IP: R&D Shortfall Increases Cyber Risks, Experts Say

[David Farber <dave () farber net>]

> FYI - From today's coverage of the hearing in National Journal Tech Daily.....
> R&D Shortfall Increases Cyber Risks, Experts Say
> by William New
>
> Failure to fund long-term research and development in computer security has
> opened the door to cyber attacks, academic and business experts told the
> House Science Committee on Wednesday.
> "The threats [to the nation's critical infrastructure] are extensive and
> serious," said Terry Vickers Benzel, vice president at Network Associates,
> which offers computer-security products. "These systems are extremely
> vulnerable," and the potential effects of an attack are "beyond frightening."
> Committee Chairman Sherwood Boehlert, R-N.Y., is looking for ways to
> address the problem. "For starters," he said, "it's clear that we have to
> devote greater resources -- not only money but also our individual and
> collective attention -- to computer and especially network security."
> Boehlert said he would offer a legislative proposal after a second hearing
> on the issue planned for next week.
> Witnesses at the hearing declined to identify what amount of money they
> would deem adequate funding or which office in the Bush administration
> should be responsible for it. But they urged quick action.
> The base of experts who research computer security in the United States is
> in the hundreds, which is "miniscule," said William Wulf, president of the
> National Academy of Engineering and a professor at the University of Virginia.
> Of those, as many as half are non-U.S. citizens. Committee members said any
> changes to immigration laws in an effort to hobble terrorism must not
> curtail that important supply of talent to U.S. research institutions.
> Wulf said he recently returned to work on computer-security issues after 15
> years and was "simply appalled" at how little progress had been made since
> the 1960s, the period from which the current security model dates. Wulf
> argued that the low level of sustained funding discourages researchers from
> thinking "out of the box," which he said is vital to finding new solutions.
> Eugene Spafford, co-chairman of the U.S. Public Policy Committee of the
> Association for Computing Machinery and a professor at Purdue University,
> echoed the need for sustained research funding. "Instead of finding new
> ways to resist attack ... we apply patches to the same old buggy system,"
> he said.
> Spafford urged a focus on five academic areas: support for research,
> development of infrastructure, access to real-world data, personnel
> shortages, and legal impediments, such as defending against lawsuits
> threatened under the Digital Millennium Copyright Act. Spafford said of 24
> research institutions he polled, 23 doctorates in related areas had been
> graduated in the past three years.
> Benzel, who said her company's stock has risen since the Sept. 11 terrorist
> attacks, made several recommendations. She urged Congress to make cyber
> security part of the administration's homeland security efforts, to
> authorize a study of critical infrastructure vulnerabilities and to examine
> interdependencies, converged networks and control systems in a wide swath
> of sectors ranging from manufacturing to power plants.
> Congress also should authorize increases in funds for technical R&D to key
> agencies and improve coordination among government-funded R&D projects,
> Benzel said.
> Robert Weaver, a Secret Service assistant special agent in charge of the
> New York field office, said partnerships with the private sector and local
> law enforcement will be critical to combating electronic crimes.


For archives see: http://lists.elistx.com/archives/interesting-people/