The federal government has extensive programs and policies in place related to federal research and development (R&D) on cybersecurity, but there are six key impediments to improving cybersecurity R&D at the federal level, the Government Accountability Office (GAO) says in a new report.
The challenges include the lack of a prioritized national cybersecurity R&D agenda, lack of leadership for improving federal cybersecurity R&D efforts, lack of a process for sharing information on key R&D initiatives between the public and private sectors, limited focus on long-term, complex research projects, an insufficient information technology human capital skill base, and no mechanism that identifies all R&D initiatives and funding, says the report, Cybersecurity: Key Challenges Need to be Addressed to Improve Research and Development (GAO-10-466). The report was sent to the House Homeland Security Committee early last month and recently was publicly released.
“The absence of a national cybersecurity R&D agenda and leadership increases the risk that efforts will not reflect national priorities, key decisions will be postponed, and federal agencies will lack overall direction for their efforts,” GAO says. “Furthermore, without sufficient attention to complex, long-term research projects and input on the current weaknesses and shortages in researchers in cybersecurity, the nation risks falling behind in cybersecurity and not being able to adequately protect its digital infrastructure.”
GAO recommends that the White House Office of Science and Technology Policy and national Cybersecurity Coordinator direct the Subcommittee on Networking and Information Technology Research and Development take several actions, including establishing a comprehensive national R&D agenda, identify shortages of researchers in the cybersecurity field, create a mechanism to track ongoing and completed federal cybersecurity R&D projects and related funding, and use the new tracking mechanism develop a process to make the R&D information available to federal agencies and the private sector.