DHS sets its cyber R&D goals

The federal government has sounded an alarm about increasing cybersecurity threats to the country’s critical infrastructure. But rather than wait for industry to develop the necessary security technology, Homeland Security Department officials say they plan to find, fund and push potentially ground-breaking software into the commercial market. A broad agency announcement published by DHS’ Cyber Security Research and Development Center May 17 asks for industry proposals that, within three years, could produce commercial technologies to protect against computer security threats.DHS published a list of research and development challenges that DHS’ internal and external customers believe are the right priorities for dealing with the near-term and longer-term threats they face, said Douglas Maughan, program manager for cybersecurity research at DHS’ Science and Technology Directorate.“We strongly recommend that people making proposals come to the table with their own technology and transition partners already onboard,” Maughan said. Proposals will be evaluated on that basis, he said. The announcement states that plans to transition the technologies to the open-source community are acceptable.Based on past experience, Maughan said, probably about 20 percent of the research white papers that DHS receives in response to the announcement could lead to full R&D proposals for programs lasting three years.How much funding DHS will have to support new cyber R&D is uncertain. Maughan said DHS has $4.5 million for funding programs in fiscal 2007. But subsequent appropriations will determine the amount in the future. The House Appropriations Committee’s Homeland Security Subcommittee approved $777 million in fiscal 2008 funding for the Science and Technology Directorate, a $22 million decrease compared with the president’s request. Purdue University professor Eugene Spafford, a computer security expert and member of the President’s Information Technology Advisory Committee, said several areas on DHS’ research agenda are worthy. However, he said, the list of research priorities appears to address near-term problems instead of bigger challenges. “This announcement is not trying to grow the enterprise by looking to what is coming next, at System X problems,” Spafford said. “It’s really looking more at fixing what problems exist now.”None of the research areas listed in the announcement are blind alleys, and they are certainly areas of need, Spafford said.  He added that many other research challenges are of equal if not greater importance. “DHS should be one of the agencies taking the lead in [cybersecurity] research,” Spafford said. “If you speak to the military, for example, they are relying on DHS to provide protection for the infrastructure they have to deal with to do their jobs, but they feel nothing is being done about it.”Agencies such as the National Science Foundation support meaningful cybersecurity research, Spafford said. But, he added, those efforts are underfunded, which makes DHS’ programs all that more important.Maughan said DHS’ research efforts are aimed at achieving nearly immediate returns. “That’s the DHS mission,” he said. “We aren’t the NSF.”DHS has requested submissions of white papers by June 27. DHS will invite those who provide papers that meet its requirements to submit full proposals by Sept. 17.