Language Selection

English French German Italian Portuguese Spanish

US Advisory panel recommends more federal R&D spending

Filed under
Security

The Presidential IT Advisory Committee (PITAC) has recommended the federal government sharply increase its spending on cybersecurity R&D and shift the focus to fundamental, long-term solutions to security challenges.

"The IT infrastructure is highly vulnerable to premeditated attacks with potentially catastrophic effects," PITAC warned in a letter submitting the report, titled Cyber Security: A Crisis in Prioritization, to the president. "These vulnerabilities put the nation's entire critical infrastructure at risk."

Current practices of patching vulnerabilities as they are found address immediate needs, but the committee concluded that "fundamentally different architectures and technologies are needed so that the IT infrastructure as a whole can become secure."

The government has a vital role to play in supplying the intellectual capital to improve IT security, PITAC said, but in recent years its focus increasingly has been on short-term problems addressing the needs of the military and intelligence communities. The results too often are classified, and more effort is needed to transfer them into the mainstream market.

The advisory committee examined funding for basic research by the National Science Foundation, the Defense Advanced Research Projects Agency, the Homeland Security Department, the National Security Agency, and the National Institute of Standards and Technology.

NSF, with its $30 million Cyber Trust program, is the primary source of funds for civilian security research. PITAC recommended that the program be expanded by at least $90 million annually.

The $5.47 billion NSF appropriation for fiscal 2005, approved by Congress in November 2004, is more than $60 million less than fiscal 2004 funding, and $227 million less than requested by the president.

PITAC recommended that:

  • NSF R&D funding be increased by at least $90 million a year, while also substantially increasing funding for DARPA and DHS.
  • Government increase efforts to expand the number of cybersecurity experts in the academic community, doubling the number by the end of the decade. The committee estimates there are fewer than 250 cybersecurity specialists working now.
  • Security technology transfer programs be strengthened to speed the introduction of needed off-the-shelf tools and technologies into the marketplace. The government should sponsor an annual interagency conference to showcase the results of cybersecurity R&D.
  • The Interagency Working Group on Critical Information Infrastructure Protection should coordinate federal R&D efforts and be integrated under the Networking and Information Technology Research and Development Program.

The committee identified 10 critical areas for future research:

  • Computer authentication methodologies, so sources of packets can be traced in large-scale networks
  • Secure fundamental networking protocols
  • Secure software engineering
  • End-to-end system security, rather than merely secure components
  • Monitoring and detection to quickly identify problems
  • Mitigation and recovery methodologies to avoid catastrophic failure when problems occur
  • Cyberforensics tools for aid in criminal prosecutions
  • Modeling and test beds for new technologies
  • Metrics, benchmarks and best practices for evaluating the security of security products and implementing them
  • Nontechnical societal and government issues.

Article on gcn.com.

More in Tux Machines

Ask Safia: How do I move from a proprietary software background into open source?

Your inexperience with open source tools definitely is not going to prevent you from participating in the open source community. Regardless of the closed nature of the platforms that you’ve worked with previously, you have all the skills needed to be a valuable open source contributor. If you’ve learned a thing or two about documentation, consider addressing documentation issues on projects. If you had experience in QA or testing, you can start off by user testing the software and identifying areas for improvement or for improving code coverage. Valuing your skill set and the nature of the environments that you have worked in is important. Read more

How Do You Support Your Distro?

I think of them as our own little personal supernovas. There’s a brilliant flash when a Linux distro tosses in the towel and calls it quits. But whenever a distro goes away, it leaves behind the people who’ve used and worked with it on a daily basis. While there’s no formation of a black hole, there is hole at the center of users’ work schedules and that disruption can do serious damage to those relying upon the distro’s stability. And while getting a new distro installed and running isn’t the nightmare it used to be, it’s still a pain. Read more

Rygel Open-Source Media Server Gets Hack to Support AVI Playback on Philips TVs

The open-source Rygel DLNA (Digital Living Network Alliance) media server software has been updated earlier, May 23, 2016, to stable version 0.30.3 and development build 0.31.1. Read more

GNOME News

  • GNOME.Asia Summit 2016
    This year summit held at Manav Rachna International University (MRIU), which is located in the Faridabad district Delhi, it’s a quiet, beautiful and very very hot place. It gave me a lot of wonderful memories.
  • Endless and Codethink team up for GNOME on ARM
    A couple of months ago Alberto Ruiz issued a Call to Arms here on planet GNOME. This was met with with an influx of eager contributions including a wide variety of server grade ARM hardware, rack space and sponsorship to help make GNOME on ARM a reality.
  • External Plugins in GNOME Software (5)
    There’s a lot of flexibility in the gnome-software plugin structure; a plugin can add custom applications and handle things like search and icon loading in a totally custom way. Most of the time you don’t care about how search is implemented or how icons are going to be loaded, and you can re-use a lot of the existing code in the appstream plugin. To do this you just save an AppStream-format XML file in either /usr/share/app-info/xmls/, /var/cache/app-info/xmls/ or ~/.local/share/app-info/xmls/. GNOME Software will immediately notice any new files, or changes to existing files as it has set up the various inotify watches.
  • External Plugins in GNOME Software (6)
    This is my last post about the gnome-software plugin structure. If you want more, join the mailing list and ask a question. If you’re not sure how something works then I’ve done a poor job on the docs, and I’m happy to explain as much as required.
  • Week 1 of May-August Outreachy
    The Outreachy internship requires that interns maintain a blog, writing at least every other week. This shouldn't be a problem for the usability project. For the first few weeks, I'll essentially give a research topic for Diana, Ciarrai and Renata to look into and write about on their blogs. I've structured the topics so that we'll build up to building our usability tests.