May 30, 2024

Cyber-Security Research Undersupported

Improving cybersecurity is supposedly a national priority in the U.S., but after reading Peter Harsha’s report on a recent meeting of the President’s Information Technology Advisory Committee (PITAC), it’s clear that cybersecurity research is severely underfunded.

Here’s a summary: The National Science Foundation has very little security research money, enough to fund 40% or less of the research that NSF thinks deserves support. Security research at DARPA (the Defense department’s research agency) is gradually being classified, locking out many of the best researchers and preventing the application of research results in the civilian infrastructure. The Homeland Security department is focusing on very short term deployment issues, to the near-exclusion of research. And corporate research labs, which have shrunk drastically in recent years, do mostly short term work. There is very little money available to support research with a longer term (say, five to ten year) payoff.


  1. Richard Premont says

    To put this in perspective, folks who are supported by NIH or NSF to do biomedical research would fall over dead in shock if the funding rate for good, solid research that ought to be done ever rose to even 40%. When times are good, this rate has reached 30%, but currently is drifting South of 20% as federal funds are shifted away toward more defense-related activities. Of course cyber defense is important, but so is medicine. Far more folks die from diseases that might be prevented or ameliorated than have ever died from a cyber attack, or may ever. Balancing diverse needs is always tough.

  2. Dr. Felton,

    Prior to the turn of the century, North America moved from being an analog based society to a digitl based society.

    4 years after the turn of the century, the digital communication medium (email) is close to becoming totally unreliable.

    The Cold War ended with the collapse of the Berlin Wall. In 1993, a group of militant religous fundamentalists (MRP’s) declared war on the US. We ignored the threat and 8 years later citizens from around the world died on 11.11.01.

    Last week, the CIA’s Director told people we were 5 years out from being able to really cope with the threat of Middle Eastern based MRP from an intelligence perspective. (Even though the Beirut bombing of the Marines occured 21 years ago.)

    (Gosh only knows what the situation is in Canada.)

    Now it seems there is an issue with funding of long term research on cyber-security, while the President tells the American people and the world we need to gird ourselves for a long battle in the war against terror.

    I realize this is an election year both in the United States and Canada. But … people need to remain focused on the fundamentals.

    Thanks for bringing this to our attention.

    Kind regards,

    John Glube
    Toronto, Canada

  3. Todd Jonz says

    I don’t find this at all surprising in light of the seriously conflicting objectives of the current administration. One the one hand they would like to see security improved in an effort to ensure that crititcal infrastructue and data is safe from the bad guys. On the other hand, however, the law enforcement community continues to lobby for back-doors in communications systems and limitations on certain security-enhacing technologies such as encryption; from their perspective easily compromised systems are an asset, not a liability.

    Life would be so much easier if the coin didn’t have two sides.