Obama Wants Big Hike In Cybersecurity Research

dcblogs writes "The White House 2012 budget seeks a 35% increase to $548 million in cybersecurity research and development, including funds to help DARPA mitigate the risk of insider threats. Think WikiLeaks. Improving control system security, post Stuxnet, was also cited as priority. Overall, the budget seeks $66.1 billion for basic and applied research across all areas, an 11.6% increase. Some areas called out for special focus by the White House include robotics. The feds have already started offering grants for developing of 'co-robots,' which are 'systems that can safely co-exist in close proximity to or in physical contact with humans in the pursuit of mundane, dangerous, precise or expensive tasks.' The US also wants to focus research on nanomanufacturing, 'and the merging of self-assembly with lithography to achieve large-scale predictable placement of nanoscale components.'"

Or...

[Codex_of_Wisdom]

Instead of increasing defense funding, how about we stop making people mad enough to attack us? That way, we can spend our money on more important things.

Re:Or...

[Anonymous Coward]

There will always be people who are mad and/or insane enough to attack us.

The key is to realize that we could defend our country just fine on half of the budget.

Re:

[TheSpoom]

Unfortunately you'll find neither major party willing to say that because they're all in the pocket of defense contractors.

Like most things, third parties and independents are the answer, but the major parties have convinced Americans that they're helpless.

Re:Or...

[99BottlesOfBeerInMyF]

The key is to realize that we could defend our country just fine on half of the budget.

Unfortunately you'll find neither major party willing to say that because they're all in the pocket of defense contractors. Like most things, third parties and independents are the answer...

Ahh, but how does a third party get elected or how do we change the positions of the big parties to fix the problem? Personally I think the answer is lobbing reform. That should be the swing issue tackled, rather than the level of government spending. Allow me to explain.

Most Americans when polled can't agree on programs where money should be cut that will significantly reduce spending. You'll have a hard time finding any significant area of spending where 50% of citizens want cuts. At the same time polls show something like 80% of Americans in favor of banning lobbying by corporations, more than 90% in favor of banning lobbying by foreign governments. There's even popular support for making it illegally for lobbyists to so much as organize fundraisers. And yet nothing is done. This is because our current elected officials pretty much universally benefit from current laws.

There is popular support to back a reform candidate, third party, or subset of a major party that focuses on the issue of government corruption, and the influence of lobbyists. People get mad about lobbying and corruption and they are right to do so. This just needs to be harnessed to get people elected on promises of doing something about it. If the tea party, for example, focused on that topic they'd be getting a lot more support from the other end of the political spectrum, of course since the tea party is largely run, promoted, and marketed by lobbyists this is unlikely. Still, a real grassroots campaign could be run.

Rather than supporting third parties and hoping they'll help, why not focus on why all congress critters are in the pockets of defense contractors in the first place. It's because the lobbyists of those defense contractors get them elected by supporting their party's coffers, organizing fundraisers, and sometimes directly running media campaigns. The public doesn't want that and making it an issue can get those people to stop relying upon those lobbyists or get them replaced by others not suckling at their teat. A solid strategy is better than throwing your vote behind a losing candidate as a protest. The focus should be on lobbying reform and let the chips fall where they may.

Re:Or...

[Attila Dimedici]

So, you think we should make it illegal for people to pool their money and hire someone to spend fulltime keeping track of what Congress is doing and then report back to the group. Additionally, this person will take the opinions of the group and communicate them to various members of Congress, so that the members of Congress will know what those of their constituents who are members of this group think of various laws bills being considered by Congress.
Of course, that would require a Constitutional Amendment since the Constitution says: "Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances."
While you can interpret it differently, everything lobbyists do can be interpreted as petitioning the Government for redress of grievances. And everything that you can do to petition the Government for redress of grievances can be interpreted as lobbying.

Re:

[99BottlesOfBeerInMyF]

So, you think we should make it illegal for people to pool their money and hire someone to spend fulltime keeping track of what Congress is doing and then report back to the group.

Nope, just illegal for the group to incorporate then give money to election funds or run politically themed ads.

Additionally, this person will take the opinions of the group and communicate them to various members of Congress, so that the members of Congress will know what those of their constituents who are members of this group think of various laws bills being considered by Congress.

