Two News Pieces: PCAST and Cyber Security

A quick pointer to two interesting not-directly-related pieces running today. First is Aliya Sternstein’s article in Federal Computer Week that fleshes out the PITAC to PCAST switch we noted back on September 30th. She quotes CRA Chair Dan Reed and ITAA president Harris Miller:

Former PITAC member Dan Reed, vice chancellor of IT and chief information officer at the University of North Carolina at Chapel Hill, applauded [PCAST co-Chair Floyd] Kvamme’s idea to examine the federal government’s commitment to IT R&D.
“IT pervades so many aspects of science, technology and education that examining it in a holistic context has great value,” he said.
“PCAST is really the pre-eminent scientific advisory group to the president,” Reed said. “In some ways, this elevates the IT issues to a higher level.”
Some industry observers displayed mixed emotions about the turn of events, saying they will hold their breath until PCAST’s new lineup materializes and follows through on its promises.
“Having PITAC become part of PCAST is better than nothing, but frankly, I don’t think it’s an adequate solution,” said Harris Miller, president of the IT Association of America, which represents high-tech companies.
Although PCAST is more prestigious and well-regarded by the administration, the members already have too much on their plates, he said, adding that they likely cannot handle PCAST’s huge program plus all the items that the PITAC docket would add.

(There’s a brief comment from me in there as well.)
The other interesting piece is by ZDNet News’ Declan McCullagh and Anne Broache. It’s titled “U.S. cybersecurity due for FEMA-like calamity?” and it covers the lack of adequate attention the Department of Homeland Security has paid to cyber threats to critical infrastructures.

Auditors had warned months before Hurricane Katrina that FEMA’s internal procedures for handling people and equipment dispatched to disasters were lacking. In an unsettling parallel, government auditors have been saying that Homeland Security has failed to live up to its cybersecurity responsibilities and may be “unprepared” for emergencies.
“When you look at the events of Katrina, you kind of have to ask yourself the question, ‘Are we ready?'” said Paul Kurtz, president of the Cyber Security Industry Alliance, a public policy and advocacy group. “Are we ready for a large-scale cyberdisruption or attack? I believe the answer is clearly no.”

The article also features a nice quote from CRA government affairs committee co-Chair Ed Lazowska that sums up the concerns about the agency’s research efforts:

But the right tools and funding have to be in place, too, said Ed Lazowska, a computer science professor at the University of Washington. He co-chaired the president’s Information Technology Advisory Committee, which published a report in February that was critical of federal cybersecurity efforts.
“DHS has an appropriately large focus on weapons of mass destruction but an inappropriately small focus on critical infrastructure protection, and particularly on cybersecurity,” Lazowska said in an e-mail interview.
The department is currently spending roughly $17 million of its $1.3 billion science-and-technology budget on cybersecurity, he said. His committee report calls for a $90 million increase in National Science Foundation funding for cybersecurity research and development.
Until then, Lazowska said, “the nation is applying Band-Aids, rather than developing the inherently more secure information technology that our nation requires.”

Both are worth a read!

Two News Pieces: PCAST and Cyber Security