http://www.siliconvalley.com/mld/siliconvalley/5864653.htm By Jim Puzzanghera Mercury News Washington Bureau May 14, 2003 WASHINGTON - More than 20 months after the Sept. 11 terrorist attacks, the United States remains ill-prepared to defend against a strike on the nation's critical computer systems because of slow-moving federal research efforts, members of Congress said Wednesday. They charged that instead of working at breakneck ``Internet time,'' the four key agencies charged with researching new technologies to combat cyber attacks are stuck in the glacial world of ``government time,'' still crafting memorandums of understanding to allow collaboration on projects. ``We better damn well get serious about this and not just talk, but act,'' said Rep. Sherwood Boehlert, R-N.Y., chair of the House Science Committee, which brought the heads of the four agencies to Capitol Hill on Wednesday to testify about their efforts. ``The nation quite simply has been under-investing woefully in cyber security R&D, and as a result we lack both the experts and the expertise we ought to have in a world that relies so heavily on computers and networks for the necessities of everyday life.'' While defending their efforts and saying progress was being made, the agency heads acknowledged there is much more work to be done. ``On a daily basis . . . there are opportunities for attack that could be devastating,'' said Rita Colwell, director of the National Science Foundation. Terrorism experts fear attacks on computer systems that operate electricity grids, phone systems or other critical infrastructure as part of a terrorist strike. The federal government, in conjunction with private industry, has been trying to protect those systems through the use of fire walls and other technology to prevent such attacks or lessen their impact. The vulnerability of a cyber attack is particularly acute for the U.S. military, which is becoming increasingly dependent on computer networks and information technology, said Tony Tether, the director of the Pentagon's Defense Advanced Research Projects Agency, or DARPA. ``While moving to a network-centric warfare has created for us an enormous capability . . . it has also created a tremendous vulnerability,'' Tether told lawmakers. ``The enemy is going to attack our networks in the future. If they are attacked, our whole capability goes down.'' Wednesday's testimony follows the departure of two key White House cyber-security advisers earlier this year. The upheaval has led to concern in the high-tech industry that the Bush administration is not making cyber security a priority in combating terrorism. ``Everybody in the private sector is scratching their head, wondering: `Who do we go to talk to about cyber security? Who's responsible for coordinating threat analysis and coordinating responses for major attacks?' '' said Michael Vatis, executive director of the private Markle Foundation Task Force on National Security in the Information Age. ``R&D is critically important, but has been largely neglected.'' Sharing those concerns, Congress last fall passed the ``Cyber Security Research and Development Act,'' which authorized $903 million for research efforts over the next five years. In creating the new Department of Homeland Security, Congress set up a Science and Technology Directorate to oversee cyber security as well as other uses of technology in counterterrorism. The heads of the four lead agencies for cyber-security research -- the directors of the science foundation, DARPA, and the National Institute of Standards and Technology, along with the undersecretary for science and technology at the Department of Homeland Security -- said they were making progress and beginning to work collaboratively on projects. But some science committee members were critical of their efforts. Tether complained that DARPA had money to spend on cyber-security research but lacked proposals, while Colwell said her agency had too many proposals and not enough money to fund them. That prompted Rep. Vernon Ehlers, R-Mich., to quip that the two officials might want to talk with each other. Boehlert also criticized the agencies for not putting more resources into cyber research. For example, the Department of Homeland Security's science and technology division has requested $803 million in its 2004 budget, but only $7 million is earmarked for cyber-security research. Last fall's legislation authorized the National Science Foundation to spend $110.25 million on cyber-security research, but the agency is requesting only about $51 million. DARPA's unclassified budget for cyber-security research has actually declined, from about $90 million in 2000 to $30 million in 2003. But Tether said those figures were misleading, because more projects are now classified. He estimated the agency will spend about $100 million on cyber-security research in 2004. --------------------------------------------------------------------- Contact Jim Puzzanghera at jpuzzangheraat_private or (202) 383-6043. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu May 15 2003 - 03:03:39 PDT