GAO Report on Cyber Security R&D

The Government Accountability Office has just released its report (pdf) on the state of Federal Coordination for Cyber Security R&D requested by the House Committee on Government Reform. It’s goal wasn’t to assess the state of the research portfolio, but to look at how the agencies coordinate. Here’s what they recommended:

To strengthen cyber security research and development programs, we recommend that the Director of the Office of Science and Technology Policy take the following action:

  • Establish firm timelines for the completion of the federal cyber security R&D agenda that includes near-term, mid-term, and long-term research. Such an agenda should include the following elements:
    • timelines and milestones for conducting research and development activities;
    • goals and measures for evaluating research and development activities;
    • assignment of responsibility for implementation, including the accomplishment of the focus areas and suggested research priorities; and
    • the alignment of funding priorities with technical priorities.

We also recommend that the Director of the Office of Management and Budget implement the following action:

  • Issue guidance to agencies on reporting information about federally funded cyber security R&D projects to the governmentwide repositories.

The report is here (pdf). It’s a pretty quick read at only 30 pages. have online coverage here.
OSTP apparently had no comment on the recommendations in the GAO report. The establishment of a research agenda for federal cyber security R&D was also a recommendation and focus of the PITAC report Cyber Security R&D: A Crisis of Prioritization. The committee laid out in the 2005 report ten specific research areas it felt warranted prioritization, along with recommending immediate increases to the cyber security research budgets of NSF, DARPA and DHS (but especially NSF, which they felt was really carrying the load for fundamental, long-term cyber security research). While progress on these funding recommendations has been slow, NITRD has added a Cyber Security and Information Assurance working group into its interagency planning effort….

GAO Report on Cyber Security R&D