By Patience Wait
The federal government has to do a better job of coordinating research
and development on cybersecurity issues and needs to improve its
information sharing and collaboration efforts on the topic, according to
a just-released report  by the Government Accountability Office.
Most cybersecurity technologies offer only single-point solutions by
addressing individual vulnerabilities, the report stated. As a result,
many researchers have described the use of these types of near-term
solutions as being shortsighted. ... Research in cybersecurity
technology can help create a broader range of choices and more robust
tools for building secure, networked computer systems.
Within the government, numerous agencies conduct R&D into cybersecurity
technologies, the agency found, including the departments of Homeland
Security, Defense and Energy, the National Institute of Standards and
Technology, the National Science Foundation and agencies in the
intelligence community, such as the National Security Agency and the
Defense Advanced Research Projects Agency.
Funding for cybersecurity R&D is scattered among all the agencies, as
well. The National Science Foundation included about $94 million in its
fiscal 2006 budget request for cybersecurity research, education and
training. DHS allocated approximately $10 million to the subject in
fiscal 2004, $18 million in 2005 and $17 million in 2006. DOD officials
told GAO that the department provided about $150 million to its
cybersecurity research programs in fiscal 2005.
For the first time, the [National Information Technology R&D] program
... reported budget information for cybersecurity research separately
from other types of research in its supplement to the presidents fiscal
year 2007 budget, the GAO report stated.
At a policy level, too, there are several layers of responsibility, from
the White Houses Office of Management and Budget and the Office of
Science and Technology Policy, to the Cybersecurity and Information
Assurance Working Group, the National Science and Technology Council and
its committees on technology, and homeland and national security, to
To assist all these organizations, GAO called on the director of OSTP to
establish firm time lines for completing the federal cybersecurity R&D
agenda, which was one recommendation in the National Strategy to Secure
Cyberspace, issued in February 2003.
In addition, the GAO report recommended that OMB issue guidance to
agencies on reporting information about federally funded cybersecurity
research projects to governmentwide repositories already in place.
Visit the InfoSec News store!