Industry hails cyber R&D bill

[InfoSec News <isn () c4i org>]

http://www.fcw.com/fcw/articles/2002/0422/web-leg-04-26-02.asp

By William Matthews 
April 26, 2002

When the Senate went to work on legislation to pump $878 million into
cybersecurity research and development, it got no argument from
representatives of industry and academia.

Sen. Ron Wyden (D-Ore.) convened a panel of scientists and businessmen
April 24 who unanimously praised the Cyber Security Research and
Development Act as a step toward correcting chronic underfunding in
computer security research.

The bill passed the House in February by a vote of 400-12.

The panel also endorsed a bill that Wyden introduced to create a
volunteer corps of computer experts who would respond swiftly in the
event of a computer emergency, such as a cyberattack.

Wyden envisions a National Emergency Technology Guard, or NET Guard,
made up of experts and companies who agree to respond immediately with
technological know-how and equipment to counter an attack. "The
nation's best scientific minds, technology experts and technology
companies will be invited to participate," Wyden said.

NET Guard would be created by the Science and Technology Emergency
Mobilization Act.

While endorsing the idea, Ronil Hira of the Institute of Electrical
and Electronics Engineers Inc. cautioned that calling in a squad of
willing scientists might not always be the right response to
cyberattacks or other computer-related emergencies.

"It is important to recognize that communication and other
technological systems can be extremely complicated, requiring not only
general knowledge of the technical factors, but also specific
knowledge of the system under stress," he said.

Such detailed knowledge "may only be available in the company and its
vendors that installed the system originally," Hira said. Intervention
by outsiders - however brilliant - might do more harm than good, he
said.

Hira had no reservations about the Cyber Security Research and
Development Act, however. He praised the legislation for promising
financial support for industry research as well as research by
universities and government entities.

More money for research is essential for improving cybersecurity,
agreed Lance Hoffman, a computer science professor at George
Washington University. Students and faculty have generally not pursued
cybersecurity research because funding has been scarce, he said.

Even as daily life increasingly requires reliance on computer systems
and networks, "there is a remarkably small amount of long-term funding
available for computer security and information assurance research and
development designed to solve these problems," Hoffman said. "This
bill may remedy these concerns."

The Cyber Security Research and Development Act would put the National
Science Foundation and the National Institute of Standards and
Technology in charge of selecting research projects for funding.

The aim is to fund research as "a long-term strategy to counter
cyberterrorism," said Rep. Sherwood Boehlert (R-N.Y.), chairman of the
House Science Committee and primary author of the bill.

"The nation invests a pitifully small amount in cybersecurity
research, and that's true of both government and industry," said
Boehlert, who was Wyden's star witness. The government doesn't invest
enough because no single agency has responsibility for cybersecurity,
and industry doesn't invest enough because security does not add as
much sales value to information technology products as does speed,
price and other attributes, Boehlert said.

Wyden said he expects a committee vote on the two bills by the middle
of May.
 


-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.