Aligning Topics with the National Critical Functions
Central to the Secure Tomorrow Series effort is the selection of topics to explore that are likely to have highly disruptive impact across multiple National Critical Functions (NCFs) in the next 20 years, with a particular focus on the next 3 to 7 years
Strategic Foresight
Strategic foresight is one of several terms (i.e., futures studies, futurology) used to describe the study of alternative futures by anticipating how various drivers—aging infrastructure, global pandemics, climate change, emerging technologies, and more—may impact how the world is changing. The intent of strategic foresight is to identify actions that, if taken today, would steer a community or organization toward its preferred future. For CISA, this means a future in which critical infrastructure is more secure and resilient. A central premise of strategic foresight is that no one entity can successfully predict the future. Instead, the methodology treats the future as a set of plausible alternatives.
Topic: Anonymity and Privacy
Maintaining the balance between identity verification—for purposes such as voting, disease-related contact tracing, and law enforcement—and protecting anonymity is becoming increasingly challenging. Online activity and tracking, machine learning, facial recognition, data aggregation, and third-party data brokers present evolving threats to individual control of data and privacy. Meanwhile, recent data privacy laws and regulations, such as the European Union’s General Data Protection Regulation and the California Consumer Privacy Act, have redefined what constitutes personal data.
- NCFs include: Protect Sensitive Information; Preserve Constitutional Rights; Enforce Law; Provide Information Technology Products and Services; Provide Identity Management and Associated Trust Support Services; Maintain Access to Medical Records; and Provide Internet Based Content, Information, and Communication Services.
Topic: Trust and Social Cohesion
Social cohesion is commonly defined as citizens’ belief that they share a moral community or common focus on societal well-being with one another, their governing bodies, and other institutions. This belief generally leads to trust. Social cohesion provides a source of potential risk to critical infrastructure and cybersecurity as well as a tool to mitigate that risk. Numerous factors can influence the degree of social cohesion, or sense of belonging, within a community and the effect of that cohesion on individual and community behavior and overall security. For example, Americans and critical infrastructure owners look to institutions (e.g., local police department and election officials) to perform important functions such as ensuring public safety and supporting the secure and reliable delivery of NCFs.
The ability or inability—whether real or perceived—to provide these functions reliably can affect public trust, diminish faith in function, and have deleterious impacts on national security. Exploring how emerging risks to critical infrastructure and cybersecurity and potential mitigation strategies affect social cohesion, positively and negatively, provides insights into the associated individual and community responses and their impact on critical infrastructure and cybersecurity risk management. Such analysis may expose unanticipated threats and vulnerabilities caused or exacerbated by reduced social cohesion or challenges to potential response activities.
- NCFs include: Enforce Law, Operate Government, Conduct Elections, prepare for and Manage Emergencies, Support Community Health, and Provide Public Safety.
Topic: Data Storage and Transmission
Data creation is growing at an accelerating rate, placing increasing demands on systems to ensure secure storage and transmission. Data access, integrity, and confidentiality are critical to accomplishing national objectives, including economic growth; improvements in medicine, public health, and public safety; and dominance in key emerging technologies (e.g., artificial intelligence). The Nation must also guard against potential risks, including breaches, privacy violations, algorithmic bias, misuse of data, and loss of public trust. Approaches to data—what’s considered fair, appropriate, and desirable—can vary greatly among countries and lead to competitive advantages. Effective and efficient use of data can be a value driver.
- NCFs include: Provide Internet Based Content, Information, and Communication Services; Provide Internet Routing, Access, and Connection Services; Protect Sensitive Information; Operate Core Network; Provide Information Technology Products and Services; and Provide Identity Management and Associated Trust Support Services
Topic: Brain-Computer Interfaces (BCIs)
BCIs have long been confined to medical laboratory settings, where they have demonstrated enormous promise for helping patients regain motor function or communicate. In recent years, major technology companies have begun investing in BCIs, bringing an infusion of resources that will likely accelerate breakthroughs in BCI capabilities, more commercial applications, and their entry into numerous sectors. However, these advances will bring a host of potential privacy, security, equity, and individual welfare concerns. Additionally, other countries are investing in developing BCI technology, which may expose the United States to risks from economic and military competition, as well as ethical, legal, and security concerns.