And I personally have no problem with privately funded special interest groups, provided those groups don't provide government employees with bribes in the form of free travel accommodations, meals, etc.

Of course, that would require a Constitutional Amendment...

While I'm thinking of a different set of restrictions than you seem to be, likely there would need to be a constitutional amendment. Currently the Supreme Court precedent interprets the 14th amend

Re:

[Thing 1]

This is because our current elected officials pretty much universally benefit from current laws.

I'm sure, given six lines from any of our current elected officials, ...

Re:

[99BottlesOfBeerInMyF]

Ahh, but how does a third party get elected or how do we change the positions of the big parties to fix the problem?

Reform the electoral system, for one thing.

Ahh, but that's a chicken and egg problem. If we reformed the electoral process we'd be able to elect more third parties, but why would the current politicians vote for it? Most individuals don't care about or understand more modern electoral systems and you can bet your ass about 50% of the population would immediately brand it as "foreign socialist fancy math voting" and thereby inferior to what the US is doing (which they probably don't even know).

The next biggest step to a third party getting elected (PROBABLY) is for you and I to vote for them and trust our fellow citizens will vote for who they think is best.

Been there, d

Re:

[Anonymous Coward]

The key is to realize that there's a difference between "defending America" and "defending American interests all over the world".

Defending the American homeland is uncontroversial. Not even Osama Bin Laden himself would have any issue with that. What causes strife is when this is extended to mean "defending America's supplies of foreign goods, especially oil". That is what makes the US military so overstretched, and so astonishingly expensive.

Re:

[mbstone]

Yes, but it's impossible to determine in advance which half.

(Props to William Wrigley, Jr.).

Re:

[Anonymous Coward]

It is not about our military actions, it is about us not being islamic.

Most attacks have nothing to do with being mad

[Timmy D Programmer]

Most attacks have nothing to do with being mad, Most are organized crime, doing it to make a buck. The next largest subset are simply vandal type hackers doing it to amuse themselves. Very few are politically motivated.

Re:Or...

[interkin3tic]

I don't see why this is modded flamebait. It's naive to think that, but naive =/= flamebait necessarily.

Does anyone here actually think everything the US does that annoys people with computers is necessary? I mean, former ambassador John Bolton runs around yelling on Fox that we should bomb Iran pretty much every day. If Iran were -reasonable- they'd think about putting child porn on his computer. It certainly doesn't discourage them from funding cyberwarfare against the rest of us.

I think if our government were to take a reasonable response to Wikileaks rather than trying to burn Asange at the stake, Anonymous might be ever-so-slightly less inclined to do some damage to government networks.

There will always be people attacking the US as long as there is a US, sure, but we do encourage a lot of it, and we could ruffle fewer feathers definitely.

At least *someone* is laying cards on the table...

[mlts]

Partisianism aside, this is a good thing. Security initiatives are not going to be coming from the business sector because security has no ROI [1]. So, the only real origin of more robust tools to keep the blackhats out are going to have to come from governments.

Of course, my fear is that this security initiative (meant to keep data safe from being exposed, or worse, tampered with), may turn into funding for nastier DRM. Mainly because DRM does seem to have a ROI attached to it while security in general

Re:

[c0lo]

[1]: Of course, good security saves money,

FTFY. Two examples why this is important:
1. how much security the TSA scanners bring? how much do they cost?
2. a very recent case showed a group of 3 companies trying to get a contact for 6 months at 2 mils/month. Turned out that one of them wasn't even able to secure its digital assets.

I admit, I didn't say what good security mean. Well, that's let as homework.. for extra points, see how much of what Obama wants is indeed good security.

yay more work for me!

[Anonymous Coward]

ka-ching

DARPA money through Mudge

[fwice]

Note that a large portion of the money for DARPA is going to cybersecurity research with Mudge [wikipedia.org] of the L0pht [wikipedia.org] as the DARPA Program Manager.

[1] http://www.pcworld.com/businesscenter/article/219725/government_employs_hackers_in_brave_new_scheme.html [pcworld.com]
[2] http://www.wired.com/dangerroom/2010/08/darpas-star-hacker-looks-to-wikileak-proof-the-pentagon/ [wired.com]
[3] http://www.foxnews.com/scitech/2011/02/07/internet-creators-ask-hackers-help/ [foxnews.com]

Cyberwhat?

