Herb Lin's latest report.

In the past several years, cybersecurity has been transformed from a concern chiefly of computer scientists and information system managers to an issue of pressing national importance.

Today, there is an inadequate understanding of what makes IT systems vulnerable to attack, how best to reduce these vulnerabilities, and how to transfer cybersecurity knowledge to actual practice. For these reasons, and in response to both legislative and executive branch interest, the National Research Council (NRC) established the Committee on Improving Cybersecurity Research in the United States. The committee was charged with developing a strategy for cybersecurity research in the 21st century.

... The committee identified several principles that should shape the cybersecurity research agenda:

Conduct cybersecurity research as though its application will be important.
Hedge against uncertainty in the nature and severity of the future cybersecurity
Ensure programmatic continuity.
Respect the need for breadth in the research agenda.
Disseminate new knowledge and artifacts (e.g., software and hardware prototypes) to the research community.

...