MITRE’s Response to the OSTP RFI Supporting the 2023 Federal Cybersecurity R&D Strategic Plan

What’s the issue?  Pursuant to the Cybersecurity Enhancement Act of 2014, the federal government, via the National Science and Technology Council, must update the Federal Cybersecurity R&D Strategic Plan every four years. The Office of Science and Technology Policy issued a series of questions to help gather data and insights that would help update the Strategic Plan for 2023.

What did we do? The Center for Data-Driven Policy led a cross-MITRE analysis of OSTP’s posed questions, seeking to uncover data and evidence (from our work in the public interest) that would help the White House understand opportunities and develop plans that are evidence-based, actionable, and effective.

What did we find? MITRE found that the 2019 Strategic Plan remains largely accurate and viable today despite technological advancements; COVID-19-driven changes in work, education, and communication paradigms; and new global conflicts and international competition that have taken place over the ensuing four years. This is a testament that the challenges in the prior Strategic Plan were both properly identified and difficult to overcome. We also provided recommendations for a better strategic framework, to better show linkages between this R&D Strategic Plan and other connected strategies, and to ensure that research to “raise the floor” of the nation’s collective cybersecurity posture isn’t forgotten. Finally, MITRE provided evidence-based answers to the technical questions posed.