Here’s the blurb Staring Down a Revolution: Questions for Sid Karin
Mark of THE CITY writes “Since helping to found the San Diego Supercomputer Center in the 1980s, Sid Karin has distinguished himself as a national expert on digital technology and its possibilities for scientific research.”
It will come as a surprise to no reader of this blog that gangs and organized crime have moved into cyberspace. And it will also come as no surprise that the media, legislative staff, and elected officials are usually a bit slow to grasp advances in technologies and their commensurate threats. (Let us not forget House Majority Leader Tom Delay’s invective aimed at Justice Kennedy for the heinous practice of “[doing] his own research on the Internet.” Which of the many “Internets” it was, Delay did not specify.)
The tech world has been abuzz for some time now over the role of organized crime and street gangs on the internet. Finally, after much pushing and prodding, it appears that the media may be paying attention.
Stealing and selling data has become so lucrative, analysts say, that corporate espionage, identity theft and software piracy have mushroomed as profit centers for criminal groups. Analysts say cyberextortion is the newest addition to the digital Mafia’s bag of tricks.
“Generally speaking, it’s pretty clear it’s on the upswing, but it’s hard to gauge how big of an upswing because in a lot of cases it seems companies are paying the money,” said Robert Richardson, editorial director of the Computer Security Institute, an organization in San Francisco that trains computer security professionals. “There’s definitely a group of virus writers and hackers in Russia and in the Eastern European bloc that the Russian mob has tapped into.”
[…]
Among 639 of the survey’s respondents, the average loss from unauthorized data access grew to $303,234 in 2004 from $51,545 in 2003; average losses from information theft rose to $355,552 from $168,529. The respondents suffered total losses in the two categories of about $62 million last year. While many cyberextortionists and cyberstalkers may be members of overseas crime groups, several recent prosecutions suggest that they can also be operating solo and hail from much less exotic climes – like the office building just down the street.
Additionally, a story in the March/April 2005 issue of Foreign Policy discusses the role of street gangs online and hints at their potential to bring gang-related financial dealings online. What starts as cybertagging will likely end up becoming something much worse as gangs increasingly become sophisticated business entities.
This is something that the community needs to proactively address in Congress and in the states. Cybercrime is being committed by organized enterprises here and abroad and it costs businesses annually millions, if not billions, in lost revenues, protection money paid, theft, and loss of reputation.
Gene Spafford passed on an article from VARBusiness which illustrates the technical media’s attention to PITAC even two months after its expiry. The article speaks glowingly of PITAC, which it describes as “a group of technology-industry luminaries and academics assembled to act as a council [sic] to the president, Congress, and the federal agencies that are involved in [NITRD].” Adjectives used in describing the committee and its work include “insightful,” “expert,” “valuable.” The article quotes Harris Miller, president of the ITAA, at some length:
“It’s really disappointing,” says Harris Miller, president of the Information Technology Association of America…. “What you had was a group of leading people in the IT arena who came together to provide advice and thoughts on critical topics, and they’d really done some interesting and thoughtful work. It’s unfortunate.”
Harris, whose background falls on the public-policy side, speculates that some of the group’s recommendations may not have been taken well by the administration. Although he doesn’t know exactly why the group was dissolved, he says that, “If you want honest advice, you have to realize it’s sometimes not going to be praiseworthy.” And while the group might someday be reinstated, Harris says he hasn’t picked up on any indication that it will happen soon. “Obviously, the cybersecurity report had some pretty strong language about some shortcomings,” Harris says. “But it wasn’t like others weren’t saying the same things.”
The bigger point here is this: while PITAC may be dormant, it is still getting extremely favorable attention from the tech and mainstream media. In addition, the media seem to be inclined to believe that a major reason for PITAC’s current hibernation is its frank and well-founded criticisms of current policy. This is encouraging and, with sustained pressure, may mean that PITAC will someday return to doing its “insightful,” “expert,” “valuable” work.
Interesting article today in the University of Texas’ The Daily Texan about efforts at the school to encourage the participation of women in computer science. The school runs a one-week summer camp for junior and senior high school girls to expose them to the world of computer science, which, as the article points out, is heavily dominated by men. From the article:
First Bytes is not a “fat camp,” as some boys who saw the welcome signs in Jester had originally thought of the one-week UT summer camp for junior and senior high school girls that focuses on getting its attendees interested in computer science, a field heavily dominated by men.
