Obama administration begins work on cybersecurity R&D
Maximizing government investment in federal cybersecurity research and development is a major component of President Obama's plan to bolster defenses against high-tech attacks. If the White House's new cyber strategy and key agencies' fiscal 2010 budget requests are any indication, they're off to a solid start.
The intended result -- in the words of former Homeland Security Secretary Michael Chertoff and policy experts who have borrowed a phrase -- is a cyber "Manhattan Project."
In the near term, the White House's unnamed cyber czar will be charged with developing a framework for R&D strategies that focus on "game-changing technologies" and provide the research community access to event data to help develop tools and testing theories, according to the Friday report, which stemmed from a 60-day review.
That czar will eventually develop threat scenarios and metrics for risk management decisions, recovery planning and R&D prioritization.
"Research on new approaches to achieving security and resiliency in information and communications infrastructures is insufficient," the report stated. "The government needs to increase investment in research that will help address cybersecurity vulnerabilities while also meeting our economic needs and national security requirements."
One initiative cited in the study is a National Science Foundation grant program for students to pursue cyber-related government careers, which has supported more than 1,000 students in its eight years.
NSF's fiscal 2010 request includes $126.7 million for cybersecurity R&D, with $40 million specifically devoted to research in usability, theoretical foundations and privacy in support of the Comprehensive National Cybersecurity Initiative, a multibillion-dollar Bush administration project. The National Institute of Standards and Technology, which has expertise in developing security protocols, has asked for $5.5 million to develop encryption algorithms and metrics for cybersecurity systems.
NIST Information Technology Laboratory Director Cita Furlani said her agency has an essential role in achieving Obama's goals through bringing about more secure and reliable systems to drive national initiatives like the development of an electric smart grid and electronic medical records.
NIST is collaborating with the intelligence and defense communities on a uniform set of cybersecurity standards.
Obama proposed a $37.2 million cyber R&D budget for DHS in fiscal 2010 to support operations in its national cybersecurity division as well as projects within the CNCI. DHS is using much of its fiscal 2009 allotment to deploy Einstein, a system to analyze civilian agencies' systems for cyber threats and intrusions.
For his part, Defense Secretary Gates said this spring he wants to increase the number of cyber experts who can be trained from 80 students per year in fiscal 2010 to 250 in fiscal 2011.
Members of Congress have ideas for how to bolster R&D. Legislation sponsored by Senate Commerce Chairman John (Jay) Rockefeller, D-W.V., and Sen. Olympia Snowe, R-Maine, would create an annual cybersecurity competition and prize to get students to study in the field.
It would increase NSF funding and attempt to place a dollar value on cybersecurity risk by requiring the cyber czar to report on the feasibility of creating a market for cybersecurity risk management.
Meanwhile, academic and private sector experts will share perspectives on June 10 at a House Science Research and Science Education Subcommittee hearing on which cyber R&D initiatives should take priority. It is the first of several hearings planned by House Science Chairman Bart Gordon R-Tenn.