Working Group (ESCSWG), Sept (2011)
Space Foundation: U.S. non-military cybersecurity research & development and related policies, Cybersecurity, Federal Research and Development Strategic Plan. Space Foundation (2014)
Acknowledgments
This work has been partly funded by the Seventh Framework Programme (FP7) of the European Commission, Security and Trust Coordination and Enhanced Collaboration (SecCord) – http://www.seccord.eu/ – grant agreement 316622.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix
Appendix
Increasing the impact of publicly funded R&D in the United States – Desk-based roadmapping | |||
|---|---|---|---|
Source | Roadmap label | Documented evidence | |
A roadmap for cybersecurity research [34] | 1.1 | Stakeholder collaboration | Public-private collaboration among government, industry, and academia, + extraordinary economic, social, and technological forcing functions |
1.2 | Metrics and benefits (large scale systems) | Metrics need to be experimentally evaluated and benefits to large scale systems clearly demonstrated | |
1.3 | Proven demonstrations | Proven demonstrations of effectiveness are required, this would help roll-out adoption in practice | |
1.4 | Preparation for test evaluation | Design mechanisms, policies, and plans for test evaluation that can be incrementally deployed | |
1.5 | New ways of managing IPR (Intellectual Property Rights) | Innovative approaches to licensing and sharing intellectual properties for global scale technologies | |
1.6 | Committed to system trustworthiness | Overarching commitment to system trustworthiness, going beyond past approaches | |
1.7 | Monitoring and accountability | Recognition of the pervasive needs for monitoring and accountability | |
1.8 | Critical areas for technology application | Understanding critical areas suitable for technology application | |
Cross sector roadmap for cybersecurity of control systems [27] | 2.1 | Bridging new and legacy systems | Encourage R&D into tying legacy systems into upcoming security solutions |
Homeland Security – cybersecurity R&D priorities [35] | 3.1 | Address critical weaknesses | Driving security improvements to address critical weaknesses |
3.2 | Solutions to emerging threats | Discovering new solutions for emerging cyber security threats | |
3.3 | New, tested technologies | Delivering new, tested technologies to defend against cyber security threats | |
Trustworthy cyberspace: Strategic Plan for the Federal Cybersecurity R&D Program [36] | 4.1 | Early stage transition plan | Early stage transition plan in place, that includes commercialization pathways, tech transfer coordination, proactive program management, and resources to reward success in transitioning |
4.2 | Shifting risk to the private sector | Private sector is willing to take on significant risk-taking and shepherd research through the commercialization process | |
4.3 | Create cross-agency forums | Participation in cross-agency security entrepreneur forums, PI meetings, laboratory expos, and defense venture catalyst initiative | |
4.4 | Leverage networked environments for test and evaluation | Cross-agency activities designed to leverage available operational and next generation networked environments to support experimental deployment, test and evaluation in public and private environments | |
4.5 | Develop partnerships for mature technologies | Cross-agency activities designed to develop partnerships for mature technologies, through open system integrator forums (VCs, SIs, government), and small business innovative research conferences | |
4.6 | Rewards for program managers | Government funded R&D to build-in rewards for government program managers and principal investigators for commercial success | |
Cybersecurity game-change R&D recommendations [37] | 5.1 | Incubators for radical R&D | Support game-changing R&D using incubators and Federal start-up funding |
5.2 | Seed funding for industry led R&D | Support industry-based research consortia to lead and direct focused R&D using seed funding | |
5.3 | University and industry partnering | Support universities to create industrial partner programs designed to stimulate pre-competitive cooperation among industrial partners | |
5.4 | Quality talent in public sector roles | Recruit experienced high quality talent into government program manager roles, supporting technology transfer | |
Cyberspace policy review: assuring a trusted and resilient information and communications infrastructure [38] | 6.1 | Rapid adoption of R&T (Research and Technology) | Federal government to work with industry to develop migration paths and incentives for rapid adoption of research and technology development, including collaboration between academic and industrial laboratories |
6.2 | Define goals for standards bodies | Federal government, in collaboration with private sector and other stakeholders, should use the infrastructure objectives and R&D framework to help define goals for national and international standards bodies | |
Roadmap to achieve energy delivery systems cybersecurity [39] | 7.1 | Industry forum for commercialization | Develop a matchmaking forum to connect researchers, vendors, and asset owners to accelerate research from concept to commercialization |
7.2 | Industry need and evidence based investment | Develop mechanisms for utility and vendor engagement for pilot research studies to address the business case up front. Create a forum for industry to detail and request R&D topics | |
7.3 | Focus funding on multi-disciplinary projects | Require diverse (academic, lab, industry) participation to receive funding | |
7.4 | Data protection for vulnerability data | Support legislation that protects entities who disclose vulnerabilities in good faith to the appropriate parties | |
Federal R&D strategic plan [40] | 8.1 | Departments report R&D requirements | Required to provide Congress with a strategic plan based on an assessment of cyber security risk to guide the overall direction of Federal cyber security and information assurance R&D for IT and networking systems |
8.2 | Departments create scientific foundation | Through existing programs and activities, support research that will lead to the development of a scientific foundation for the field of cyber security, including research that increases understanding of the underlying principles of securing complex networked systems, enables repeatable experimentation, and creates quantifiable security metrics | |
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Kapletia, D., Felici, M., Wainwright, N. (2014). An Integrated Framework for Innovation Management in Cyber Security and Privacy. In: Cleary, F., Felici, M. (eds) Cyber Security and Privacy. CSP 2014. Communications in Computer and Information Science, vol 470. Springer, Cham. https://doi.org/10.1007/978-3-319-12574-9_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-12574-9_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-12573-2
Online ISBN: 978-3-319-12574-9
eBook Packages: Computer ScienceComputer Science (R0)