Aligning Topics with the National Critical Functions

Central to the Secure Tomorrow Series effort is the selection of topics to explore that are likely to have highly disruptive impact across multiple National Critical Functions (NCFs) in the next 3-20 years.

Strategic Foresight

Strategic foresight is one of several terms (i.e., futures studies, futurology) used to describe the study of alternative futures by anticipating how various drivers—aging infrastructure, global pandemics, climate change, emerging technologies, and more—may impact how the world is changing. The intent of strategic foresight is to identify actions that, if taken today, would steer a community or organization toward its preferred future. For CISA, this means a future in which critical infrastructure is more secure and resilient. A central premise of strategic foresight is that no one entity can successfully predict the future. Instead, the methodology treats the future as a set of plausible alternatives.

Topic: Anonymity and Privacy

Maintaining the balance between identity verification—for purposes such as voting, disease-related contact tracing, and law enforcement—and protecting anonymity is becoming increasingly challenging. Online activity and tracking, machine learning, facial recognition, data aggregation, and third-party data brokers present evolving threats to individual control of data and privacy. Meanwhile, recent data privacy laws and regulations, such as the European Union’s General Data Protection Regulation and the California Consumer Privacy Act, have redefined what constitutes personal data.

  • NCFs include: Protect Sensitive Information; Preserve Constitutional Rights; Enforce Law; Provide Information Technology Products and Services; Provide Identity Management and Associated Trust Support Services; Maintain Access to Medical Records; and Provide Internet Based Content, Information, and Communication Services.

Topic: Trust and Social Cohesion

Social cohesion is commonly defined as citizens’ belief that they share a moral community or common focus on societal well-being with one another, their governing bodies, and other institutions. This belief generally leads to trust. Social cohesion provides a source of potential risk to critical infrastructure and cybersecurity as well as a tool to mitigate that risk. Numerous factors can influence the degree of social cohesion, or sense of belonging, within a community and the effect of that cohesion on individual and community behavior and overall security. For example, Americans and critical infrastructure owners look to institutions (e.g., local police department and election officials) to perform important functions such as ensuring public safety and supporting the secure and reliable delivery of NCFs.

The ability or inability—whether real or perceived—to provide these functions reliably can affect public trust, diminish faith in function, and have deleterious impacts on national security. Exploring how emerging risks to critical infrastructure and cybersecurity and potential mitigation strategies affect social cohesion, positively and negatively, provides insights into the associated individual and community responses and their impact on critical infrastructure and cybersecurity risk management. Such analysis may expose unanticipated threats and vulnerabilities caused or exacerbated by reduced social cohesion or challenges to potential response activities.

  • NCFs include: Enforce Law, Operate Government, Conduct Elections, prepare for and Manage Emergencies, Support Community Health, and Provide Public Safety.

Topic: Data Storage and Transmission

Data creation is growing at an accelerating rate, placing increasing demands on systems to ensure secure storage and transmission. Data access, integrity, and confidentiality are critical to accomplishing national objectives, including economic growth; improvements in medicine, public health, and public safety; and dominance in key emerging technologies (e.g., artificial intelligence). The Nation must also guard against potential risks, including breaches, privacy violations, algorithmic bias, misuse of data, and loss of public trust. Approaches to data—what’s considered fair, appropriate, and desirable—can vary greatly among countries and lead to competitive advantages. Effective and efficient use of data can be a value driver.

  • NCFs include: Provide Internet Based Content, Information, and Communication Services; Provide Internet Routing, Access, and Connection Services; Protect Sensitive Information; Operate Core Network; Provide Information Technology Products and Services; and Provide Identity Management and Associated Trust Support Services

Topic: Brain-Computer Interfaces (BCIs)

BCIs have long been confined to medical laboratory settings, where they have demonstrated enormous promise for helping patients regain motor function or communicate. In recent years, major technology companies have begun investing in BCIs, bringing an infusion of resources that will likely accelerate breakthroughs in BCI capabilities, more commercial applications, and their entry into numerous sectors. However, these advances will bring a host of potential privacy, security, equity, and individual welfare concerns. Additionally, other countries are investing in developing BCI technology, which may expose the United States to risks from economic and military competition, as well as ethical, legal, and security concerns.

  • NCFs include: Educate and Train, Preserve Constitutional Rights, Protect Sensitive Information, Provide Medical Care, Provide Wireless Access Network Services, and Support Community Health

Topic: Synthetic Biology

Synthetic biology is the redesigning and harnessing of biological organisms to impart new or improved abilities and produce products. In the next 5–20 years, synthetic biology will likely contribute to significant advances in food and agriculture, healthcare, sensors and diagnostics, manufacturing, and more. However, synthetic biology poses dual-use risks; the rapid progress in this field that is contributing to beneficial advances can also facilitate nefarious applications such as making relatively benign bacteria and viruses more pathogenic. Manipulation of systems using synthetic biology

could result in unintended or accidental negative impacts.

  • NCFs include: Manage Hazardous Materials, Manage Wastewater, Produce and Provide Agricultural Products and Services, Produce and Provide Human and Animal Products and Services, Produce Chemicals, Provide Medical Care, and Supply Water

Topic: Quantum Technologies (computing, communications, and sensors)

The rapid development of quantum technologies—specifically, quantum computers and new algorithms that can break public key encryption (PKE)—raises the specter of a potentially catastrophic future threat to all applications that depend on information and communications technologies. The risks are multilayered and entwined, and certain critical infrastructure systems are particularly vulnerable because of their reliance on internet-connected industrial control systems and internet-enabled distributed operations.

  • NCFs include: Provide Internet-based Content, Information, and Communication Services; Conduct Elections; Maintain Access to Medical Records; Protect Sensitive Information; Provide Consumer and Commercial Banking Services; Provide Identity Management and Associated Trust Support Services; Provide Information Technology Products and Services; and Research and Development