Study Criticizes Government on Cybersecurity Research

[David Farber <dave () farber net>]

For record, I was on PITAC I   djf


------ Forwarded Message
From: "John F. McMullen" <observer () westnet com>
Date: Sat, 19 Mar 2005 06:29:58 -0500 (EST)
To: johnmac's living room <johnmacsgroup () yahoogroups com>
Cc: Dave Farber <farber () cis upenn edu>
Subject: Study Criticizes Government on Cybersecurity Research

> From the Wall Street Journal --
http://www.nytimes.com/2005/03/19/technology/19computer.html

Study Criticizes Government on Cybersecurity Research
By JOHN MARKOFF

A report released Friday by a panel of computer experts
criticizes the federal government, saying that its financing
of research on computer network security is inadequate and
that it is making a mistake by focusing on classified research
that is inaccessible to the commercial sector.

The report, commissioned by the Bush administration, calls for
the government to spend $148 million annually on Internet
security research through the National Science Foundation,
over the current $58 million. It also urges more research
spending by the Pentagon's Defense Advanced Research Projects
Agency, or Darpa, and by the Department of Homeland Security.

The report, "Cybersecurity: A Crisis of Prioritization," was
prepared by a subcommittee of the President's Information
Technology Advisory Committee, a group of industry and
university experts.

Research in Internet security is needed to protect systems
that run the government and military operations, as well as
other areas, including the electric power grid, the air
traffic control grid and financial systems, the report said.

"The federal government is largely failing in its
responsibility to protect the nation from cyberthreats," said
Edward D. Lazowska, chairman of the computer science and
engineering department at the University of Washington and
co-chairman of the panel. "The Department of Homeland Security
simply doesn't 'get' cybersecurity. They are allocating less
than 2 percent of their science and technology budget to
cybersecurity, and only a small proportion of this is
forward-looking."

Michelle Petrovich, a spokeswoman for the Department of
Homeland Security, disputed the criticism. "We take
cybersecurity seriously and have taken aggressive measures to
address various needs," she said. "Our cybersecurity budget
has gone up every year."

Peter Neumann, an independent computer scientist at SRI
International, a research center in Menlo Park, Calif., said
that both Congress and the Bush administration had been
neglecting civilian Internet security research.

"The problem is that there is no sense of the importance of
research in this Congress or in this administration," said Mr.
Neumann, who consults for the government.

The panel also found that the Internet security research
community was too small to meet a government goal of at least
doubling the size of civilian Internet security researchers by
the end of the decade. Fewer than 250 Internet security
researchers are now at United States universities, largely
because of unstable funding levels, the panel said.

The authors argue that because universities have provided many
crucial ideas, technologies and talent, both the civilian and
the military sectors are likely to be hurt by the recent
trend.

The panel also criticized a recent shift, at both Darpa and
the National Security Agency, toward short-term classified
research over long-term academic research.

The report found that efforts to transfer federal research to
Internet security businesses were inadequate and that there
was a basic absence of leadership and coordination. The
authors recommended that a federal interagency group take
responsibility for coordinating Internet security research.

The report says the current commercial approach to security
problems tends to consist of a series of patches. "Even if all
the best practices were fully in place, in the absence of any
fundamental new approaches we would still endlessly be
patching and plugging holes in the dike," the report states.

The report also lists 10 Internet security research
priorities, including authentication technologies, secure
protocols, improved engineering techniques, monitoring and
detection tools and cyberforensics.

Copyright 2005 The New York Times Company
*** FAIR USE NOTICE. This message contains copyrighted material whose use
has not been specifically authorized by the copyright owner. The
'johnmacsgroup' Internet discussion group is making it available without
profit to group members who have expressed a prior interest in receiving
the included information in their efforts to advance the understanding of
literary, educational, political, and economic issues, for non-profit
research and educational purposes only. I believe that this constitutes a
'fair use' of the copyrighted material as provided for in section 107 of
the U.S. Copyright Law. If you wish to use this copyrighted material for
purposes of your own that go beyond 'fair use,' you must obtain permission
from the copyright owner.

For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml

    "When you come to the fork in the road, take it" - L.P. Berra
    "Always make new mistakes" -- Esther Dyson
    "Any sufficiently advanced technology is indistinguishable from magic"
     -- Arthur C. Clarke
     "You Gotta Believe" - Frank "Tug" McGraw (1944 - 2004 RIP)

                           John F. McMullen
    johnmac () acm org johnmac () computer org johnmac () m-net arbornet org
                   johnmac () tmail com johnmac () echonyc com
            jmcmullen () monroecollege edu johnmac () alumni iona edu
               ICQ: 4368412 Skype, AIM & Yahoo Messenger: johnmac13
                   http://www.westnet.com/~observer
                  BLOG: http://johnmacrants.blogspot.com/

------ End of Forwarded Message


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/