The girls spent their week listening to math- and science-themed technical lectures and participating in interactive events. Non-computer-science fun was also added to the mix, including yoga classes, bowling and watching movies. “It’s not just about studying and being in school, but about being well-rounded,” said program coordinator, Mary Esthel Middleton.
There are 1,175 computer science students at UT, only 147 of whom are women, according to statistics cited by the department.
The First Bytes program, currently in its third year, aims to help correct that problem, Middleton said. The purpose of First Bytes, she said, was to “dispel the myth that computer science is only for guys,” and to ensure the girls understand that math and science careers are beneficial, that they can and do apply to a wide range of fields, including medicine and business.
Kudos to corporate sponsors IBM and Microsoft for supporting efforts like this and the goal of increasing participation of women and minorities in computer science (including the efforts of groups like CRA’s Committee on the Status of Women in Computing Research (CRA-W)). The most recent data suggests that the popularity of computer science as a major among freshmen women is at an all-time low, so there is obviously much work to be done.
If American students aren’t going to take up computer science, Indian students will. SiliconIndia.com and Hindu Business Line report, “Rising salaries and a growing software industry may have made IT one of the most sought-after careers for Indian students. An estimated 73,500 engineering graduates are expected to take up hi-tech jobs this fiscal [year].”
The article cites the Taulbee Survey’s finding that American CS enrollments have fallen by 19 percent, although this statistic was considered somewhat out of context. Nonetheless, the article gives a clear indication as to how the Indian technology press is covering workforce issues: America is losing IT workers and India is picking up the slack.
India is creating not just new computer scientists, but jobs as well:
“In software alone, 120,000 new jobs are likely to be created this year, against 110,000 in 2004-05, and 50,000 in 2001-02,” Sunil Mehta, Vice-President of Nasscom, said.
Nasscom expects 73,500-84,000 engineering graduates to go for IT jobs in the current financial year, compared to 56,000-64,000 in 2004-05. The balance will flow from the B.Sc stream with students opting for GNIIT courses, as well as students from other disciplines going in for diplomas. [Typos corrected. -DMR]
To put this in context, it appears that India and the United States will produce roughly the same number of computer science and engineering graduates in per capita terms next year. What’s particularly important to note is that India’s enrollment statistics are trending up, while America’s are stagnating or declining.
The DC Examiner ran an editorial today using the Math and Science Incentive Act of 2005 (CRA blog entry here) to focus on the lack of emphasis that primary, secondary, and university education place on teaching science and math. The editorial praises the Act, introduced by Frank Wolf (R-VA) in the House and John Warner (R-VA) in the Senate, which would forgive up to $10,000 in student loan interest for post-college work or teaching in mathematics, physical sciences, and engineering.
The piece notes, however, that this bill alone is insufficient:
Last week, the NSF’s congressionally-mandated Committee on Equal Opportunities in Science and Engineering reported measurable but uneven gains in underrepresented groups. However, as Committee Chairman Robert Lichter put it, “bold, innovative and long-term initiatives are still needed, especially at the institutional level.” Interest-free student loans are not quite in that league, but at least they’re a start.
Update posted June 29: The provisions of this bill have been rolled into the College Access and Opportunity Act, which was part of the higher education authorization. ACM has followed this issue in their blog.
In a report released this week, the Cyber Security Industry Alliance — a group consisting of information security software, hardware and service vendors — called on Congress and the Administration to ramp up support for fundamental research in cyber security R&D and increase the prominence of cyber security at key federal agencies. CSIA’s report, Federal Funding for Cyber Security R&D (pdf) reiterates the findings of the most recent Presidential IT Advisory Committee (PITAC) report (pdf) on the state of federal cyber security research, concluding that the overall investment in cyber security research is inadequate and too focused on the short-term. The CSIA report agrees with the PITAC report’s recommendation to increase funding for long-term research in cyber security, noting a number of key security technologies — firewalls, intrustion detection systems, fault tolerant networks, operating systems, cryptography and advanced authentication — that bear the stamp of federally-sponsored, long-term research.
