Search


CRA TumbleLog

Archives
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
Archives by Category
Action Alerts (2)
American Competitiveness Initiative (96)
CRA (61)
Computing Community Consortium (CCC) (22)
Computing Education (6)
Diversity in Computing (26)
Economic Stimulus and Recovery (14)
Events (36)
FY06 Appropriations (13)
FY07 Appropriations (32)
FY08 Appropriations (37)
FY09 Appropriations (28)
FY10 Appropriations (3)
Funding (205)
Misc. (49)
People (106)
Policy (249)
R&D in the Press (90)
Research (85)
Security (30)
Recent Entries
Quick Update: NSF and NIST Fare Well in FY 10 Final Approps Bill
DARPA Challenge
SCIENCEWORKSFORUS LAUNCH
FY 10 Appropriations Update: Energy, NSF, NIST, Defense
National CS Education Week
Prizes and Computing Research
House S&T Committee Considers Cyber Security R&D
President Obama Touts Role of Basic Research in Innovation
Business Week on Research in Industry
A Systems Approach to Improving K-12 STEM Education
CRA Links
Computing Research News
CRA-Bulletin
Computing Data and Resources
CRA in the News
Computing Research in the FY05 Budget
What We're Reading
Computational Complexity
CNSR Online
Danger Room
Defense Tech
Freedom to Tinker
InsideHPC
Lessig Blog
Nothing is as simple...
Reed's Ruminations
Schneier on Security
Techdirt
UMBC eBiquity Blog
USACM Tech Policy Blog
Advocacy Materials
IT R&D One-pager (pdf)
DARPA and University Research One-pager (pdf)
Cyber Security R&D One-pager (pdf)
Current and Requested IT R&D Funding Charts (pdf)
Recent Testimony
Cybersecurity R&D (pdf)
IT R&D Funding (pdf)
Syndicate this site (XML)
Atom (XML)

Subscribe with Bloglines

Powered by
Movable Type 2.65

October 03, 2005

Lazowska on Cyber Security and the Failure of the Administration

Ben Worthen has a great interview with former President's IT Advisory Committee co-Chair Ed Lazowska in CIO Magazine in which Lazowska, freed from his role as presidential advisor after the President allowed PITAC's charter to expire, pulls no punches describing the failure of the Administration to adequately support and prioritize cyber security research and development. Here's a snippet:

[Lazowska:] Long-range R&D has always been the role of the national government. And the trend, despite repeated denials from the White House to the Department of Defense, has decreased funding for R&D. And of the R&D that does get funded, more and more of it is on the development side as opposed to longer-range research, which is where the big payoffs are in the long term. That's a more fundamental problem that CIOs aren't responsible for.

[Worthen:] You feel strongly that the government's treatment of cybersecurity R&D has been particularly neglectful.

[Lazowska:] PITAC found that the government is currently failing to fulfill this responsibility. (The word failing was edited out of our report, but it was the committee's finding.) Let me talk very quickly about three federal agencies that you might think are focusing on this but are not:

» Most egregiously, the Department of Homeland Security simply doesn't get cybersecurity. DHS has a science and technology (S&T) budget of more than a billion dollars annually. Of this, [only] $18 million is devoted to cybersecurity. For FY06, DHS's S&T budget is slated to go up by more than $200 million, but the allocation to cybersecurity will decrease to $17 million! It's also worth noting that across DHS's entire S&T budget, only about 10 percent is allocated to anything that might reasonably be called "research" rather than "deployment."

» Defense Advanced Research Projects Agency (DARPA) is investing in cybersecurity, but has classified all of its recent new program starts in this field. It's fine to do classified research, but we must also recognize the negative consequences, and we should (but don't) fund nonclassified research to make up for it. One negative consequence is that classified research is very slow to impact commercial IT systems, on which the entire nation, and even much of the Department of Defense, relies. Another negative consequence is that the nation's university-based researchers cannot participate, because universities do not perform classified research. This eliminates many of the nation's best cybersecurity researchers. It also means that students are not trained in cybersecurity—the training of students is an important byproduct of research.

There's also a great sidebar: Blame the Internet

And the main editorial for the issue: Who Owns Security?

All worth the read.

Posted by PeterHarsha at October 3, 2005 03:40 PM | TrackBack
Posted to Policy