[tags]cyber security reseach, PITAC[/tags]

I strongly urge you to read Jim Horning’s blog entry about a recent Congressional hearing on cyber security research—his blog is Nothing is as simple as we hope it will be.  (Jim posts lots of interesting items—you should add his blog to your list.)

I have been visiting Federal offices and speaking before Congress for almost 20 years trying to raise some awareness of the importance of addressing information security research.  More recently, I was a member of the President’s Information Technology Advisory Committee (PITAC).  We studied the current funding of cybersecurity research and the magnitude of the problem.  Not only was our report largely ignored by both Congress and the President, the PITAC was disbanded.  For whatever reason, the current Administration is markedly unsupportive of cyber security research, and might even be classed as hostile to those who draw attention to this lack of support.

Of course, there are many other such reports from other august groups that state basically the same as the PITAC report.  No matter who has issued the reports, Congress and the Executive Branch have largely failed to address the issues.

Thus, it is heartening to read of Chairman Langevin’s comments.  However, I’m not going to get my hopes up.

Be sure to also read Dan Geer’s written testimony.  It touches on many of the same themes he has spoken about in recent years, including his closing keynote at our annual CERIAS Security Symposium (save the dates—March 19 & 20, 2008—for the next symposium).

Copyright © 2007 by E. H. Spafford
[posted with ecto]