The report differs from the PITAC report slightly in that it calls for the creation of a “designated entity” within DHS to coordinate the federal government’s cyber security R&D effort; whereas, PITAC recommended that function remain within the interagency working group activity of the Networking and IT R&D program. CSIA rightly points out that the IWG of NITRD has very little actual influence on priority-setting at the agencies. Instead, they recommend that the new Assistant Secretary for Cyber Security at DHS serve as “the logical choice to drive the prioritization of requirements for research and development.” My only concern with that recommendation is that DHS hasn’t yet bought into the idea that long-term research efforts should be a priority. DHS’s own budget for cyber security R&D remains a paltry $18 million for FY 05, out of an overall science and technology budget of just over a billion dollars. And of that $18 million, barely $2 million could realistically be described as “long-term” research efforts. (DHS’s lack of priority for cyber security R&D has been a frequenttopichere).
Otherwise, the CSIA report marches in lockstep with the PITAC report on cyber security R&D (pdf) issued back in March. We strongly endorsed that report and I’m pretty thrilled with the industry report issued this week.
Coincidentally, two former PITAC members (former because PITAC has been “disbanded” since June 1, 2005…) were on the Hill yesterday to participate in a briefing on cyber security R&D hosted by the Congressional Research and Development Caucus and put together by IEEE and IEEE-CS. Former PITAC Subcommittee on Cyber Security R&D Chair Tom Leighton (Chief Scientist and Co-Founder of Akamai) and former PITAC member Gene Spafford “Spaf” (Professor and Director of CERIAS at Purdue University) told the assembled congressional staffers, science community folks and assorted press about the problems we face in the cyber security arena and what PITAC recommended.
The briefing was the latest in a series of briefings on the PITAC report and follows a number of hearings on the scope of the cyber security challenge. In April, for example, Spaf and Leighton, along with former PITAC co-Chair Ed Lazowska, participated in a number of focused briefings for Hill staff on the PITAC report. The House Science Committee, as well as the House Homeland Security committee have both held numerous hearings on the subject over the last several years. Yet the extent of the problems we face — the risk posed by cyber attacks on critical infrastructure, the exposure internet users have to fraud and abuse because of security vulnerabilities, the cost to industry due to cyber extortion and malicious acts — still appears to shock to congressional staff. I’m not sure they really believe that companies have paid “protection” money to criminals who threatened to take down their web presence with massive distributed denial of service attacks. I’m not sure they really believe that “phishing” and “pharming” attacks are real threats to individual internet users. I’m not sure they understand that IT systems are in the control loop of just about every piece of critical infrastructure in the nation and are vulnerable. I think many believe that the impact of a concerted cyber attack would be limited to something like Amazon being unavailable for the day.
So despite the reports and briefings and hearings, we in the community haven’t done a great job breaking through the noise around homeland security and conveying the importance of cyber security, or by extension cyber security R&D. In part, I think this is because the homeland security debate is really dominated by the specter of a nuclear, biological or chemical (NBC) attack (perhaps rightly so). The idea that a cyber attack could exist on the same scale as any one of the big three isn’t so easily embraced by staff. Yet in terms of cost to industry and cost to government, the daily onslaught of cyber attacks must add up to dollar losses that exceed even some of the more dramatic NBC scenarios. But the investment in research to mitigate those losses, or prevent them entirely, pales in comparison to the investments in NBC research at DHS.
In any case, the continued efforts of folks like Spaf and Leighton, and industry partners like the members of CSIA and ITAA, are helping to educate members of Congress and their staff to the challenges in the area. And, for better or worse, the growing frequency of breeches of customer data held by credit card companies, banks, universities and others is forcing Congress to climb the learning curve….
Turing Award winner Vint Cerf and ITAA head Harris Miller have a fantastic op-ed in today’s Wall Street Journal raising concerns about US competitiveness in light of a declining federal R&D budget. The article is behind the WSJ pay wall, but can be viewed online for the next seven days here. Some snippets:
America will soon find its grip on the levers of international commerce slipping as we turn our backs on a proud tradition of technology innovation. The stewards of our national destiny are busily tightening the tap on the federal R&D budget, the most important source of funding for programs that seek to answer fundamental questions of science and technology.
