Language Selection

English French German Italian Portuguese Spanish

US Advisory panel recommends more federal R&D spending

Filed under
Security

The Presidential IT Advisory Committee (PITAC) has recommended the federal government sharply increase its spending on cybersecurity R&D and shift the focus to fundamental, long-term solutions to security challenges.

"The IT infrastructure is highly vulnerable to premeditated attacks with potentially catastrophic effects," PITAC warned in a letter submitting the report, titled Cyber Security: A Crisis in Prioritization, to the president. "These vulnerabilities put the nation's entire critical infrastructure at risk."

Current practices of patching vulnerabilities as they are found address immediate needs, but the committee concluded that "fundamentally different architectures and technologies are needed so that the IT infrastructure as a whole can become secure."

The government has a vital role to play in supplying the intellectual capital to improve IT security, PITAC said, but in recent years its focus increasingly has been on short-term problems addressing the needs of the military and intelligence communities. The results too often are classified, and more effort is needed to transfer them into the mainstream market.

The advisory committee examined funding for basic research by the National Science Foundation, the Defense Advanced Research Projects Agency, the Homeland Security Department, the National Security Agency, and the National Institute of Standards and Technology.

NSF, with its $30 million Cyber Trust program, is the primary source of funds for civilian security research. PITAC recommended that the program be expanded by at least $90 million annually.

The $5.47 billion NSF appropriation for fiscal 2005, approved by Congress in November 2004, is more than $60 million less than fiscal 2004 funding, and $227 million less than requested by the president.

PITAC recommended that:

  • NSF R&D funding be increased by at least $90 million a year, while also substantially increasing funding for DARPA and DHS.
  • Government increase efforts to expand the number of cybersecurity experts in the academic community, doubling the number by the end of the decade. The committee estimates there are fewer than 250 cybersecurity specialists working now.
  • Security technology transfer programs be strengthened to speed the introduction of needed off-the-shelf tools and technologies into the marketplace. The government should sponsor an annual interagency conference to showcase the results of cybersecurity R&D.
  • The Interagency Working Group on Critical Information Infrastructure Protection should coordinate federal R&D efforts and be integrated under the Networking and Information Technology Research and Development Program.

The committee identified 10 critical areas for future research:

  • Computer authentication methodologies, so sources of packets can be traced in large-scale networks
  • Secure fundamental networking protocols
  • Secure software engineering
  • End-to-end system security, rather than merely secure components
  • Monitoring and detection to quickly identify problems
  • Mitigation and recovery methodologies to avoid catastrophic failure when problems occur
  • Cyberforensics tools for aid in criminal prosecutions
  • Modeling and test beds for new technologies
  • Metrics, benchmarks and best practices for evaluating the security of security products and implementing them
  • Nontechnical societal and government issues.

Article on gcn.com.

More in Tux Machines

Devices/Mobile

  • AsteroidOS is an Open Source OS for Smartwatches
    Florent Revest is a French computer science student who has been working on an open source operating system for smartwatches for the last two years. Yesterday, he officially launched version 1 of the alpha for AsteroidOS. The goal for the platform was to create something that gave smartwatch owners more control over their privacy, as well as the hardware they purchased. Florent feels that the current proprietary platforms do not guarantee this, and this was the basis for AsteroidOS. He wanted his open source smartwatch operating system to provide freedom with free software, more privacy than other wearable platforms offer, interoperability so it could communicate with other devices, modularity that enabled the user to tweak and change the OS as they see fit, the ability to port the software to as many devices as possible, and gathering a community who is passionate about the platform.
  • AsteroidOS Brings Open Source Functionality To Smartwatches
    Smartwatches may not have taken off like companies were hoping, but they have come quite far in terms of what they can offer and what sorts of features are available for the many different models of smartwatches that are out there. Even with the updated functionality of options like Samsung’s Gear S lineup and Android Wear platforms, though, smartwatches can still feel a little bit limiting, and part of this undoubtedly includes the reason that the operating systems aren’t as open as platforms like Android. That is now changing thanks to a platform called AsteroidOS which is an open source operating system for smartwatches.
  • Mini Apollo Lake module takes the heat — and the cold
    Congatec’s “Conga-MA5” is a Linux-ready COM Express Compact Type 10 Mini module with Apollo Lake SoCs, up to 128GB eMMC 5.1, and -40 to 85°C support. Congatec was one of the first embedded vendors to announce computer-on-modules based on Intel’s Atom E3900 and other Apollo Lake Pentium and Celeron SoCs. The offerings included a Qseven module, a SMARC 2.0 module, and a COM Express Compact Type 6 Conga-TCA5. The company has now followed up with a COM Express Compact Type 10 Mini Conga-MA5 module.
  • Top 20 Best Tizen Apps for November 2016, Tizen Smartphone
  • Smartphone game: Indian Football League game comes to the Tizen Store

