Shostack + Friends Blog Archive


GAO report on the state of Federal Cyber Security R&D

This GAO Report is a good overall summary of the state of Federal cyber security R&D and why it’s not getting more traction.    Their recommendations (p22) aren’t earth-shaking:

“…we are recommending that the Director of the Office of Science and Technology Policy, in conjunction with the national Cybersecurity Coordinator, direct the Subcommittee on Networking and Information Technology Research and Development to exercise its leadership responsibilities…”

We could paraphrase this by quoting Spike Lee’s movie title: “Do the right thing.”

The only problem with this is recommendation is that NITRD’s Cyber Security and Information Assurance Working Group has specifically defined it’s role as facilitator, not a leader (p15). Wishing that they would take the lead won’t make it so.