…
In the 1960s and ’70s, a collection of academics and private-sector technologists, including a co-author of this piece, used findings funded by the Pentagon’s Advanced Research Projects Agency (now DARPA), to participate in implementation of the first wide-area packet switched network (the ARPANET) and the subsequent integrated collection of packet-switched networks (the Internet).
Now DARPA officials have revealed a shift in focus away from its history of open-ended long-range research, which typically has been performed in universities and nonprofit institutions. According to recent news reports, DARPA funding for university researchers in computer science has fallen from $214 million to $123 million from 2001 to 2004. Moreover, the focus of DARPA R&D is more near-term and more immediately defense-oriented than before. While this is defensible in some ways, the largest impacts of long-term research funded in the past by DARPA have been in areas that have wider or dual application to defense and the civilian sector.
The U.S. is already lagging behind in R&D funding. Our total national spending on R&D is 2.7% of our GDP, and now ranks sixth in the world, in relative terms, behind Israel (4.4%), Sweden (3.8%), Finland (3.4%), Japan (3.0%) and Iceland (2.9%). The federal government’s share of total national R&D spending has fallen from 66% in 1964 to 25%.
Some of the outright cuts in the president’s proposed R&D budget include the following:
The Department of Energy’s Office of Science would see its R&D funding fall 4.5% to $3.2 billion.
The Department of Agriculture would see its R&D funding decline 14.6% to $2.1 billion.
Funding for all three multi-agency R&D initiatives would decline in FY 2006, a category that includes programs such as the National Nanotechnology Initiative and the Networking and Information Technology R&D initiative.
The proposed cuts come at a time when other nations have fixed their sights firmly on overtaking our technological lead, especially in information technology. For those of us in industry and academia, this shift in policy represents a major detour in the marathon race for global economic leadership.
The piece goes on to quote a number of indicators — many of the same ones cited in the Task Force on the Future of American Innovation’s influential Benchmarks of our Innovation Future report — that show that while the U.S. remains in the leadership position in innovation and R&D investments, all of the trendlines are slanting the wrong way.
The facile solution is to turn to private industry and academia to make up the difference. But R&D funding from private industry is currently growing above inflation. It is susceptible to general economic cycles, and by its nature it is focused on the here and now. Meanwhile, many academic institutions are battling lagging enrollment and turning to unconventional fund-raising means merely to stay afloat. The difficulty in obtaining visas for foreign scientists has also restricted an important source of talent in the research community.
In a very real sense, today’s R&D agenda determines where America will find itself in the future. The benefits of vigorous, federally funded academic R&D programs reaped by American society at large have been enormous. Our domestic and global economies thrive on the results of such work. Private sector programs alone cannot produce comparable results, in part owing to an ethical obligation to deliver bottom-line business results for their stockholders. The U.S. government needs a long-term strategy for continued economic growth. A strong and thriving academic R&D program is critical to that strategy. To choose otherwise is a recipe leading to irrelevance and decline.
I’m thrilled to see this piece in the WSJ today….
I’ll have a bit more comment on this later when I have a few minutes, but I wanted to get the pointer to the article up asap. Read the whole thing, while it’s still available! Update: The article is finding it’s way around Congress. Rep. Anna Eshoo (D-CA) circulated the piece in a “Dear Colleague” letter along with this text:
Once again, high technology leaders are warning that declining federal investments in research and development are allowing the rest of the world to catch up. This isn’t a problem that can be blamed on Europe or developing economies in Asia. It’s a problem that we’re creating. If we’re to maintain our economic leadership for future generations, we need to increase the federal commitment to R&D instead of cutting it.
