Search
CRA TumbleLog
Archives
December 2009
November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 December 2007 November 2007 October 2007 September 2007 August 2007 July 2007 June 2007 May 2007 April 2007 March 2007 February 2007 January 2007 December 2006 November 2006 October 2006 September 2006 August 2006 July 2006 June 2006 May 2006 April 2006 March 2006 February 2006 January 2006 December 2005 November 2005 October 2005 September 2005 August 2005 July 2005 June 2005 May 2005 April 2005 March 2005 February 2005 January 2005 December 2004 November 2004 October 2004 September 2004 August 2004 July 2004 June 2004 May 2004 April 2004 March 2004 February 2004 January 2004
Archives by Category
Action Alerts (2)
American Competitiveness Initiative (96) CRA (61) Computing Community Consortium (CCC) (22) Computing Education (6) Diversity in Computing (26) Economic Stimulus and Recovery (14) Events (36) FY06 Appropriations (13) FY07 Appropriations (32) FY08 Appropriations (37) FY09 Appropriations (28) FY10 Appropriations (1) Funding (205) Misc. (49) People (106) Policy (249) R&D in the Press (90) Research (85) Security (30)
Recent Entries
DARPA Challenge
SCIENCEWORKSFORUS LAUNCH National CS Education Week Prizes and Computing Research House S&T Committee Considers Cyber Security R&D President Obama Touts Role of Basic Research in Innovation Business Week on Research in Industry A Systems Approach to Improving K-12 STEM Education Healthcare Robotics Briefing CCC Announces New Networking Research Agenda
CRA Links
Computing Research News
CRA-Bulletin Computing Data and Resources CRA in the News Computing Research in the FY05 Budget
What We're Reading
Computational Complexity
CNSR Online Danger Room Defense Tech Freedom to Tinker InsideHPC Lessig Blog Nothing is as simple... Reed's Ruminations Schneier on Security Techdirt UMBC eBiquity Blog USACM Tech Policy Blog
Advocacy Materials
IT R&D One-pager (pdf)
DARPA and University Research One-pager (pdf) Cyber Security R&D One-pager (pdf) Current and Requested IT R&D Funding Charts (pdf)
Recent Testimony
|
April 14, 2004PITAC Meeting HighlightsThe President's Information Technology Advisory Committee (PITAC) met yesterday in their second public session since being reconstituted last year after nearly two years of inactivity. The two items on the agenda were a report on the draft recommendations (pdf) of PITAC's subcommittee on Health and IT, and the first taking of public testimony by the subcommittee on cyber security. CRA is well-represented on the Committee. Ed Lazowska, the co-chair, Dan Reed, and Gene Spafford are all current members of CRA's Board of Directors, and committee member Dave Patterson is a former CRA board member and past Chair. The cyber security portion of the meeting featured testimony from a number of agency officials that elicited some interesting give and take with the committee. Amit Yoran, Director of the National Cyber Security Division at the Department of Homeland Security raised some eyebrows with committee members when he suggested that venture capital, not the government, could better fund security research. Lazowska stopped him and pointed out that the private sector generally funds technologies that are, at most, a couple of years out. He noted that it was the federal government's role to look 5 and 10 years out, and that venture capital plays an important role at the end of that pipeline. The exchange led Yoran to conclude that perhaps the committee, in its review of federal cyber R&D, should recommend DHS fund long-term, strategic investments in cyber security R&D. This approach would mark a change in the agency's current focus on short-term -- six months or less -- almost-ready-for-deployment technologies. But in his testimony later in the session, Simon Szykman, Director Cyber Security R&D at DHS, insisted the Department will continue to focus on the short-term research -- the "low-hanging fruit" -- for at least the next couple of years. In the future, he said, he hoped the department might one day include long-range research in up to 20 percent of its overall R&D portfolio. For now, Yoran and Szykman said the department is dependent upon the good work of agencies like NSF and DARPA for long-range research. This presents a bit of a problem in that NSF and DARPA have their own issues regarding cyber security R&D. For NSF, the problem is primarily financial. NSF's Carl Landwehr, a program director in CISE, testified that the agency receives far more good proposals in the area than it can fund. The recent $30 million Cyber Trust solicitation generated over 230 "small" proposals, of which the agency can fund about 30; 125 "medium" proposals, of which the agency can fund 6 or 8; and 30 large scale proposals, of which just 1 or 2 might receive funding. PITAC member Tom Leighton questioned whether that approximately 5-10 percent approval rate was typical of NSF programs and how many Landwehr thought would be determined to be good enough to fund after peer-review, if the agency had the funding. Landwehr said the funding rate wasn't unusual for CISE programs, noting that the ITR program had a similar funding rate (NSF-wide the rate is probably closer to 30 percent), and that he expected that 25 percent of the proposals they received would likely be worthy of funding if NSF had the funds. In other words, NSF could easily fund 2.5 times their current cyber security R&D budget on good proposals if they had the funding. This is a markedly different story than the one told by DARPA Director Tony Tether, who noted during his testimony that he thought DARPA program managers were "idea starved, not money starved" when it came to funding cyber security research. Tether also took considerable flak for the agency's increased use of classification to limit the dissemination and discussion of its cyber security research underway. Tether defended the policy by noting that the Department of Defense is increasingly reliant on networking for its warfighting capability, therefore it is in the interest of national security to restrict any research that might expose a vulnerability or reveal a capability. However, since an estimated 85 percent of the DOD's communications travel across commercial communications networks, this means that much of the research aimed at defending these networks is subject to restriction. The effects of this policy are numerous. For one, this limits significantly the contribution of university-based researchers in the DARPA research community -- a community that has, historically, been vital to the advancement of computing (in part due to the inclusion of university researchers). However, this also means that the fruits of this research are unavailable to both the vitally important US commercial sector -- which is heavily dependent upon secure networks for trillions of dollars of activity annually -- and the other agencies of government, including DHS. Tether acknowledged this problem and suggested that perhaps there ought to be two parallel efforts -- an unclassified track, funded by NSF and DHS, and a classified one supported by DARPA and the security agencies. Funding is also currently a problem at DHS. Syzkman testified that the agency will likely have just over $1 billion in R&D funding in FY 05, but told Lazowska under questioning that cyber security R&D will account for just $18 million of that. Syzkman didn't try to defend the funding, other than to suggest that the needs of other directorates within the department dictated the priorities in the Science and Technology directorate, and to suggest that the funding levels are the product of thinking that's now over 18 months old. Future budgets, he suggested, will include more robust cyber security funding. The plan for the subcommittee on cyber security at this point is to do some further fact-finding and develop a set of draft recommendations in time for the next meeting of PITAC in June. At the same time, the subcommittee on Health in IT will refine the draft recommendation (pdf) it presented at the meeting based on feedback from the committee and produce the first report on the issue. June will also likely mark the start of the third PITAC subcommittee's work on the current state of scientific computing, headed by Dan Reed. Stay tuned here for details.... Posted by PeterHarsha at April 14, 2004 02:51 PM | TrackBackPosted to Policy |