- Basing trust decisions on verified assertions (Digital Provenance)
- Attacks only work once if at all (Moving-target Defense)
- Knowing when we have been had (Hardware-enabled Trust)
- Move from forensics to real-time diagnosis (Nature-inspired Cyber Health)
- Crime does not pay (Cyber Economics)
I participated in the Cyber Economics group (you'll no doubt see my fingerprints on this participants' report). I also spent time in the Digital Provenance and Hardware enabled Trust groups, and experts in these groups have proposed some fascinating proposals. The participant reports can't do justice to the real-time sharing and high speed deliberation of technological and operational possibilities. Despite this, I think you can find enough in the reports to search deeper in subject areas you find most interesting.
Some of the ideas proposed in the reports are very forward looking (endpoint hardware that verifies system integrity and monitors for anomalous user behavior). Some proposals do not offer new ideas but encourage continued investment or sustained activity in areas that have demonstrated promise (collaborative response a la Conficker Response WG, broader adoption of admission controls). Other proposals will take many years and considerable funding to bring to maturity (Centers for Cyber Disease Control and Prevention). Still others were proposed primarily for their 10 word sound bite value (Cyber Insurance, 911 Cyber).
US Federal Chief Technology Officer US Aneesh Chopra indicated in his address to the summit that these reports will be considered by the Obama Administration as it builds its cybersecurity research and development agenda. One expected outcome from the Summit and reports is a series of calls to the technical community to undertake projects inspired by the summit ideas.