Cyber Security Industry Alliance Newsletter • Volume 1, Number 11 • July/August 2005

CSIA Urges Administration and Congress to Elevate Cyber Security Research & Development Efforts

CSIA voices concern over the dissolution of a Presidential committee focused on information security issues and calls for a national vision for cyber security R&D

Cyber security research and development is more important now than ever, as our dependence on cyber-based technology grows exponentially. However, funding levels for cyber security research and development (R&D) continue to shrink, and leadership is scarce.

CSIA released a report this month urging the Administration and Congress to take immediate action in the area of cyber security R&D, and to work together to elevate cyber security R&D efforts. In addition, the report highlights the need for a national "vision" for the security, reliability and resiliency of the information infrastructure.

Specifically, CSIA's report analyzes the current state of cyber security R&D, and calls on the federal government to prepare a long-term cyber security R&D plan and increase federal funding to strengthen the information infrastructure, while ensuring that the U.S. maintains its competitive edge in information technology. CSIA outlines its support for the President's Information Technology Advisory Committee's (PITAC) recent report that delineates federal priorities for cyber security R&D investment over the next ten years.

The CSIA report concludes with recommendations to Congress for funding R&D, including:

  • Creation of a designated entity to coordinate private and government cyber security efforts. One logical choice would be the new Assistant Secretary for Cyber Security and Telecommunications at the Department of Homeland Security.


  • Development of a national vision and long-term plan for the security, reliability and resiliency of the information infrastructure within ten years.


  • Heightened Congressional involvement in the form of hearings to review the state of Federal funding for R&D.


  • Commingling of private and government cyber security R&D funding to create more R&D opportunities and benefit the private sector.

CSIA’s report also voices concern over the dissolution of PITAC. The loss of this independent committee’s expertise and advice reduces the priority level of cyber security R&D, which will continue to dissipate without an advisory body to oversee R&D. The PITAC recommendations endure, however, despite the Committee’s lapse, and it is imperative, now more than ever, to act on them. The crisis in leadership in cyber security R&D will hold long-term implications for the U.S. if it is not arrested soon.

The 2005 PITAC report to the President lists ten priorities that serve as a good example of long-term research goals for the commercial and private sector. CSIA urges Congress to adopt these priorities and use them to create a 10-year plan for cyber security R&D federal funding in conjunction with the private sector and other relevant research organizations:

  • Authentication Technologies
  • Secure Fundamental Protocols
  • Secure Software Engineering and Software Assurance
  • Holistic System Security
  • Monitoring and Detection
  • Mitigation and Recovery Methodologies
  • Cyber Forensics
  • Modeling and Testbeds for New Technologies
  • Metrics, Benchmarks and Best Practices
  • Non-Technology Issues

An increase in funding alone will not produce better results, however, unless clear, long-term priorities for cyber security R&D are established. The combination of clear priorities and increased funding will create a larger pool of experts to take an in-depth look at security issues that plague networks, and to develop improved technologies to ensure secure, stable, and reliable information networks.

CSIA’s report identifies one of the biggest obstacles to prioritization: a lack of a clear focus due to the many short-term agendas in this area. It is important for the new Assistant Secretary for Cyber Security and Telecommunications to take a close look at cyber security R&D efforts and work with federal agencies and the private sector on a national vision for cyber security R&D. Research and development can play a major role in helping to address many of current and future cyber security threats if the programs are properly funded and managed. It is CSIA’s hope to work closely with the newly designated (but not yet appointed) Assistant Secretary for Cyber Security and Telecommunications at the Department of Homeland Security to make cyber security R&D a priority.

A copy of this report can be found at www.csialliance.org.