AOH :: ISNQ4280.HTM|
Rx for IT security: RFP?
Rx for IT security: RFP?
Rx for IT security: RFP?
Site design & layout copyright © 1986-2015 CodeGods
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Content-Type: TEXT/PLAIN; CHARSET=UTF-8
By William Jackson
The head of the Homeland Security Department=E2=80=99s research and development
activities was chastised by a House subcommittee last month for not
bringing better organization to the department=E2=80=99s Science and Technology
Yes, things have improved from the =E2=80=9Cchaos=E2=80=9D that characterized the
directorate when Undersecretary Jay M. Cohen arrived, conceded Rep.
James R. Langevin (D-R.I.), chairman of the House Homeland Security
Subcommittee on Emerging Threats, Cybersecurity and Science and
Technology. But Langevin also said that Cohen has not done enough to
establish a strategic direction for his R&D efforts or metrics for
Cohen said in his defense that, upon assuming the position last August,
=E2=80=9Cmy first focus was getting my own house in order.=E2=80=9D
Part of that house is the Homeland Security Advanced Research Projects
Agency, charged with promoting commercial development of the information
technology security tools needed by the department. HSARPA focuses on
what it calls =E2=80=9Chigh-risk, high-payoff=E2=80=9D projects that will produce new
systems rather than advancements in current technology =E2=80=94 revolutionary
rather than evolutionary improvements. Because the projects are seen as
high-risk, the government lends a hand in funding and directing them.
But it seems that the private sector is relying a little too much on
government assistance to meet the basic goals of HSARPA=E2=80=99s IT security
initiatives. I am not suggesting that government should not cooperate
with industry to help define the technology it needs. But there already
is a ready market for the types of products HSARPA is promoting.
HSARPA shares similarities, in both name and mission, with DARPA, its
Defense Department counterpart. Both solicit partnerships with industry
to produce new technologies or products that might not be feasible or
attractive for industry to develop on its own.
But, =E2=80=9CHSARPA is different from DARPA,=E2=80=9D Cohen told the subcommittee.
DARPA focuses on long-range basic research projects whose payoff may
come well down the road, if at all. The Internet was one of those
projects, developed long before there was any demand for an Internet.
=E2=80=9CDARPA does what they do independent of their customers,=E2=80=9D Cohen said. =E2=80=9CI
don=E2=80=99t have that luxury.=E2=80=9D
HSARPA focuses on applied research to fill the =E2=80=9Ccapability gaps=E2=80=9D of its
customers, primarily Gregory Garcia, DHS assistant secretary for
cybersecurity and telecommunications. In other words, it encourages
development of the tools needed now to support government missions and
protect the nation=E2=80=99s critical infrastructure. These tools include
document validation systems for a wide range of paper and electronic
credentials, improved biometrics, and systems for detecting and
responding to cyberthreats in real time.
These are the types of products industry should be producing. The need
for them already exists, both in the government and private sectors.
Missions differ from one sector to the other, but the equipment,
protocols and technologies being used to execute those missions are
essentially the same. They share common vulnerabilities and need the
same tools to protect themselves.
It would be nice to have the out-of-the-box thinking and revolutionary
approaches HSARPA is supposed to encourage. But with the need for these
tools already clear, this seems to be the kind of applied research
companies ought to be involved in anyway.
The IT industry has shown itself perfectly capable of thinking outside
the box. It continuously comes up with new products and functionalities
we don=E2=80=99t know we need but which quickly become incorporated into our
business lives. Things like BlackBerrys, peer-to-peer networking and
instant messaging come to mind. The industry is spending something like
$70 billion a year to extend its wireline and wireless broadband
networks to enable these new functionalities. It ought to be investing
in equally innovative tools for securing these networks, devices and
HSARPA=E2=80=99s job should be to help identify the needs of its customers and
make them known to industry. Industry=E2=80=99s job is to build products that
meet those needs, and then sell them at a reasonable profit. There is no
reason government can=E2=80=99t help direct the process, but a ready market for
these tools should be all the incentive industry needs to develop them.
Content-Type: text/plain; charset="us-ascii"
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com