PITAC Cyber Security Subcommittee “Town Hall” Highlights
The President’s Information Technology Advisory Committee’s (PITAC) Subcommittee on Cyber Security met today “town hall” style at the GOVSEC conference here in DC today to hear from ITAA head Harris Miller, Joel Birnbaum, head of the CSTB study on “Improving Cyber Security Research in the US“, and to take public input as it continues its work towards producing a report on the current state of Federal cyber security R&D.
I was pleased to hear Miller’s enthusiastic endorsement of the Federal role in supporting long-term IT R&D (and cyber security R&D). One of my perpetual frustrations in dealing with the lobbying arms of the various IT companies is that they recognize the importance of federal funding for basic research, but don’t often incorporate that message very prominently in their own lobbying efforts. I think Miller and ITAA are an exception to that as they’ve been very involved in a number of efforts to see federal research efforts increased — their work on the Cyber Security R&D Authorization Act of 2002 was very important in getting it enacted, for example. Miller made the point that industry does devote a lot of effort to R&D, but it’s almost all focused on the “D” — development — side. The research that underpins all that “D”, he said, takes place primarily in universities.
Joel Birnbaum gave a short summary of the work he expects his committee to focus on in the coming months. He says the committee, which held its first series of meetings this week, is comprised of a remarkably diverse set of academics and industrial researchers — and “not just computer scientists” (though there appear to be quite a few of those…and that’s a good thing). The committee will look 5-10 years out, assume computers are pervasive and critical, and try to understand the threat models, economics, and other impediments to their “vision of the way life could be.”
CRA submitted written testimony (pdf, 284kb) to the committee, citing our concerns about the current state of cyber security research, particularly with research efforts at the Department of Homeland Security and DARPA. In a nutshell, we’re concerned that the federal effort is under-funded and poorly balanced between short and long-term efforts. Additionally we are concerned that current law has a chilling effect on some research efforts in cyber security, and that current agency policies at odds with the basic research practice appear to be driving university-based researchers away from research funded by critical mission agencies.
But get the full scoop here.