Security News

Red Hat and Fedora

Technical
  • Red Hat Takes OpenShift Dedicated to Google Cloud Platform
    Red Hat has steadily taken significant steps in the cloud computing arena, expanding the focus of its OpenShift open source Platform-as-a-Service hybrid cloud computing offering, including launching a cloud-hosted commercial edition called OpenShift Online. Now, the company has announced the availability of OpenShift Dedicated on Google Cloud Platform. The new offering brings Red Hat’s container platform as a managed service offering to enterprise customers who want to build, launch, and manage applications on OpenShift Dedicated with Google Cloud Platform as their underlying cloud infrastructure. With the availability of OpenShift Dedicated on Google Cloud Platform, users can speed adoption of containers, Kubernetes, and cloud-native application patterns, according to Red Hat. Users also get access to Google’s global, container-optimized infrastructure and can more easily augment their applications with Google’s ecosystem of data analytics, machine learning, compute, network, and storage services.
  • Red Hat Launches OpenShift Dedicated on Google Cloud Platform
    Red Hat, Inc. (NYSE: RHT), the world's leading provider of open source solutions, today announced the general availability of OpenShift Dedicated on Google Cloud Platform. The new offering brings Red Hat’s award-winning container platform as a managed service offering to enterprise customers who want to build, launch, and manage applications on OpenShift Dedicated with Google Cloud Platform as their underlying cloud infrastructure. With the availability of OpenShift Dedicated on Google Cloud Platform, users can speed adoption of containers, Kubernetes, and cloud-native application patterns, benefiting from Red Hat’s deep enterprise experience. Users also benefit from Google’s global, container-optimized infrastructure and can more easily augment their applications with Google’s ecosystem of data analytics, machine learning, compute, network, and storage services.
  • Image Gallery: Synnex Cloud Catalyst Conference Featuring Red Hat, XMedius, Plantronics
Financial Fedora/Community
  • Fedora 23 End of Life
    With the recent release of Fedora 25, Fedora 23 will officially enter End Of Life (EOL) status on December 20th, 2016. After December 20th, all packages in the Fedora 23 repositories will no longer receive security, bugfix, or enhancement updates, and no new packages will be added to the Fedora 23 collection. Upgrading to Fedora 24 or Fedora 25 before December 20th 2016 is highly recommended for all users still running Fedora 23.
  • What Is Wayland and What Does It Means for Linux Users
    Fedora 25 is now out. People are buzzing, as the team have decided to make Wayland the default graphical session going forward. For many Linux users Wayland is a new term that has popped up, but one that they do not understand. In this article we’ll briefly go over what Wayland is, what it does, and why developers are flocking to it in droves! What exactly is Wayland? Let’s find out!
  • Korora 25 is Ready
    The Korora Project has released version 25 (codename "Gurgle") which is now available for download. As usual, you can find a list of already known problems at the common F25 bugs page.
  • Fedora Design Interns Update
  • Holiday Break 2016.
    It’s sad I don’t get more time to post here these days. Being a manager is a pretty busy job, although I have no complaints! It’s enjoyable, and fortunately I have one of the best teams imaginable to work with, the Fedora Engineering team.

openSUSE Says Goodbye to AMD/ATI Catalyst (fglrx) Proprietary Graphics Drivers

openSUSE developer Bruno Friedmann, informed the community of the openSUSE Linux operating system about the fact that he's planning to remove the old ATI/AMD Catalyst (also known as fglrx) proprietary graphics drivers. Read more