Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Government Security Your Rights Online

DHS Offers $40M For Top Cybersecurity Research 33

Trailrunner7 writes "The US Department of Homeland Security issued a call for proposals this week in a $40m program to encourage research and development in a wide range of topics related to cybersecurity: from designing more resilient software, to alternatives to passwords and CAPTCHA technology to prevent automated attacks. DHS laid out its areas of interest in a Broad Agency Announcement dated January 26. In it, the domestic security agency said it was soliciting papers and proposals centered on 14 different topic areas. At stake is $40m in federal funding for research and development, with individual grants ranging up to $3 million. DHS's areas of interest include software assurance, enterprise security metrics, usable security, as well as the challenges posed by insider threats."
This discussion has been archived. No new comments can be posted.

DHS Offers $40M For Top Cybersecurity Research

Comments Filter:
  • [From the summary]DHS's areas of interest include software assurance, enterprise security metrics, usable security, as well as the challenges posed by insider threats

    Call me naive but is sounds to me like DHS wants to stick around a while. Or am I still too new here?

    • Re:Setting an achor? (Score:4, Informative)

      by egamma ( 572162 ) <egamma@@@gmail...com> on Monday January 31, 2011 @11:17AM (#35057272)

      [From the summary]DHS's areas of interest include software assurance, enterprise security metrics, usable security, as well as the challenges posed by insider threats

      Call me naive but is sounds to me like DHS wants to stick around a while. Or am I still too new here?

      What made you think the DHS was ever designed to be a temporary agency? It's a permanent restructuring of the government. Looks to me like they want to expand their scope--that's the "new" part.

    • Call me naive but is sounds to me like DHS wants to stick around a while. Or am I still too new here?

      You're being naive. Considering that the only US Cabinet level department to be dropped was the Post Office, I'd say that DHS is here to stay. Then again, their goals for information security are a bid naive as well. I doubt they'll be able to hire 1000 security experts as they're trying to do.

      • by AB3A ( 192265 )

        Even if they could hire them; I'd be even more concerned with retaining them. From everything I've seen with DHS, it's not a good place to get anything done. The last thing anyone wants to do is to get on hamster wheel.

        • Particularly since their goal is flawed to begin with.

          It's not "To keep information secure from unauthorized access."

          It's "To keep information secure from unauthorized access except from them."

      • What, good security types don't work for $40k?

  • "The U.S. Department of Homeland Security issued a call for proposals this week in a $40m program to encourage research and development in a wide range of topics related to cyber security: from designing more resilient software, to alternatives to passwords and CAPTCHA technology to prevent automated attacks"

    Run your software from read-only hardware and don't allow execution of downloaded code, the exception being scripts that run in the browser context. This is run from RAM and gets flushed at reboot. Devi

    • by mlts ( 1038732 ) *

      Some more elaboration on that:

      1: Technology for low level read-only abilities, Code to redirect writes somewhere else, and the ability for a device to periodically shut down, completely wipe itself and go back to factory standards.

      2: If possible, flashing of a device can only be allowed physically. You stick a SD card in the device with the signed image, start the flashing process, and then press a button inside the machine to confirm this. The old ROM is saved off to a secure location, the new one is c

      • by rtb61 ( 674572 )

        You missed the most important one. Parallel networks, an inside secured hard wired network and an external at risk network.

        The internal secured network does not connect to the internet, any external connections are hard wired and all portable data device transfers are only done at secured monitored locations (upload or download).

        The external network that provides access to the internet, simply should not have access to any secured data, just regular communications. Transfer of data from internal to ext

        • by mlts ( 1038732 ) *

          Bingo. Essentially private companies need a "BIPRnet", similar to NIPRnet or SIPRnet. This would be for B2B communications (bank to credit card company, business to bank.)

          There are ways to make data accessible, but without allowing it to sit on a remote device. Heck, it could be a front-end that uses a serial protocol. The security engineering would be between the application and the server, showing a view of the data, but not allowing it to remain on a device, and this can get hairy, especially with th

          • by rtb61 ( 674572 )

            Simpler to provide 2 (technically 3 including smartphone) computers at each desk. A smart terminal and a netbook. Netbooks are getting cheaper all the time and a 12inch screen will do most 'communication' apps really well.

            Let the employees 'play' (it's inevitable) without any harm to secured system and even allows the communications network to be a provision of service to the employee as part of conditions of employment rather than an company communications channel, shifting all legal liability for commu

  • Everything in the article points to a responsible DHS and not a power hungry paranoia machine.

    What gives?

  • by FuckingNickName ( 1362625 ) on Monday January 31, 2011 @12:03PM (#35057838) Journal

    The biggest vulnerability facing modern society is the cooperation of corporation and government. Entry points include the system of lobbying and the highly paid private consultant who used to work with and can whisper the right words to people in government.

    I anticipate that tackling this problem will return approx. $1 trillion over the next decade. I believe my advice is worth at least $40 million, which I am willing to share with the first 39 people to reply to this post.

    • Entry points include the system of lobbying and the highly paid private consultant who used to work with and can whisper the right words to people in government.

      One of the most important entry points is right in the summary: the DHS is hiring big contracting companies to do this job instead of hiring some people and carrying it out themselves. Not at all unusual, but quite poisonous in my opinion.

  • Every packet should be fondled by TSA agent. Also disallow carrying any sharp or explosive bits in payload. Internet finally will be safe!
  • 40Mil? Chump change relative to the importance of the issues at hand. We can spend a billion dollars a year buying Egypt tear gas to use on it's citizens and shit.

Avoid strange women and temporary variables.

Working...