[Paleopsych] CHE: Panel of Researchers Urges Government to Step Up Spending on Study of Cybersecurity

Tue Jan 18 15:10:08 UTC 2005

Panel of Researchers Urges Government to Step Up Spending on Study of
Cybersecurity
News bulletin from the Chronicle of Higher Education, 5.1.18
http://chronicle.com/prm/daily/2005/01/2005011802n.htm

    [45]By ANDREA L. FOSTER

    The federal government is not adequately supporting long-term research
    into protecting the nation's technology infrastructure from terrorist
    attacks, according to a report that a presidential advisory committee
    approved last week.

    The report, from the President's Information Technology Advisory
    Committee, concludes that networks supporting the country's financial,
    utility, telecommunications, transportation, and defense systems are
    "highly vulnerable to terrorist and criminal attacks." The report
    recommends, among other things, that the federal government provide
    more money for research and that it encourage university students to
    study cybersecurity.

    The report is scheduled to be given to President Bush first and to be
    released to the public by early March. But the report's key findings
    and recommendations were made public Wednesday in a presentation that
    the advisory committee's cybersecurity panel made to the full
    committee. The 24-member committee, which includes university and
    industry scientists, endorsed the cybersecurity panel's final draft.

    "We hope that by raising the issue and providing some of the
    documentary evidence that we have that people will take this seriously
    and attempt to address it in some meaningful way," said Eugene H.
    Spafford, a member of the subcommittee that prepared the report. He is
    a computer-science professor at Purdue University and executive
    director of the university's Center for Education and Research in
    Information Assurance and Security.

    In many ways the report echoes the views of the Computing Research
    Association, which in July told the cybersecurity panel that the
    government needed to spend more on cybersecurity research and
    development. The association represents computer scientists in academe
    and in industry.

    Federal agencies assume that other agencies will provide money and
    grants for research on cybersecurity, the new report says, but no
    agency is doing enough. The Department of Homeland Security, for
    example, assumes that industry and the National Science Foundation
    will provide support for cybersecurity research, according to the
    cybersecurity panel. And the Defense Advanced Research Projects Agency
    assumes that the science foundation will take up responsibility. The
    report recommends that the Defense Department and the Department of
    Homeland Security provide more money for research on civilian
    cybersecurity.

    The report says that researchers are discouraged from applying for
    cybersecurity grants through the Defense Department agency because it
    is focused on providing money for short-term projects that can show
    results in 12 to 18 months. Also, the agency's programs are
    increasingly classified, excluding most colleges and universities from
    participation, the report states.

    The Cyber Trust, set up by the science foundation to provide grants
    for cybersecurity research, has supported only 8 percent of the
    proposals it has received, although a quarter of the proposals were
    worthy of support, the report states. It recommends that the science
    foundation's cybersecurity budget be increased by $90-million a year.

    The report observes that fewer than 250 faculty members in the United
    States are actively involved in cybersecurity research. The federal
    government should step up its recruitment of cybersecurity researchers
    and students so that the number of scientists in the field doubles by
    the end of the decade, the report says.

    Mr. Spafford said that universities are not paying enough attention to
    cybersecurity research, in part because the field "doesn't fit neatly
    within the traditional department." Besides computer engineering and
    computer science, he said, information security "touches on many other
    academic disciplines and draws from them," including management,
    philosophy, and political science.
      _________________________________________________________________

    Background articles from The Chronicle:
      * [51]Computer-Security Experts Urge Researchers to Restructure
        Networks (12/5/2003)
      * [52]Computer-Security Experts Challenge Researchers to Focus on
        Long-Term Solutions (11/21/2003)
      * [53]Science Foundation Will Boost Cybersecurity Research, Director
        Tells Congress (5/15/2003)
      * [54]White House Envisions Role for Colleges in Cybersecurity Plan
        (3/7/2003)

References

   45. mailto:andrea.foster at chronicle.com
   49. http://chronicle.com/daily/2005/01/2005011801n.htm
   50. http://chronicle.com/daily/2005/01/2005011802n.htm
   51. http://chronicle.com/weekly/v50/i15/15a02201.htm
   52. http://chronicle.com/daily/2003/11/2003112103n.htm
   53. http://chronicle.com/daily/2003/05/2003051501t.htm
   54. http://chronicle.com/weekly/v49/i26/26a03501.htm

E-mail me if you have problems getting the referenced articles.