[Anonymous Coward]

What's with the 'cyber' prefix anyway? It doesn't mean anything.

Re:

[Fluffeh]

What's with the 'cyber' prefix anyway? It doesn't mean anything.

Yes, it means that you can double your fee for the cyberfix.

1> Security Issue: $10 Million to fix.
2> Cyber Security Issue: $20 Million to fix.

Think back ten to fifteen years - Anyone with "dotcom" development experience could double or triple their salary by including that on their resume. Same person, no difference, but it makes the dollars involved higher.

Re:

[spun]

Cyber is the longer, more old fashioned way of saying e- or i-. We use to call it cyberwarfare, now we don't have time for that, and so we call it iWar.

Re:

[countertrolling]

Yeah it does. It means 'cool computer/robot shit'

Re:

[Troll-Under-D'Bridge]

I think originally the prefix cyber- was related to the sci-fi notion of a cyborg, basically a human fused with a machine, until it was hijacked by a certain cyberpunk writer [wikipedia.org] and converted into cyberspace, an emptiness vaster than interstellar space. For "most people", cyber- is synonymous with anything that can be done with an Internet connection. Ergo, cyber-sex, cyber-war, cyber-bullying, cyber-stalking, etc (with or without the hyphen). Sadly, a cybernaut is someone who explores cyberspace [princeton.edu] rather than a

Cash for 'cyber' is flowing

[AHuxley]

http://www.pcworld.com/businesscenter/article/219725/government_employs_hackers_in_brave_new_scheme.html [pcworld.com]
"...harness those within the hacking community who typically present research at black or white hat conventions but whose work flies under the radar of DARPA."
"hacker incubators" and made it clear that the DoD would not request commercial rights to any innovations discovered.
" a new type of Windows rootkit that was undetectable and almost impossible to remove." http://crowdleaks.org/hbgary-inc-working-on-secret-rootkit-project-codename-magenta/ [crowdleaks.org]

Easy.

[istartedi]

If it's really important, don't put it on the Internet. If routing over another physical network is too expensive, encrypt it.

There. Problem solved. All I ask is 10% of what they are planning to spend on this problem. I think that's reasonable. I'll be by the Treasury to pick up my money on Tuesday. I'll be the one in the Bugatti Veyron, which the dealers will happily front me when I explain to them what I've done.

Re:

[failedlogic]

Your idea sucks because:

1) There is no way a defense contractor or IT company can make any money with this model.
2) It is much better to leave systems insecure and then try to patch it up with super secure OS, Software, Hardware, guard sharks and people to feed the sharks. And some TSA agents to feel you up.
3) You suggestion makes sense.

This is why you probably don't work in Washington DC.

Re:

[SethThresher]

Exactly, Obama's just trying to raise MORE spending, and dressing it up in a way that's going to make the scared masses cave in and let it happen.

Re:

[geekoid]

This spending is good. RnD leads to more jobs, more technology and more advances. It always has.

Re:

[Jane Q. Public]

How is it good? Increasing the budget by 35% in order to get government departments to do things they are already supposed to be doing?

They're just throwing good money after bad.

Re:Easy.

[geekoid]

Don't be stupid. That's like securing banks by removing all the roads around it. Now it's secure and useless.

ANd it's a hell of a lot more then files you want kept out of the purview of others. It's stopping people from actually doing damage.

Typical, someone whop has no clue of what's involved thinks he can do it cheaper.

And you have no clue about the whats involved in buying a Veyron either.

Re:

[istartedi]

Got humor?

Re:Easy.

[dachshund]

If it's really important, don't put it on the Internet.

Exactly --- just like Iran did with their centrifuge controllers.

Re:

[raddan]

I think you vastly misunderstand security. "Don't put it on the Internet" and "encrypt it" are good rules-of-thumb, but they rely on many assumptions, many of which we only think we understand. For example, P != NP is a fundamental assumption in cryptography, but it is unproven. It appears as if we're probably right, but we do not know for sure. The budget calls for "basic research" in security-- this means that someone who is seeking to understand security from a computational (i.e., mathematical) stan

Re:

[WindShadow]

When I was doing work requiring clearance (DoD and DoE at various times) there was a lot of stuff to understand about need to know. Having low level clerks see things I would restrict to cabinet level access is stupid, and no new research needed, just applying principles practiced in the 1970s.

