[ISN] GAO: Better coordination of cybersecurity R&D needed

From: InfoSec News (alerts@private)
Date: Tue Oct 31 2006 - 22:36:15 PST


http://www.gcn.com/online/vol1_no1/42465-1.html

By Patience Wait
GCN Staff
10/31/06

The federal government has to do a better job of coordinating research 
and development on cybersecurity issues and needs to improve its 
information sharing and collaboration efforts on the topic, according to 
a just-released report [1] by the Government Accountability Office.

Most cybersecurity technologies offer only single-point solutions by 
addressing individual vulnerabilities, the report stated. As a result, 
many researchers have described the use of these types of near-term 
solutions as being shortsighted. ... Research in cybersecurity 
technology can help create a broader range of choices and more robust 
tools for building secure, networked computer systems.

Within the government, numerous agencies conduct R&D into cybersecurity 
technologies, the agency found, including the departments of Homeland 
Security, Defense and Energy, the National Institute of Standards and 
Technology, the National Science Foundation and agencies in the 
intelligence community, such as the National Security Agency and the 
Defense Advanced Research Projects Agency.

Funding for cybersecurity R&D is scattered among all the agencies, as 
well. The National Science Foundation included about $94 million in its 
fiscal 2006 budget request for cybersecurity research, education and 
training. DHS allocated approximately $10 million to the subject in 
fiscal 2004, $18 million in 2005 and $17 million in 2006. DOD officials 
told GAO that the department provided about $150 million to its 
cybersecurity research programs in fiscal 2005.

For the first time, the [National Information Technology R&D] program 
... reported budget information for cybersecurity research separately 
from other types of research in its supplement to the presidents fiscal 
year 2007 budget, the GAO report stated.

At a policy level, too, there are several layers of responsibility, from 
the White Houses Office of Management and Budget and the Office of 
Science and Technology Policy, to the Cybersecurity and Information 
Assurance Working Group, the National Science and Technology Council and 
its committees on technology, and homeland and national security, to 
name several.

To assist all these organizations, GAO called on the director of OSTP to 
establish firm time lines for completing the federal cybersecurity R&D 
agenda, which was one recommendation in the National Strategy to Secure 
Cyberspace, issued in February 2003.

In addition, the GAO report recommended that OMB issue guidance to 
agencies on reporting information about federally funded cybersecurity 
research projects to governmentwide repositories already in place.

[1] http://www.gao.gov/cgi-bin/getrpt?GAO-06-811


_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org 



This archive was generated by hypermail 2.1.3 : Tue Oct 31 2006 - 22:45:38 PST