Embedded R&D for Cybersecurity in an Operational Environment


This paper describes a paradigm shift from how cybersecurity research and development (R&D) is traditionally applied in an operational environment. The methodology is referred to as embedded R&D (eR&D); cybersecurity researchers are tightly coupled with the operational stakeholders. This tight-knit relationship allows the researchers to elicit R&D requirements from the stakeholders seamlessly on a continuous basis, and gives the researchers immediate access to the tactical environment in which the analysts and operators work; this helps close the gap in the age-old disconnect between the research and operational communities. Tools may be employed to enhance, augment, and advance the mission of an eR&D team.

One such tool, REQcollect [5], was developed through several agile development iterations and the through the transition of other projects. Multiple federal agencies have sponsored the work and subsequently transitioned the technologies into use. The predecessors to REQcollect are REQdb (REQuirements Database) and DART3 (Department of Homeland Security Assistant for R&D Tracking and Technology Transfer) [6]. REQcollect combines the best components of these two systems: a requirements elicitation and collection tool and a Google-like matching algorithm to identify potential transitions of R&D projects with similar or identical requirements.