Update July 22, 2005: Jason Van Wey of the Coalition for National Security Research (CNSR) has more on the effort to see the amendment passed, including the news that the amendment has picked up a number of important cosponsors. As of this morning, joining Collins and Kennedy on the amendment are Sens. Hillary Rodham Clinton (D-NY), Elizabeth Dole (R-NC), Joe Lieberman (D-CT), Barbara Mikulski (D-MD), Pat Roberts (R-KS) and Rick Santorum (R-PA). Though this bipartisan list of co-sponsors bodes well for passage, your calls are still needed as the Senate works through the amendments to the Defense Authorization today and Monday! Originally posted July 21, 2005: Word comes from AAU that Sen. Susan Collins (R-ME) and Sen. Ted Kennedy (D-MA) will introduce an amendment this afternoon to the FY 06 Defense Authorization bill under consideration today that would increase funding for a number of programs of interest to the computing research community, including a $10 million plus-up to “fundamental computer science and cybersecurity research at DARPA.” Senators need to be made aware of the amendment and urged to support it. Here are the details from AAU:
During Senate consideration today of the FY06 Defense Authorization Act (S. 1042), Senators Edward Kennedy (D-MA) and Susan Collins (R-ME) will offer an amendment to authorize additional funding for the Department of Defense SMART National Defense Education Program, a new scholarship and fellowship program aimed at attracting more students into science and engineering fields. The amendment also provides additional authorization for basic research programs at U.S. universities.
CFR members are urged to contact their Senators to ask that they support the Kennedy/Collins amendment when it is considered on the Senate floor.
A copy of an AAU statement (pdf) supporting the amendment is attached, along with talking points prepared by the Senators offices and the text of the amendment.
THE AMENDMENT
The amendment would authorize an additional $50 million for university research and education programs at the Department of Defense.
Specifically, the Kennedy/Collins amendment:
Increases the SMART National Defense Education Program by $10 million;
Increases the Army University Research Initiatives (URI) account by $10 million;
Increases the Navy University Research Initiatives (URI) account by $10 million;
Increases the Air Force University Research Initiatives (URI) account by $10 million; and
Increases the DARPA account by $10 million and specifies that money should be spent on fundamental research in computer science and cybersecurity.
The amendment also includes a Sense of the Senate that the Department of Defense set a goal to invest 15 percent of its science and technology budget in basic research programs. The current percentage varies between 11 percent and 12 percent.
The amendment would “pay for” the increases — every funding increase in an amendment to the bill has to be offset by a reduction somewhere else — by reducing a planned $2 billion increase to the “defense-wide operations and maintenance fund for IT” by an equal amount.
The university community here in DC (along with CRA) is mobilizing to contact senators about the amendment. More calls would surely help. Urge your senator (by phone) to support the Collins-Kennedy amendment to the FY 06 Defense Authorization Bill. The bill is on the floor today, so the time is now! We’ll have updates as developments warrant….
Here’s a copy of the amendment as well as some talking points. Here’s AAU’s statement.
Pop quiz: Which schools produced the most degrees in computer science in 2001? MIT? Carnegie Mellon? Georgia Tech?
If you guessed any of these, youre wrong: try Strayer University and DeVry Institute of Technology.
[…]
If you guessed [the typical student is] a young geeky guy with a pocket saver, guess again: try a 35-year-old African American or Hispanic woman who already has a full-time job at a company where information technology (IT) skills are a key to advancement.
Shes the one taking the night courses at one of the for-profit institutions like Strayer or DeVry that have a wide variety of locations, and offer courses in the early morning and evening, as well as on-line courses.
The study found that women, minorities, and non-traditional students were especially likely to take advantage of CS/CE educational opportunities from for-profit institutions. It is a helpful reminder that the future of computer science and engineering in the United States is dependent not just on researchers but on a non-research oriented IT workforce that can deploy the advances of CS/CE research and development throughout all areas of society.
CRA’s Taulbee Survey maintains information about women earning CS/CE degrees from PhD-granting institutions. Results from recent years:
Please use the Category and Archive Filters below, to find older posts. Or you may also use the search bar.
Sid Karin gets Slashdotted
/In: General /by AndyBernatHere’s the blurb
Staring Down a Revolution: Questions for Sid Karin
Mark of THE CITY writes “Since helping to found the San Diego Supercomputer Center in the 1980s, Sid Karin has distinguished himself as a national expert on digital technology and its possibilities for scientific research.”
…Or you sleep with the dropped packets
/In: Policy /by DanRothschildIt will come as a surprise to no reader of this blog that gangs and organized crime have moved into cyberspace. And it will also come as no surprise that the media, legislative staff, and elected officials are usually a bit slow to grasp advances in technologies and their commensurate threats. (Let us not forget House Majority Leader Tom Delay’s invective aimed at Justice Kennedy for the heinous practice of “[doing] his own research on the Internet.” Which of the many “Internets” it was, Delay did not specify.)
