January 30, 2003

Consortium pushes for cybersecurity R&D

U.S. government, industry challenged to spend more

By Grant Gross | IDGNS

Print |

WASHINGTON -- A consortium of 23 security research institutions is calling on the government and private companies to put more research and development muscle into a host of cybersecurity problems, including scanning individual computers for sources of attacks and code vulnerability scanners.

The Institute for Information Infrastructure Protection (I3P), a consortium of colleges and U.S. research laboratories, didn't ask for a specific budget Thursday, but challenged the U.S. government and private industry to spend money in eight cybersecurity areas that are under-researched, according to the group.

I3P chairman Michael Vatis jokingly denied starting last weekend's slammer worm attack on the Internet as a way of bringing attention to the R&D needs in cybersecurity. "We're reminded of our vulnerabilities daily, and how vulnerable we are to attacks," he said. "There's a critical piece of this problem that to date has not received the attention and focus that is needed, and that is research and development."

I3P, based at Dartmouth College in New Hampshire and funded through the U.S. Department of Commerce's National Institute of Standards and Technology, released a 55-page R&D agenda Thursday. The I3P's initial cybersecurity report, available at http://www.thei3p.org/, calls for more R&D in eight general areas:

1. Enterprise security management.

2. Trust among distributed autonomous parties.

3. Discovery and analysis of security properties and vulnerabilities.

4. Secure system and network response and recovery.

5. Traceback, identification and forensics.

6. Wireless security.

7. Metrics and models.

8. Law, policy and economics

The report goes into greater detail than the eight general areas, and the I3P brought experts to talk about each item during a kick-off event in Washington .

I3P member Wayne Meitzler, cybersecurity R&D program manager for the U.S. Department of Energy's Pacific Northwest National Laboratory, called for more research into vulnerability scanners that could test for weaknesses in object code and source code.

next page ›

Tags: Security

Print |

The iEverything Enterprise: Understanding and Addressing IT's Dilemma in a World Dominated by Wireless Smart Devices

Reduce the cost and complexity of wireless networks with cloud-enabled, distributed Wi-Fi and routing. By removing the architectural limitations of traditional WLANs, you can support identity-based access and enable delivery of mission-critical applications and services to any user, on any device, at any time without a single point of failure.

View now »