The Department of Homeland Security's Science and Technology Directorate is initiating new research to answer key questions before it embarks on a new cybersecurity strategy.
To that end, the department's S&T Cyber Risk Economics program, or CYRIE, aims to fund applied research and development, interdisciplinary initiatives and knowledge technologies and capabilities, the DHS said Tuesday.
CYRIE seeks to answer how and why cybersecurity investments are made; how these investments affect risk and harm; the relationship between cybersecurity and traditional business risk; and necessary incentives needed to support effective cyber risk management.
In line with this, the S&T developed the new Cyber Risk Economics Capability Gaps Research Strategy, which is grouped in six themes and subdivided into 12 focus areas and seeks to address risk challenges such as risk quantification; government, law and insurance roles; third party risk; organizational behavior and incentives; data gathering and distribution; and threat dynamics.
"The strategy's objective is to narrow the gap between research and practice by apprising the research community of real-world cyber risk economic challenges, and ultimately, to inform evidence-based policy and actions by industry and government," said CYRIE program manager Erin Kenneally.
"CYRIE's goal is to improve value-based decision making by those who own, operate, protect and regulate the nation's vital data assets and critical infrastructure," Kenneally added.