The tech world has been abuzz for some time now over the role of organized crime and street gangs on the internet. Finally, after much pushing and prodding, it appears that the media may be paying attention.
Today’s New York Times includes an article entitled “The Rise of the Digital Thugs.”
Additionally, a story in the March/April 2005 issue of Foreign Policy discusses the role of street gangs online and hints at their potential to bring gang-related financial dealings online. What starts as cybertagging will likely end up becoming something much worse as gangs increasingly become sophisticated business entities.
This is something that the community needs to proactively address in Congress and in the states. Cybercrime is being committed by organized enterprises here and abroad and it costs businesses annually millions, if not billions, in lost revenues, protection money paid, theft, and loss of reputation.
Bereft of Life, PITAC Rests in Peace… but still garners attention
/In: Policy /by DanRothschildGene Spafford passed on an article from VARBusiness which illustrates the technical media’s attention to PITAC even two months after its expiry. The article speaks glowingly of PITAC, which it describes as “a group of technology-industry luminaries and academics assembled to act as a council [sic] to the president, Congress, and the federal agencies that are involved in [NITRD].” Adjectives used in describing the committee and its work include “insightful,” “expert,” “valuable.” The article quotes Harris Miller, president of the ITAA, at some length:
The bigger point here is this: while PITAC may be dormant, it is still getting extremely favorable attention from the tech and mainstream media. In addition, the media seem to be inclined to believe that a major reason for PITAC’s current hibernation is its frank and well-founded criticisms of current policy. This is encouraging and, with sustained pressure, may mean that PITAC will someday return to doing its “insightful,” “expert,” “valuable” work.
University of Texas Hosts Computer Camp to Pique Girls Interest
/In: People /by Peter HarshaInteresting article today in the University of Texas’ The Daily Texan about efforts at the school to encourage the participation of women in computer science. The school runs a one-week summer camp for junior and senior high school girls to expose them to the world of computer science, which, as the article points out, is heavily dominated by men. From the article:
Kudos to corporate sponsors IBM and Microsoft for supporting efforts like this and the goal of increasing participation of women and minorities in computer science (including the efforts of groups like CRA’s Committee on the Status of Women in Computing Research (CRA-W)). The most recent data suggests that the popularity of computer science as a major among freshmen women is at an all-time low, so there is obviously much work to be done.
India will produce 73,500 engineering grads in 2006
/In: Misc. /by DanRothschildIf American students aren’t going to take up computer science, Indian students will. SiliconIndia.com and Hindu Business Line report, “Rising salaries and a growing software industry may have made IT one of the most sought-after careers for Indian students. An estimated 73,500 engineering graduates are expected to take up hi-tech jobs this fiscal [year].”
The article cites the Taulbee Survey’s finding that American CS enrollments have fallen by 19 percent, although this statistic was considered somewhat out of context. Nonetheless, the article gives a clear indication as to how the Indian technology press is covering workforce issues: America is losing IT workers and India is picking up the slack.
India is creating not just new computer scientists, but jobs as well:
To put this in context, it appears that India and the United States will produce roughly the same number of computer science and engineering graduates in per capita terms next year. What’s particularly important to note is that India’s enrollment statistics are trending up, while America’s are stagnating or declining.
Examiner Editorial on Math and Science Incentive Act
/In: Policy /by DanRothschildThe DC Examiner ran an editorial today using the Math and Science Incentive Act of 2005 (CRA blog entry here) to focus on the lack of emphasis that primary, secondary, and university education place on teaching science and math. The editorial praises the Act, introduced by Frank Wolf (R-VA) in the House and John Warner (R-VA) in the Senate, which would forgive up to $10,000 in student loan interest for post-college work or teaching in mathematics, physical sciences, and engineering.
The piece notes, however, that this bill alone is insufficient:
Updates on the status of the bill will appear in the blog if and when it gains traction in committee (Education and the Workforce in the House and Health, Education, Labor, and Pensions in the Senate).
