The President’s Information Technology Advisory Committee (PITAC) achieved consensus yesterday on the final draft of its report on the status of the federal cyber security R&D effort, finding that support for civilian-oriented, fundamental cyber security research is seriously inadequate, the pool of researchers is insufficient, and that coordination between funding agencies is lacking.
Judging by yesterday’s presentation (delivered by Tom Leighton, the Chair of PITAC’s Subcommittee on Cyber Security), the report will lay out in stark terms the magnitude of the threat posed by vulnerabilities in the information infrastructure. It will also spell out in some detail the difficulties faced by researchers, especially in academic institutions, in finding federal support for the fundamental cyber security research that will address the vulnerabilities long-term. The report will note problems in all three agencies one would expect to be funding critical long-term cyber security R&D: NSF, DARPA and the Department of Homeland Security. I’ve covered these issues before in this space, but here are the key points:
As a quick fix, the committee will recommend an immediate $90 million infusion of funding into NSF’s cyber security research efforts to alleviate some of these funding pressures, while leaving the door open to future funding increases should the situation warrant it.
Rather than summarize Leighton’s whole presentation, I’ll just link to the slides..
I’ll recommend again CRA’s own contribution to the report: our testimony (pdf) submitted to PITAC back in July, which mirrors much of what will be in the final report. In fact, it appears that the only major concern we raised which doesn’t get some mention in the report is the chilling effect of various copyright legislation efforts on research in information security and assurance.
CRA’s testimony is here (pdf).
The committee is putting its final touches on the report, which should be ready for final approval at the next meeting of PITAC, which I believe will be in March. We’ll have all the details here.