[ISN] Groundwork for cybersecurity R&D agenda begins
InfoSec News
isn at c4i.org
Wed Apr 19 01:45:36 EDT 2006
http://www.fcw.com/article94110-04-18-06-Web
By Aliya Sternstein
Apr. 18, 2006
The Bush administration has drafted a federal plan to improve
cybersecurity research and development.
Yesterday, the National Science and Technology Council, a
Cabinet-level body that coordinates governmentwide science and
technology policies, issued a preprint release of the "Federal Plan
for Cyber Security and Information Assurance Research and
Development." [1]
In addressing gaps in the country's current cybersecurity activities,
the 121-page report recommends setting R&D priorities and
strengthening coordination between agencies and the private sector.
The plan also calls for implementing emerging technologies, road maps
and metrics. It does not address specific funding levels or budgets.
Industry officials and lawmakers had been urging the administration to
improve federal cybersecurity and information assurance R&D. Officials
are billing this plan as the first step toward developing a federal
agenda. Members of more than 20 government organizations prepared the
document as part of the Interagency Working Group on Cyber Security
and Information Assurance.
The report responds to several recent cybersecurity documents,
including a memorandum on fiscal 2007 administration R&D budget
priorities, a 2005 report by the now-defunct President's Information
Technology Advisory Committee (PITAC) and the 2002 Cyber Security
Research and Development Act.
The budget memo cites cybersecurity R&D as a priority for the $3
billion Federal Networking and Information Technology Research and
Development program, along with supercomputing and advanced
networking.
In announcing yesterday's plan, Bush administration officials said the
report sets a framework for multiagency coordination of investments in
technologies that can secure the U.S. IT infrastructure more
effectively.
"This country's IT infrastructure - which includes not only the public
Internet but also the networking and IT systems that control critical
infrastructures ranging from power grids to emergency communications
systems - is vital not only to our national and homeland security but
to our economic security," said John Marburger III, science adviser to
the president and director of the Office of Science and Technology
Policy. "This report provides a blueprint for coordination of federal
R&D across agencies that will maximize the impact of investments in
this key area of the national interest."
The 2005 PITAC report, "Cyber Security: A Crisis of Prioritization,"
characterizes the budget for civilian cybersecurity research as
inadequate and recommends that the National Science Foundation's
budget for cybersecurity research be increased $90 million annually.
PITAC was a congressionally mandated committee made up of industry and
academic experts appointed by the president. It expired last June.
Yesterday's report states that PITAC's recommendation was one factor
that led to the establishment of a federal plan.
According to the plan, the top areas where funding is needed are
authentication, authorization and trust management; access control and
privilege management; attack protection, prevention and pre-emption;
wireless security; and software testing and assessment tools.
The report recommends that agencies designate representatives to
collaborate in developing an interagency R&D road map. The private
sector would also contribute to the road map.
Other recommendations include assessing "the security implications and
the potential impact of R&D results in new information technologies as
they emerge in such fields as optical computing, quantum computing and
pervasively embedded computing."
Comments on the plan are due April 28.
[1] http://www.nitrd.gov/pubs/csia/FederalPlan_CSIA_RnD.pdf
More information about the ISN
mailing list