Big Money for Cyber Security
By imrdkl in Technology
Wed Nov 13, 2002 at 02:58:20 PM EST
Tags: News (all tags)
This week, House Bill 3394, the Cyber Security Research and Development Act,
passed in the Senate, and is now headed for the White
House, where the President is expected to sign it without delay. Almost a billion dollars are allocated by the
bill, for scholarships, grants and research on the topic of Cyber Security.
While much of the existing knowledge and many of the working implementations in this area have been developed over
the years as part of existing Free Software implementations, the government has found that there simply is not enough
funding, or talent, behind those efforts. They're quite concerned about vulnerabilities in the critical infrastructure
of the US, including telecommunications, transportation, water supply, and banking, as well as the electric power,
natural gas, and petroleum production industries, all of which rely significantly upon computers and computer networks
for their operation.
The bill itself may be studied at the
Library of Congress,
search engine, or
This article will present an overview
of the exciting and profitable opportunities which will soon be available to researchers with an interest in Cyber
Some of the other important findings of the bill include:
I consider the second finding particularly interesting. Given the history of security research, when the bill finds
that better sharing and collaboration is necessary, one might conclude that the government intends to support
the continued and expanded efforts of Open Source software, to accomplish the task. While there are certainly closed
implementations for security, it's just "commonsensical" to put the money behind the open and freely-available
efforts which are already shared, and collaborated upon.
- The US is not prepared for coordinated cyber attacks which may result from war
- Federal investment in computer and network security research must be increased to decrease vulnerability, expand
and improve the "pool" of knowledge, and better coordinate sharing and collaboration.
- African-Americans, Hispanics, and Native Americans comprise less than 7 percent of the information science
workforce, and this number should be increased.
In general, the National Science Foundation (NSF), which will be the director of the foundation which distributes the
funds, will be directed to award monies for research and study on the following topics, during the next five years:
- authentication, cryptography, and other secure data communications technology
- computer forensics and intrusion detection
- reliability of computer and network applications, middleware, operating systems, control systems, and
- privacy and confidentiality
- network security architecture, including tools for security administration and analysis
- emerging threats
- vulnerability assessments and techniques for quantifying risk;
- remote access and wireless security
- enhancement of law enforcement ability to detect, investigate, and prosecute cyber-crimes, including those that
involve piracy of intellectual property.
Now, that's certainly a broad list. It introduces significant possibilities for improving and
enhancing existing implementations, as well as finding new and improved techniques. The applications which will be
considered are to be evaluated on a "merit" basis, and may be undertaken by universities and other non-profit
institutions, as well as partnerships between one or more of these institutions along with for-profit entities and/or
Criteria for acceptance of any proposal submitted will be based upon:
- the ability of the applicant to generate innovative approaches
- the experience of the applicant in conducting research
- the capacity of the applicant to attract and provide adequate support
- the extent to which the applicant will partner with government laboratories, for-profit entities, other
institutions of higher education, or nonprofit research institutions, and the role the partners will play in the
research undertaken by the Center.
It seems a fair question to ask, why is the amount of "partnership" important? If the end result of the research is
to be "shared and collaborated", then perhaps the amount of partnership is not so critical as the first three criteria.
In any case, there's soon to be a lot of new money for study and work related to computer security. The
application process itself, while not yet established, has provisions for each of the distinct topics mentioned
previously, both for graduate study and training, as well as undergraduate internships and programs.
Have you an interest in Cyber Security? What programs or software could be improved, and how would such a large capital
infusion for research affect these projects? What are the political ramifications of the government getting
involved with the projects, either directly or indirectly? And what about the shortage of minorities in the profession?
What can be done to encourage young people in general, and African-Americans, Hispanics, and Native-Americans in
particular to study and learn about Cyber Security?