http://community.ca.com/blogs/iam/archive/tags/Identity+Management/Cyber+Czar/default.aspxTags: Identity Management, Cyber CzarenCommunityServer 2007 SP1 (Build: 20510.895)http://community.ca.com/blogs/iam/archive/2009/06/10/on-cyber-security-r-amp-d-education-and-the-proposed-czar.aspxWed, 10 Jun 2009 18:45:00 GMT8d07cc69-a460-48f1-844d-25b05ba87317:2519CA Community0http://community.ca.com/blogs/iam/archive/2009/06/10/on-cyber-security-r-amp-d-education-and-the-proposed-czar.aspx#comments<p>Earlier today I had the opportunity to testify in Congress at a hearing on cyber security R&amp;D.&nbsp; I appreciate that opportunity and am proud to have represented the views of CA, the Business Software Alliance (BSA) and industry in general in discussing cyber security research, development and education.&nbsp;&nbsp; You can <a class="" href="http://www.ca.com/Files/SupportingPieces/cyber-security-testimony_208324.pdf" target="_blank">read the testimony</a>, but I thought I&#39;d discuss here a few key points as they relate to the recently released <a class="" href="http://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf" target="_blank">White House Cyberspace Policy Review</a>, possible activities for the <a class="" href="http://www.whitehouse.gov/the_press_office/Remarks-by-the-President-on-Securing-Our-Nations-Cyber-Infrastructure/" target="_blank">to-be-named cyber security coordinator</a>, and education as a key element to our nation&#39;s security online. </p> <p>The area of R&amp;D - the key focus of my testimony - was done collaboratively with the BSA, of which CA is a member.&nbsp; In my testimony, I highlighted perceived shortcomings in the Federal Plan for Cyber Security and Information Assurance Research and Development (CSIA plan) and suggested solutions for the cyber security agenda and the area of cyber security R&amp;D. Specific items include:</p> <ul> <li>The suggestion for a new method of defining R&amp;D projects to supplement traditional requests for proposals. There should be a way for industry to more easily and proactively suggest R&amp;D projects to various agencies and support them in almost a &quot;sole source&quot; initiative. </li> <li>Improve long-term cyber security research. This view aligns with the Cyberspace Policy Review&#39;s emphasis on R&amp;D in &quot;game-changing technology that will help meet infrastructure objectives.&quot; The view of CA and BSA is that the government first check to see if commercially available solutions are available that provide the same or an equivalent capability. If commercial solutions exist - or could be readily adapted - this would allow the government to better use its resources and focus on research that may bring breakthroughs in technology for the long-term, rather than short- and mid-term solutions. </li> <li>Facilitate the migration path of technologies developed through Federal R&amp;D. This basically calls for research and technologies developed by federal agencies to become more available to industry through licensing, and for the intellectual property to remain with the industry for technologies developed by industry with government support. </li></ul> <p>The human element also is critically important to ensuring our nation is secure in the cyber world. Everyone must play a role.&nbsp; Everyone needs to know what the cyber security threats are and how to be smart online. This view also is in line with the Cyberspace Policy Review, and the government already has several efforts underway to educate the public. An important element to consider here, however, is education is not a &quot;one-size-fits-all&quot; option.&nbsp; Teens need slightly different education than the 60 and 70-year-olds who are online and federal programs must be aligned appropriately. </p> <p>The other facet of education that I touched on in my testimony is that of our university and college systems.&nbsp; There are several government agencies supporting security higher education successfully, but there is always more we can do to keep the curricula on pace with the rapid changes in technology and to drive more interest in security specialization.&nbsp; More than ever we need to put individuals in the workforce who are not only skilled in secure coding, but also in security systems and architecture. </p> <p>Securing our nation in cyberspace is critical. It&#39;s one of the most important arms races in the 21^st century and failure to win this race would change life as we know it today.&nbsp; To facilitate this effort, <a class="" href="http://www.whitehouse.gov/the_press_office/Remarks-by-the-President-on-Securing-Our-Nations-Cyber-Infrastructure/" target="_blank">President Obama plans to appoint a Cyber Security Coordinator</a> to work across the National Security Staff and the National Economic Council.&nbsp; The job has been loosely defined and much has been written, speculated and suggested about the role.&nbsp; What are the top 3 skills and background elements this person should have to effect change through this role? For example, what is most important - his or her security expertise, or the ability to bring together groups with agendas that are not perfectly aligned? Should this person be a Washington insider, or someone from industry or academia?&nbsp; Or a combination of all three?&nbsp; What do you think?</p><img src="http://community.ca.com/aggbug.aspx?PostID=2519" width="1" height="1">Congressional TestimonyCyber CzarCybersecurityFederationIAM TrendsIdentity ManagementR&amp;DSecurity