House Approves Funding for IT Security Research and Development

Surge in qualified security professionals expected in wake of $903 million pledge

• By Matt Migliore
• 11/20/2002

The legislation, called the Cyber Security Research and Development Act (H.R. 3394), has already passed through the Senate. It now moves on to President Bush’s desk, where it is expected to be signed into law.

Under terms of the measure, the U.S. government pledges approximately $900 million to IT security research, surpassing its current level of investment by more than threefold. For the enterprise, this is a welcome move that should bring an influx of new qualified professionals to the corporate world.

Harris Miller, president of the Information Technology Association of America, an advocacy group that recently launched a new initiative to stimulate dialogue on information security education, says H.R. 3394 will help the enterprise in the long-term.

“While the act provides little immediate benefit to companies, down the road it will have an impact on strengthening the available talent pool of information security workers,” he says. “This is an area of growing need in IT.”

In its current state, H.R. 3394 calls for the National Science Foundation and National Institute for Standards and Technology to allocate $104 million in 2003, rising to $229 million by 2007. However, the approval process is not yet over, and those numbers could change before the proposed legislation is set into action.

“While the bill authorizes the funds, they still have to be requested in the president’s budget and appropriated by Congress,” says Miller. “We are hopeful funding will be included in the fiscal year 2004 budget.”

Specifically, H.R. 3394 is intends to “(A) improve vulnerability assessment and technological and systems solutions; (B) expand and improve the pool of information security professionals, including researchers, in the United States workforce; and (C) better coordinate information sharing among industry, government, and academic research projects." According to the legislation, funded research areas may include “(A) authentication and cryptography; (B) computer forensics and intrusion detection; (C) reliability of computer and network applications, middleware, and communications infrastructure; and (D) privacy and confidentiality.”

Miller acknowledges, though, it will be some time before the act begins to produce concrete results. “We’re looking at a five to ten year cycle on impact on research and development, which will have a cascading effect throughout the public sector,” he says.

Miller feels H.R. 3394 is a step in the right direction, but believes there is still more work to do to ensure the security of the nation’s IT infrastructure.

“Direct funding is needed for government information systems in various agencies. It's important to get the groups more money—and R&D is important,” he says. “But we need billions of dollars spent on hardening current systems.”