Language Selection

English French German Italian Portuguese Spanish

US Advisory panel recommends more federal R&D spending

Filed under
Security

The Presidential IT Advisory Committee (PITAC) has recommended the federal government sharply increase its spending on cybersecurity R&D and shift the focus to fundamental, long-term solutions to security challenges.

"The IT infrastructure is highly vulnerable to premeditated attacks with potentially catastrophic effects," PITAC warned in a letter submitting the report, titled Cyber Security: A Crisis in Prioritization, to the president. "These vulnerabilities put the nation's entire critical infrastructure at risk."

Current practices of patching vulnerabilities as they are found address immediate needs, but the committee concluded that "fundamentally different architectures and technologies are needed so that the IT infrastructure as a whole can become secure."

The government has a vital role to play in supplying the intellectual capital to improve IT security, PITAC said, but in recent years its focus increasingly has been on short-term problems addressing the needs of the military and intelligence communities. The results too often are classified, and more effort is needed to transfer them into the mainstream market.

The advisory committee examined funding for basic research by the National Science Foundation, the Defense Advanced Research Projects Agency, the Homeland Security Department, the National Security Agency, and the National Institute of Standards and Technology.

NSF, with its $30 million Cyber Trust program, is the primary source of funds for civilian security research. PITAC recommended that the program be expanded by at least $90 million annually.

The $5.47 billion NSF appropriation for fiscal 2005, approved by Congress in November 2004, is more than $60 million less than fiscal 2004 funding, and $227 million less than requested by the president.

PITAC recommended that:

  • NSF R&D funding be increased by at least $90 million a year, while also substantially increasing funding for DARPA and DHS.
  • Government increase efforts to expand the number of cybersecurity experts in the academic community, doubling the number by the end of the decade. The committee estimates there are fewer than 250 cybersecurity specialists working now.
  • Security technology transfer programs be strengthened to speed the introduction of needed off-the-shelf tools and technologies into the marketplace. The government should sponsor an annual interagency conference to showcase the results of cybersecurity R&D.
  • The Interagency Working Group on Critical Information Infrastructure Protection should coordinate federal R&D efforts and be integrated under the Networking and Information Technology Research and Development Program.

The committee identified 10 critical areas for future research:

  • Computer authentication methodologies, so sources of packets can be traced in large-scale networks
  • Secure fundamental networking protocols
  • Secure software engineering
  • End-to-end system security, rather than merely secure components
  • Monitoring and detection to quickly identify problems
  • Mitigation and recovery methodologies to avoid catastrophic failure when problems occur
  • Cyberforensics tools for aid in criminal prosecutions
  • Modeling and test beds for new technologies
  • Metrics, benchmarks and best practices for evaluating the security of security products and implementing them
  • Nontechnical societal and government issues.

Article on gcn.com.

More in Tux Machines

Games: The Spicy Meatball Saves The Day, Uebergame, DwarfCorp

Android Leftovers

Baidu puts open source deep learning into smartphones

A year after it open sourced its PaddlePaddle deep learning suite, Baidu has dropped another piece of AI tech into the public domain – a project to put AI on smartphones. Mobile Deep Learning (MDL) landed at GitHub under the MIT license a day ago, along with the exhortation “Be all eagerness to see it”. MDL is a convolution-based neural network designed to fit on a mobile device. Baidu said it is suitable for applications such as recognising objects in an image using a smartphone's camera. Read more

AMD and Linux Kernel

  • Ataribox runs Linux on AMD chip and will cost at least $250
    Atari released more details about its Ataribox game console today, disclosing for the first time that the machine will run Linux on an Advanced Micro Devices processor and cost $250 to $300. In an exclusive interview last week with GamesBeat, Ataribox creator and general manager Feargal Mac (short for Mac Conuladh) said Atari will begin a crowdfunding campaign on Indiegogo this fall and launch the Ataribox in the spring of 2018. The Ataribox will launch with a large back catalog of the publisher’s classic games. The idea is to create a box that makes people feel nostalgic about the past, but it’s also capable of running the independent games they want to play today, like Minecraft or Terraria.
  • Linux 4.14 + ROCm Might End Up Working Out For Kaveri & Carrizo APUs
    It looks like the upstream Linux 4.14 kernel may end up playing nicely with the ROCm OpenCL compute stack, if you are on a Kaveri or Carrizo system. While ROCm is promising as AMD's open-source compute stack complete with OpenCL 1.2+ support, its downside is that for now not all of the necessary changes to the Linux kernel drivers, LLVM Clang compiler infrastructure, and other components are yet living in their upstream repositories. So for now it can be a bit hairy to setup ROCm compute on your own system, especially if running a distribution without official ROCm packages. AMD developers are working to get all their changes upstreamed in each of the respective sources, but it's not something that will happen overnight and given the nature of Linux kernel development, etc, is something that will still take months longer to complete.
  • Latest Linux kernel release candidate was a sticky mess
    Linus Torvalds is not noted as having the most even of tempers, but after a weekend spent scuba diving a glitch in the latest Linux kernel release candidate saw the Linux overlord merely label the mess "nasty". The release cycle was following its usual cadence when Torvalds announced Linux 4.14 release candidate 2, just after 5:00PM on Sunday, September 24th.
  • Linus Torvalds Announces the Second Release Candidate of Linux Kernel 4.14 LTS
    Development of the Linux 4.14 kernel series continues with the second Release Candidate (RC) milestone, which Linus Torvalds himself announces this past weekend. The update brings more updated drivers and various improvements. Linus Torvalds kicked off the development of Linux kernel 4.14 last week when he announced the first Release Candidate, and now the second RC is available packed full of goodies. These include updated networking, GPU, and RDMA drivers, improvements to the x86, ARM, PowerPC, PA-RISC, MIPS, and s390 hardware architectures, various core networking, filesystem, and documentation changes.