Big Money for Cyber Security (Technology)
Wed Nov 13th, 2002 at 02:58:20 PM EST
This week, House Bill 3394, the Cyber Security Research and Development Act, passed in the Senate, and is now headed for the White House, where the President is expected to sign it without delay. Almost a billion dollars are allocated by the bill, for scholarships, grants and research on the topic of Cyber Security.
While much of the existing knowledge and many of the working implementations in this area have been developed over the years as part of existing Free Software implementations, the government has found that there simply is not enough funding, or talent, behind those efforts. They’re quite concerned about vulnerabilities in the critical infrastructure of the US, including telecommunications, transportation, water supply, and banking, as well as the electric power, natural gas, and petroleum production industries, all of which rely significantly upon computers and computer networks for their operation.
The bill itself may be studied at the Library of Congress, using their search engine, or directly. This article will present an overview of the exciting and profitable opportunities which will soon be available to researchers with an interest in Cyber Security.
Some of the other important findings of the bill include:
The US is not prepared for coordinated cyber attacks which may result from war
Federal investment in computer and network security research must be increased to decrease vulnerability, expand and improve the “pool” of knowledge, and better coordinate sharing and collaboration.
African-Americans, Hispanics, and Native Americans comprise less than 7 percent of the information science workforce, and this number should be increased.
I consider the second finding particularly interesting. Given the history of security research, when the bill finds that better sharing and collaboration is necessary, one might conclude that the government intends to support the continued and expanded efforts of Open Source software, to accomplish the task. While there are certainly closed implementations for security, it’s just “commonsensical” to put the money behind the open and freely-available efforts which are already shared, and collaborated upon.
In general, the National Science Foundation (NSF), which will be the director of the foundation which distributes the funds, will be directed to award monies for research and study on the following topics, during the next five years:
authentication, cryptography, and other secure data communications technology
computer forensics and intrusion detection
reliability of computer and network applications, middleware, operating systems, control systems, and communications infrastructure
privacy and confidentiality
network security architecture, including tools for security administration and analysis
vulnerability assessments and techniques for quantifying risk;
remote access and wireless security
enhancement of law enforcement ability to detect, investigate, and prosecute cyber-crimes, including those that involve piracy of intellectual property.
Now, that’s certainly a broad list. It introduces significant possibilities for improving and enhancing existing implementations, as well as finding new and improved techniques. The applications which will be considered are to be evaluated on a “merit” basis, and may be undertaken by universities and other non-profit institutions, as well as partnerships between one or more of these institutions along with for-profit entities and/or government institutions.
Criteria for acceptance of any proposal submitted will be based upon:
the ability of the applicant to generate innovative approaches
the experience of the applicant in conducting research
the capacity of the applicant to attract and provide adequate support
the extent to which the applicant will partner with government laboratories, for-profit entities, other institutions of higher education, or nonprofit research institutions, and the role the partners will play in the research undertaken by the Center.
It seems a fair question to ask, why is the amount of “partnership” important? If the end result of the research is to be “shared and collaborated”, then perhaps the amount of partnership is not so critical as the first three criteria. In any case, there’s soon to be a lot of new money for study and work related to computer security. The application process itself, while not yet established, has provisions for each of the distinct topics mentioned previously, both for graduate study and training, as well as undergraduate internships and programs.
Have you an interest in Cyber Security? What programs or software could be improved, and how would such a large capital infusion for research affect these projects? What are the political ramifications of the government getting involved with the projects, either directly or indirectly? And what about the shortage of minorities in the profession? What can be done to encourage young people in general, and African-Americans, Hispanics, and Native-Americans in particular to study and learn about Cyber Security?
Other Coverage: UPI, InfoWorld and GovExec