Given the chance to design an access system, I would have a "can see" bit map and put characterizing bits (flags, whatever) on each item, so unless someone was cleared for all characteristics of a document or folder,

Disappointed

[bradgoodman]

I saw an article about Obama wanting to spend money. I can't believe there weren't a thousand posts vilifying him for some kind of "liberal tax-and-spend agenda".

Let's repost on Fox News' site and see what happens ;-)

Another Star-Wars boondoggle...

[Kazoo the Clown]

All that fancy stuff is useful in theory, but in reality will pale in comparison with boots on the ground, from both the practical and economic standpoint. A fully automated Big Brother security system sounds impressive, but you still have to keep it working and up to date over time, even if there aren't any exploitable bugs in it.

Techno P. T. Barnums are plentiful, and always ready to collect your money. And in this case, there's a politician looking for an easy answer born every minuite.

Re:

[geekoid]

How does that apply to doing research? clue: it doesn't. Man, you're eagerness to bash[CURRENT PRESIDENT] make you look stupid, short sighted and like a douche bag.

We don't need any more people like that so stop it.

Re:

[Kazoo the Clown]

I didn't talk about the President, I talked about the idea, knee-jerk. And you obviously have no idea how research grants are awarded. P. T. Barnums are pretty synonymous with defense contractors and opportunistic PhDs. It's an expensive solution that we can't afford right now, and is unlikely to produce results that are both useful and constitutional. If the fear is Wikileaks, I'm sorry, but privacy is dead, get over it and stop wasting taxpayer dollars.

Re:

[raddan]

You'll be surprised to discover that a great deal of computer science theory is also useful in practice. Take compiler front-ends, essentially the part that parses your written code. Before the 1970's, nearly all of this was done by hand. Now, using formal language theory, almost all of it can be automated, and recent work in grammars can produce ambiguity-free grammars for C, which is full of all kinds of nasty surprises. This means that C compilers become much simpler, produce better output, and are e

Re:

[Kazoo the Clown]

Except here we're not talking about compiler front ends, we're talking about protecting against information leaks and implementing automated surveillance robots and nanomachines. You have to ask 1) are such systems capable of eliminating whistleblower leaks given the fact we live in a country with free speech protectections, 2) is that an appropriate use of taxpayer dollars, 3) are such surveillance systems cost effective for what they can actually do, and 4) can we afford this sort of thing right now?

I

Re:

[bzipitidoo]

"Kid, take the money and do something good with it" is what I once heard about this problem. That's politics. Politically, security is an easy sell. It may be stupid and misguided. And there will be some unscrupulous characters who will take the money and use it to research something like the "evil bit", and they may even convince themselves they aren't wasting money. But most will do something good, and it will even be related to security. But it does help to have oversight with at least a little bit

Obama provides $66Bn funding for 'Anonymous'

[biodata]

who else does he think is going to build all the new locks? everything's going to plan gentlemen.

Re:

[Narnie]

Do you really expect additional locks to be built? I think the plan is to spend money to add more back doors to the network.

Re:

[GameboyRMH]

Sure you can just cut your labor costs and environmental regulations down to compete with China.

Oh? What's that? You want cheap (tariff-free Chinese) goods, a toxic-sludge-free town and world-leading wages all at the same time? Well I guess you're still IP-dependent then.

Down the drain

[sandslash]

Just means more money to scam artists like HBGary. Bye bye tax dollars!

Re:

[GameboyRMH]

No, lowsy coders.

Nitpicking... Obama cabinet wants....

[BlueCoder]

Obama is hardly a nerd that cares directly about these things... he's just listening to his cabinet.

Re:

[raddan]

I'm satisfied with having a president who listens to other people, and not just his "gut."

Anyone got his cell phone number?

[Bardwick]

Give him a call or shoot him a text, let him know we're broke.. Thanks.

budget

[rodneylee]

Make them earn there budget, print more dept is no solution

The answer to beating cheap labor in China...

[tarlss]

Is robots.