Update posted June 29: The provisions of this bill have been rolled into the College Access and Opportunity Act, which was part of the higher education authorization. ACM has followed this issue in their blog.
Industry Group Calls for Increased Cyber Security R&D; Congress Hears Message from Former PITAC Members
/In: Funding, Policy, Security /by Peter HarshaIn a report released this week, the Cyber Security Industry Alliance — a group consisting of information security software, hardware and service vendors — called on Congress and the Administration to ramp up support for fundamental research in cyber security R&D and increase the prominence of cyber security at key federal agencies. CSIA’s report, Federal Funding for Cyber Security R&D (pdf) reiterates the findings of the most recent Presidential IT Advisory Committee (PITAC) report (pdf) on the state of federal cyber security research, concluding that the overall investment in cyber security research is inadequate and too focused on the short-term. The CSIA report agrees with the PITAC report’s recommendation to increase funding for long-term research in cyber security, noting a number of key security technologies — firewalls, intrustion detection systems, fault tolerant networks, operating systems, cryptography and advanced authentication — that bear the stamp of federally-sponsored, long-term research.
The report differs from the PITAC report slightly in that it calls for the creation of a “designated entity” within DHS to coordinate the federal government’s cyber security R&D effort; whereas, PITAC recommended that function remain within the interagency working group activity of the Networking and IT R&D program. CSIA rightly points out that the IWG of NITRD has very little actual influence on priority-setting at the agencies. Instead, they recommend that the new Assistant Secretary for Cyber Security at DHS serve as “the logical choice to drive the prioritization of requirements for research and development.” My only concern with that recommendation is that DHS hasn’t yet bought into the idea that long-term research efforts should be a priority. DHS’s own budget for cyber security R&D remains a paltry $18 million for FY 05, out of an overall science and technology budget of just over a billion dollars. And of that $18 million, barely $2 million could realistically be described as “long-term” research efforts. (DHS’s lack of priority for cyber security R&D has been a frequent topic here).
Otherwise, the CSIA report marches in lockstep with the PITAC report on cyber security R&D (pdf) issued back in March. We strongly endorsed that report and I’m pretty thrilled with the industry report issued this week.
Coincidentally, two former PITAC members (former because PITAC has been “disbanded” since June 1, 2005…) were on the Hill yesterday to participate in a briefing on cyber security R&D hosted by the Congressional Research and Development Caucus and put together by IEEE and IEEE-CS. Former PITAC Subcommittee on Cyber Security R&D Chair Tom Leighton (Chief Scientist and Co-Founder of Akamai) and former PITAC member Gene Spafford “Spaf” (Professor and Director of CERIAS at Purdue University) told the assembled congressional staffers, science community folks and assorted press about the problems we face in the cyber security arena and what PITAC recommended.
The briefing was the latest in a series of briefings on the PITAC report and follows a number of hearings on the scope of the cyber security challenge. In April, for example, Spaf and Leighton, along with former PITAC co-Chair Ed Lazowska, participated in a number of focused briefings for Hill staff on the PITAC report. The House Science Committee, as well as the House Homeland Security committee have both held numerous hearings on the subject over the last several years. Yet the extent of the problems we face — the risk posed by cyber attacks on critical infrastructure, the exposure internet users have to fraud and abuse because of security vulnerabilities, the cost to industry due to cyber extortion and malicious acts — still appears to shock to congressional staff. I’m not sure they really believe that companies have paid “protection” money to criminals who threatened to take down their web presence with massive distributed denial of service attacks. I’m not sure they really believe that “phishing” and “pharming” attacks are real threats to individual internet users. I’m not sure they understand that IT systems are in the control loop of just about every piece of critical infrastructure in the nation and are vulnerable. I think many believe that the impact of a concerted cyber attack would be limited to something like Amazon being unavailable for the day.
So despite the reports and briefings and hearings, we in the community haven’t done a great job breaking through the noise around homeland security and conveying the importance of cyber security, or by extension cyber security R&D. In part, I think this is because the homeland security debate is really dominated by the specter of a nuclear, biological or chemical (NBC) attack (perhaps rightly so). The idea that a cyber attack could exist on the same scale as any one of the big three isn’t so easily embraced by staff. Yet in terms of cost to industry and cost to government, the daily onslaught of cyber attacks must add up to dollar losses that exceed even some of the more dramatic NBC scenarios. But the investment in research to mitigate those losses, or prevent them entirely, pales in comparison to the investments in NBC research at DHS.
