Technology

Washington Earmarks Megabucks for Cyber Security


Computer security specialists stand to get more than $800 million in new

federal grants over the next five years if a bill passed last week by the

House Science Committee become law.

The events of Sept. 11 have added new impetus to efforts to secure the

Internet from attack, making new funding an easy sell, according to sources

on the Hill. Less easy are the demands Congress is placing on researchers:

This time lawmakers wants a network that isn't just more secure, but one

that can heal itself if it's damaged.

"Congress is usually busy with immediate fixes," one committee staffer said.

"We had two hearings on cyber security, and what came out of them is this

just doesn't receive enough attention from the federal government. There

aren't enough researchers and there isn't enough money."

House members are counting on the National Science Foundation, the only

federal agency to receive a passing grade for computer security from the

General Accounting Office, to hand out much of the funding.

The NSF would distribute $568 million for basic research to independent

researchers and universities from 2003 to 2007, under provisions of a bill

sponsored by committee chair Sherwood Bohlert, R-NY. $144 million is

earmarked for establishing new research facilities at colleges.

The National Institute of Standards and Technology (IST) would hand out $310

million in new research money over the same period, chiefly to universities.

Attractive as the goal of a self-healing Net seems, even researchers who

stand to gain from the program warn that the task is formidable.

"The little research that is being done is focused on answering the wrong

question," National Academy of Engineering president William Wulf told the

committee in hearings last fall. "When funds are scarce, researchers become

very conservative, and bold challenges to the conventional wisdom are not

likely to pass peer review ... In this context, the right answer to the

wrong question is worse than useless."

The US Association for Computing Machinery has urged more funding for

long-term research, too. Eugene Spafford, co-head of the USACM's advisory

committee on security and a researcher at Purdue University, slammed federal

programs for being too short-sighted.

"Several of my colleagues have reported that they have begun to gain

understanding of a fundamental problem after several years of research, only

to find that the program under which they did their work was discontinued

and no further funding was available," he told the committee.

Though free-market advocates often liken research funding to "corporate

welfare," criticism of the new security spending has been muted.

"I don't think these efforts will hurt, but the vast amount of effort is

going to be carried by the private sector, no matter what the government

does," said Solveig Singleton, a researcher at Competitive Enterprise

Institute. "It's going to have to a decentralized effort not a centralized

one. The net has so many points of vulnerability."

Spafford, for his part, disagreed. Industry has successfully lobbied for

exemptions from liability for security flaws, he said, rendering the market

incapable of solving cyber security problems. The Digital Millennium

Copyright Act, which arguably bars some computer-security research in the

name of keeping secret anti-copying protections, is one example, he said.

The proposed Uniform Computer Information Transactions Act, which makes

blanket exemptions for software flaws legally binding, is another.

"In the current market that does not offer consumers significant choices,

and where there is no liability for faulty products, there is little

likelihood that industry players will invest in fundamental research to

improve products," Spafford told the committee. By Will Rodger


Hollywood Goes YouTube
LIMITED-TIME OFFER SUBSCRIBE NOW

(enter your email)
(enter up to 5 email addresses, separated by commas)

Max 250 characters

Sponsored Links

Buy a link now!

 
blog comments powered by Disqus