[ISN] Industry hails cyber R&D bill

From: InfoSec News (isnat_private)
Date: Mon Apr 29 2002 - 02:18:59 PDT

  • Next message: InfoSec News: "[ISN] Security Agents Head For Cybercrime School"

    By William Matthews 
    April 26, 2002
    When the Senate went to work on legislation to pump $878 million into
    cybersecurity research and development, it got no argument from
    representatives of industry and academia.
    Sen. Ron Wyden (D-Ore.) convened a panel of scientists and businessmen
    April 24 who unanimously praised the Cyber Security Research and
    Development Act as a step toward correcting chronic underfunding in
    computer security research.
    The bill passed the House in February by a vote of 400-12.
    The panel also endorsed a bill that Wyden introduced to create a
    volunteer corps of computer experts who would respond swiftly in the
    event of a computer emergency, such as a cyberattack.
    Wyden envisions a National Emergency Technology Guard, or NET Guard,
    made up of experts and companies who agree to respond immediately with
    technological know-how and equipment to counter an attack. "The
    nation's best scientific minds, technology experts and technology
    companies will be invited to participate," Wyden said.
    NET Guard would be created by the Science and Technology Emergency
    Mobilization Act.
    While endorsing the idea, Ronil Hira of the Institute of Electrical
    and Electronics Engineers Inc. cautioned that calling in a squad of
    willing scientists might not always be the right response to
    cyberattacks or other computer-related emergencies.
    "It is important to recognize that communication and other
    technological systems can be extremely complicated, requiring not only
    general knowledge of the technical factors, but also specific
    knowledge of the system under stress," he said.
    Such detailed knowledge "may only be available in the company and its
    vendors that installed the system originally," Hira said. Intervention
    by outsiders - however brilliant - might do more harm than good, he
    Hira had no reservations about the Cyber Security Research and
    Development Act, however. He praised the legislation for promising
    financial support for industry research as well as research by
    universities and government entities.
    More money for research is essential for improving cybersecurity,
    agreed Lance Hoffman, a computer science professor at George
    Washington University. Students and faculty have generally not pursued
    cybersecurity research because funding has been scarce, he said.
    Even as daily life increasingly requires reliance on computer systems
    and networks, "there is a remarkably small amount of long-term funding
    available for computer security and information assurance research and
    development designed to solve these problems," Hoffman said. "This
    bill may remedy these concerns."
    The Cyber Security Research and Development Act would put the National
    Science Foundation and the National Institute of Standards and
    Technology in charge of selecting research projects for funding.
    The aim is to fund research as "a long-term strategy to counter
    cyberterrorism," said Rep. Sherwood Boehlert (R-N.Y.), chairman of the
    House Science Committee and primary author of the bill.
    "The nation invests a pitifully small amount in cybersecurity
    research, and that's true of both government and industry," said
    Boehlert, who was Wyden's star witness. The government doesn't invest
    enough because no single agency has responsibility for cybersecurity,
    and industry doesn't invest enough because security does not add as
    much sales value to information technology products as does speed,
    price and other attributes, Boehlert said.
    Wyden said he expects a committee vote on the two bills by the middle
    of May.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon Apr 29 2002 - 05:56:44 PDT