Search
CRA TumbleLog
Archives
December 2009
October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 December 2007 November 2007 October 2007 September 2007 August 2007 July 2007 June 2007 May 2007 April 2007 March 2007 February 2007 January 2007 December 2006 November 2006 October 2006 September 2006 August 2006 July 2006 June 2006 May 2006 April 2006 March 2006 February 2006 January 2006 December 2005 November 2005 October 2005 September 2005 August 2005 July 2005 June 2005 May 2005 April 2005 March 2005 February 2005 January 2005 December 2004 November 2004 October 2004 September 2004 August 2004 July 2004 June 2004 May 2004 April 2004 March 2004 February 2004 January 2004
Archives by Category
Action Alerts (2)
American Competitiveness Initiative (96) CRA (61) Computing Community Consortium (CCC) (22) Computing Education (6) Diversity in Computing (26) Economic Stimulus and Recovery (13) Events (35) FY06 Appropriations (13) FY07 Appropriations (32) FY08 Appropriations (37) FY09 Appropriations (28) FY10 Appropriations (1) Funding (204) Misc. (49) People (106) Policy (249) R&D in the Press (90) Research (85) Security (30)
Recent Entries
DARPA Challenge
National CS Education Week Prizes and Computing Research House S&T Committee Considers Cyber Security R&D President Obama Touts Role of Basic Research in Innovation Business Week on Research in Industry A Systems Approach to Improving K-12 STEM Education Healthcare Robotics Briefing CCC Announces New Networking Research Agenda NSF Shows Off Cyber-Physical Systems on the Hill
CRA Links
Computing Research News
CRA-Bulletin Computing Data and Resources CRA in the News Computing Research in the FY05 Budget
What We're Reading
Computational Complexity
CNSR Online Danger Room Defense Tech Freedom to Tinker InsideHPC Lessig Blog Nothing is as simple... Reed's Ruminations Schneier on Security Techdirt UMBC eBiquity Blog USACM Tech Policy Blog
Advocacy Materials
IT R&D One-pager (pdf)
DARPA and University Research One-pager (pdf) Cyber Security R&D One-pager (pdf) Current and Requested IT R&D Funding Charts (pdf)
Recent Testimony
|
December 02, 2004Catching Up: Update on PITAC Cyber Security EffortsThis article I spotted today in Government Computer News on former Director of DHS' National Cybersecurity Division Amit Yoran's thoughts about DHS' niche in federal cybersecurity efforts reminded me that I hadn't provided an update on what I thought was a very interesting meeting of PITAC's Subcommittee on Cybersecurity R&D a week ago last Friday. The Subcommittee is in the process of evaluating the federal government's efforts in supporting cybersecurity research and development -- trying to figure out how well the government is targeting the right research areas, whether there's good balance between short-term and long-term research, whether we're doing all we can to improve technology transfer, and whether we're well prepared for the security challenges of the future. The goal is to produce a final report the full PITAC can approve at its March 2005 meeting. So far the subcommittee has produced a first draft, which is what was presented by Subcommittee Chair F. Thomson Leighton at the Nov 19th meeting. And that first draft is very good. It's clear the committee has taken to heart much of the testimony it has received, including testimony CRA submitted to the committee last July. Leighton's slide presentation (pdf) does a good job of laying out the details, but I thought I'd summarize them a bit here. The committee has identified four main issues: 1) Problems with civilian cyber security research; 2) Problems with the size of the cyber security basic research community; 3) Tech transfer issues; and 4) The coordination of cyber security R&D. They seem to have devoted quite a bit of attention to the first issue, and the points that they raise are all right on the money (and concerns CRA shares), namely: I think this is all excellent, and basically in agreement with the testimony CRA provided back in July. About the only thing of which I would have liked to have seen discussion is the issue of the potential (and real) chilling effect on research of laws aimed at protecting intellectual property and privacy -- most notably the impediment to research posed by provisions of the Digital Millennium Copyright Act. As we noted in our testimony (by stealing excellent language from our affiliate ACM's U.S. Public Policy Office): [T]he “anti-circumvention provisions” of the DMCA interfere with many legal, non-infringing uses of digital computing and prevent scientists and technologists from circumventing access technologies to recognize shortcomings in security systems, to defend patents and copyrights, to discover and fix dangerous bugs in code, to analyze and stop malicious code (e.g., viruses), and to conduct forms of desired educational activities. In some instances, the threat of legal action under the DMCA has deterred scientists from publishing scholarly work or even publicly discussing their research, both fundamental tenets of scientific discourse.Other than that, I'm pretty happy with what I've seen from the report so far. (Please read through the slides to get the details on the other three issues the subcommittee identified.) If the final report contains the important discussion of the character of research supported by each of the federal agencies funding cyber security efforts and the subcommittee's funding recommendations, it will be a strong document that should prove very useful in the computing research community's efforts to reshape cyber security R&D policy at federal agencies (see in particular the subcommittee's discussions about the nature and amount of research sponsored by DHS -- too short-term and too little, in sum). We'll continue to keep an eye on the committee's progress.... Oh, and just to get back to the article that triggered this post in the first place, I think it's important to note that though this: Yoran also called for more government support for basic security research. He said the initial $18 million budgeted for cybersecurity R&D in the first year of DHS was adequate as the department identified needs. But going forward, “personally, I would like to see greater government support for fundamental security research,” he said.implies that DHS is spending $18 million on basic research in cyber security, this isn't actually the case (as the subcommittee points out on slide 25). The agency currently spends just $1.5 million on research that can truly be considered basic, long-term research. The remaining $16.5 million is spent on short-term activities. Still, it's encouraging that Yoran at least acknowledges that the agency is lacking in its support for fundamental research. Hopefully his replacement will as well -- and do something about it. Posted by PeterHarsha at December 2, 2004 04:50 PM | TrackBackPosted to Policy | Research | Security |