In any case, the continued efforts of folks like Spaf and Leighton, and industry partners like the members of CSIA and ITAA, are helping to educate members of Congress and their staff to the challenges in the area. And, for better or worse, the growing frequency of breeches of customer data held by credit card companies, banks, universities and others is forcing Congress to climb the learning curve….
Cerf in WSJ: America Gasps for Breath in the R&D Marathon
/In: Funding, Policy, R&D in the Press /by Peter HarshaTuring Award winner Vint Cerf and ITAA head Harris Miller have a fantastic op-ed in today’s Wall Street Journal raising concerns about US competitiveness in light of a declining federal R&D budget. The article is behind the WSJ pay wall, but can be viewed online for the next seven days here. Some snippets:
The piece goes on to quote a number of indicators — many of the same ones cited in the Task Force on the Future of American Innovation’s influential Benchmarks of our Innovation Future report — that show that while the U.S. remains in the leadership position in innovation and R&D investments, all of the trendlines are slanting the wrong way.
I’m thrilled to see this piece in the WSJ today….
I’ll have a bit more comment on this later when I have a few minutes, but I wanted to get the pointer to the article up asap. Read the whole thing, while it’s still available!
Update: The article is finding it’s way around Congress. Rep. Anna Eshoo (D-CA) circulated the piece in a “Dear Colleague” letter along with this text:
Help Requested in Support of Defense Authorization Amendment
/In: Funding /by Peter HarshaUpdate July 22, 2005: Jason Van Wey of the Coalition for National Security Research (CNSR) has more on the effort to see the amendment passed, including the news that the amendment has picked up a number of important cosponsors. As of this morning, joining Collins and Kennedy on the amendment are Sens. Hillary Rodham Clinton (D-NY), Elizabeth Dole (R-NC), Joe Lieberman (D-CT), Barbara Mikulski (D-MD), Pat Roberts (R-KS) and Rick Santorum (R-PA). Though this bipartisan list of co-sponsors bodes well for passage, your calls are still needed as the Senate works through the amendments to the Defense Authorization today and Monday!
Originally posted July 21, 2005: Word comes from AAU that Sen. Susan Collins (R-ME) and Sen. Ted Kennedy (D-MA) will introduce an amendment this afternoon to the FY 06 Defense Authorization bill under consideration today that would increase funding for a number of programs of interest to the computing research community, including a $10 million plus-up to “fundamental computer science and cybersecurity research at DARPA.” Senators need to be made aware of the amendment and urged to support it. Here are the details from AAU:
The amendment would “pay for” the increases — every funding increase in an amendment to the bill has to be offset by a reduction somewhere else — by reducing a planned $2 billion increase to the “defense-wide operations and maintenance fund for IT” by an equal amount.
The university community here in DC (along with CRA) is mobilizing to contact senators about the amendment. More calls would surely help. Urge your senator (by phone) to support the Collins-Kennedy amendment to the FY 06 Defense Authorization Bill. The bill is on the floor today, so the time is now! We’ll have updates as developments warrant….
Here’s a copy of the amendment as well as some talking points. Here’s AAU’s statement.
AAAS Report on Women and Minorities in the IT Workforce
/In: Misc. /by DanRothschildMSNBC has some interesting coverage of an important but oft-overlooked part of our IT workforce: students seeking vocational rather than research-oriented IT training. The article covers the recent AAAS report entitled Preparing Women and Minorities for the IT Workforce: The Role of Nontraditional Educational Pathways. The article begins:
The study found that women, minorities, and non-traditional students were especially likely to take advantage of CS/CE educational opportunities from for-profit institutions. It is a helpful reminder that the future of computer science and engineering in the United States is dependent not just on researchers but on a non-research oriented IT workforce that can deploy the advances of CS/CE research and development throughout all areas of society.
CRA’s Taulbee Survey maintains information about women earning CS/CE degrees from PhD-granting institutions. Results from recent years: