Head of federally funded research lab wants to demystify cyber

The new head of a first-of-its-kind, public-private partnership for cybersecurity research believes demystifying the sector for the public might be as important a part of his job as developing new technologies.

“There is a perception that cyber is the realm of national security and everyone needs clearances and secret handshakes in order to participate,” Samuel Visner, the new head of the National Cybersecurity Federally Funded Research and Development Center (NCF), said in a recent interview with The Hill. “Nothing could be further from the truth.”

Federally funded research and development centers are a handful of publicly funded, private science facilities. They include the some of the nation’s most prominent research campuses — MIT Lincoln Laboratory, Los Alamos National Laboratory, Fermi National Accelerator Laboratory and the Jet Propulsion Laboratory. NCF, which is run out of the nonprofit MITRE Corporation, is the only one devoted to cybersecurity research. 

{mosads}

Visner, who became leader of the NCF at the end of October, is a former chief of signals intelligence at the National Security Agency. He came to NCF as the senior vice president for cybersecurity and resilience for the technology consultancy ICF International.  

He said his goal — beyond building “the strongest cybersecurity community in the world” — is to communicate that research better. In the past, he said, there has been a large gap between what researchers have discovered and what average people understand. 

“I come from the private sector. I know communications can be better,” he said. 

The goal, he said, would be to adequately relay the risks, reconfigure tools to be more usable in different environments and relay the available tools and best practices. 

That might mean developing industry-specific implementations from the National Institute of Standards and Technology’s (NIST) vaunted Cybersecurity Framework. NIST, a subdivision of the Department of Commerce, developed the widely used framework as a customizable guide for any business, government agency or organization to create a cybersecurity strategy. 

Visner said he might pursue guidelines on how to integrate the framework into different industries with their unique problems. 

Visner is prone to using buzzwords, but he tries to use them to say something substantive.

He isn’t the first person to bring up the idea of a “cybersecurity moonshot,” but he points toward discrete, solvable goals. 

He isn’t the first person to compare a federal cybersecurity mission to the Manhattan Project, but others have used that phrase to imply science would find workarounds for complex policy issues.

Visner does not call for solutions — he calls for better a better structure for researchers. 

“We need the same kind of driving mission as the post-World War II nuclear program, something that will answer, ‘what are the research standards? How is research going to be peer reviewed?’” he said.

“This is not something that will happen in 12 months,” he added. 

Visner described one potential “moonshot” as figuring out how to manage cybersecurity as the divisions between connected infrastructures begin to blur. Who, for example, will handle which aspects of security between transportation and energy grids as green power becomes a more prominent fuel source? 

As with everything else, Visner is not operating with a prescribed solution in mind, just a desire to better frame the efforts to get to one. 

“I don’t know what those models are yet,” he said, “but what I do know is that we have a special opportunity to make this happen.”