- NCFs include: Educate and Train, Preserve Constitutional Rights, Protect Sensitive Information, Provide Medical Care, Provide Wireless Access Network Services, and Support Community Health
Topic: Synthetic Biology
Synthetic biology is the redesigning and harnessing of biological organisms to impart new or improved abilities and produce products. In the next 5–20 years, synthetic biology will likely contribute to significant advances in food and agriculture, healthcare, sensors and diagnostics, manufacturing, and more. However, synthetic biology poses dual-use risks; the rapid progress in this field that is contributing to beneficial advances can also facilitate nefarious applications such as making relatively benign bacteria and viruses more pathogenic. Manipulation of systems using synthetic biology
could result in unintended or accidental negative impacts.
- NCFs include: Manage Hazardous Materials, Manage Wastewater, Produce and Provide Agricultural Products and Services, Produce and Provide Human and Animal Products and Services, Produce Chemicals, Provide Medical Care, and Supply Water
Topic: Quantum Technologies (computing, communications, and sensors)
The rapid development of quantum technologies—specifically, quantum computers and new algorithms that can break public key encryption (PKE)—raises the specter of a potentially catastrophic future threat to all applications that depend on information and communications technologies. The risks are multilayered and entwined, and certain critical infrastructure systems are particularly vulnerable because of their reliance on internet-connected industrial control systems and internet-enabled distributed operations.
- NCFs include: Provide Internet-based Content, Information, and Communication Services; Conduct Elections; Maintain Access to Medical Records; Protect Sensitive Information; Provide Consumer and Commercial Banking Services; Provide Identity Management and Associated Trust Support Services; Provide Information Technology Products and Services; and Research and Development
Topic: Advanced Manufacturing
The world has seen steady growth in the industrial internet of things, 3D printing, and the power of information and big data analytics in manufacturing. The remainder of this decade will likely see the continued maturation and convergence of these areas, which will introduce a range of vulnerabilities and possible disruptions to critical infrastructure systems. Integrated cyber-physical systems, data-based semi-autonomous networks, and digital manufacturing processes make almost anything in a decentralized manufacturing ecosystem vulnerable to cybersecurity attack or manipulation from malicious actors. Moreover, the expansion of advanced manufacturing processes for biological and medical purposes raises questions about toxicity, the biocompatibility of manufactured parts, and nefarious applications. In addition, supply chain risks and workforce challenges threaten the U.S. outlook on advanced manufacturing.
- NCFs include: Manufacture Equipment; Provide Information Technology Products and Services; Protect Sensitive Information; Produce Chemicals; Provide Metals and Materials; Research and Development; and Educate and Train
Topic: Information and Communications Technology (ICT) Supply Chain Resilience
Managing risk in the ICT supply chain is an evolving challenge that spans multi-billion-dollar black markets, geopolitical tensions, and rapid technological change. Present-day challenges such as counterfeit components and the need for effective international standards are likely to grow this decade. Evolving future challenges such as the rollout of 5G, the proliferation of artificial intelligence–enabled cyber weapons, and the increasing instability in domestic energy infrastructure will each add new layers of complexity to ICT supply chain risk management. These challenges will necessitate stronger governance and visibility, improved information sharing among relevant parties, and better training for those directly involved in the ICT supply chain.
- NCFs include: Provide Wireless Access Network Services; Provide Internet Routing, Access, and Connection Services; Provide Internet Based Content, Information, and Communication Services; Operate Core Network; Provide Information Technology Products and Services; Perform Cyber Incident Management Capabilities; and Protect Sensitive Information
Topic: Water Availability
Water of sufficient quantity and quality is essential for human health, economic productivity, and the operation of critical infrastructure. Major climatic, demographic, economic, and policy pressures on water resources will increase the risks of water shortages and rising water prices in the near term. In the long term, these pressures potentially will alter agricultural growing areas, damage ecosystems, disrupt water transportation routes, generate acute health crises, increase inequities in water access, and contribute to failures of water and wastewater infrastructure. The interconnected nature of water with food and energy ensures that disruptions in water availability will lead to a wide range of cascading effects throughout critical infrastructure sectors.
- NCFs include: Supply Water; Manage Wastewater; Produce and Provide Agricultural Products and Services; Maintain Supply Chains; Generate Electricity; Support Community Health; Transport Cargo and Passengers by Vessel; and Exploration and Extraction of Fuels