Engineers Warn of CyberSecurity R&D Crisis
The Chairman of the President's Information Technology Advisory Committee's (PITAC's) Subcommittee on Cyber Security, informed Congress that the panel believes "federal support for fundamental research in civilian cyber security must be dramatically increased – or the nation's security and technological edge will be seriously jeopardized."
At a Congressional briefing sponsored by IEEE-USA, the IEEE Computer Society Task Force on Information Assurance and the bipartisan House Research and Development Caucus, a senior PITAC official warned that "federal support for fundamental research in civilian cyber security must be dramatically increased – or the nation's security and technological edge will be seriously jeopardized." The official also indicated that there is a "crisis" in the prioritization of cybersecurity R&D projects.
According to an article in IEEE-USA's Today's Engineer, a senior IEEE-USA official said the country's cybersecurity is "very serious, and it is going to get worse in the next five years before it gets any better. I would say the situation not only is alarming, but it is almost out of control."
The official indicated the public demand for cybersecurity is essential to ensuring that Congress provides appropriate R&D funds for cybersecurity. The official also explained that "the private sector and industry must do their part to ensure that the public has the most secured network services, through secured browsers and encrypted communications and authentication."
Of particular note, the briefing attendees were told that there is "a pronounced shift favoring classified military R&D, rendering it unavailable to the civilian sector..." However, another official explained that while "our national defense and homeland security computer systems...are presumably more secure..." they "are highly dependent on the civil computer network infrastructures."
However, it is not enough to just ask for more funds. There are never enough funds. There needs to be an open process for determining both appropriate funding levels and project priorities. Thus, the country needs an R&D strategy that: 1) determines the appropriate level of public funding for cybersecurity R&D; 2) sets priorities; and 3) is aimed at securing all legitimate cybersecurity stakeholders in an integrated fashion.
See Today's Engineer story