[Infowarrior] - Work begins on cybersecurity R&D

Wed Jun 3 18:36:00 UTC 2009

Obama administration begins work on cybersecurity R&D

By Andrew Noyes, CongressDaily 06/03/2009

http://www.nextgov.com/nextgov/ng_20090603_2540.php

Maximizing government investment in federal cybersecurity research and  
development is a major component of President Obama's plan to bolster  
defenses against high-tech attacks. If the White House's new cyber  
strategy and key agencies' fiscal 2010 budget requests are any  
indication, they're off to a solid start.

The intended result -- in the words of former Homeland Security  
Secretary Michael Chertoff and policy experts who have borrowed a  
phrase -- is a cyber "Manhattan Project."

In the near term, the White House's unnamed cyber czar will be charged  
with developing a framework for R&D strategies that focus on "game- 
changing technologies" and provide the research community access to  
event data to help develop tools and testing theories, according to  
the Friday report, which stemmed from a 60-day review.

That czar will eventually develop threat scenarios and metrics for  
risk management decisions, recovery planning and R&D prioritization.

"Research on new approaches to achieving security and resiliency in  
information and communications infrastructures is insufficient," the  
report stated. "The government needs to increase investment in  
research that will help address cybersecurity vulnerabilities while  
also meeting our economic needs and national security requirements."

One initiative cited in the study is a National Science Foundation  
grant program for students to pursue cyber-related government careers,  
which has supported more than 1,000 students in its eight years.

NSF's fiscal 2010 request includes $126.7 million for cybersecurity  
R&D, with $40 million specifically devoted to research in usability,  
theoretical foundations and privacy in support of the Comprehensive  
National Cybersecurity Initiative, a multibillion-dollar Bush  
administration project. The National Institute of Standards and  
Technology, which has expertise in developing security protocols, has  
asked for $5.5 million to develop encryption algorithms and metrics  
for cybersecurity systems.

NIST Information Technology Laboratory Director Cita Furlani said her  
agency has an essential role in achieving Obama's goals through  
bringing about more secure and reliable systems to drive national  
initiatives like the development of an electric smart grid and  
electronic medical records.

NIST is collaborating with the intelligence and defense communities on  
a uniform set of cybersecurity standards.

Obama proposed a $37.2 million cyber R&D budget for DHS in fiscal 2010  
to support operations in its national cybersecurity division as well  
as projects within the CNCI. DHS is using much of its fiscal 2009  
allotment to deploy Einstein, a system to analyze civilian agencies'  
systems for cyber threats and intrusions.

For his part, Defense Secretary Gates said this spring he wants to  
increase the number of cyber experts who can be trained from 80  
students per year in fiscal 2010 to 250 in fiscal 2011.

Members of Congress have ideas for how to bolster R&D. Legislation  
sponsored by Senate Commerce Chairman John (Jay) Rockefeller, D-W.V.,  
and Sen. Olympia Snowe, R-Maine, would create an annual cybersecurity  
competition and prize to get students to study in the field.

It would increase NSF funding and attempt to place a dollar value on  
cybersecurity risk by requiring the cyber czar to report on the  
feasibility of creating a market for cybersecurity risk management.

Meanwhile, academic and private sector experts will share perspectives  
on June 10 at a House Science Research and Science Education  
Subcommittee hearing on which cyber R&D initiatives should take  
priority. It is the first of several hearings planned by House Science  
Chairman Bart Gordon R-Tenn.