The CSIA report analyzes the current state of cyber security R&D, offers funding recommendations and outlines its support for the PITAC- recommended federal priorities for cyber security R&D investment over the next 10 years. In addition, the report highlights the need for a national "vision" for the security, reliability and resiliency of the information infrastructure.

"The crisis in leadership in cyber security R&D will hold long-term implications for the U.S. if it is not addressed soon. The reasons for the recent lapse of the PITAC remain unclear, but its dissolution is a blow to the R&D community. The loss of this independent Committee's expertise and advice reduces the priority level of cyber security R&D, which will continue to dissipate without an advisory body to oversee R&D," said Paul Kurtz, executive director of CSIA. "However, the PITAC recommendations endure despite the Committee's lapse, and it is imperative, now more than ever, to act on them. We have an important opportunity here with the newly designated Assistant Secretary for Cyber Security and Telecommunications coming to the Department of Homeland Security and we hope to work closely with the future holder of this new position to make cyber security R&D a priority."

An increase in funding will not produce better results unless clear, long-term priorities for cyber security R&D are established. The combination of clear priorities and increased funding will create a larger pool of experts to take an in-depth look at security issues that plague networks and develop improved technologies to ensure secure, stable and reliable information networks.

• Creation of a designated entity to coordinate private and government cyber security efforts. One logical choice would be the new Assistant Secretary for Cyber Security and Telecommunications at the Department of Homeland Security.
  
  
• Development of a national vision and long-term plan for the security, reliability and resiliency of the information infrastructure within 10 years.
  
  
• Heightened Congressional involvement in the form of hearings to review the state of federal funding for R&D.
  
  
• Commingling of private and government cyber security R&D funding to create more R&D opportunities and benefit the private sector.

"Research and development can play a major role in helping to address many of the current and emerging cyber security threats if the programs are properly funded and managed," said Dr. Burt Kaliski, vice president of research, RSA Security and chief scientist, RSA Laboratories, who chaired the industry team that advised CSIA on today's report on Research and Development. "Along with the other members of CSIA, RSA Security looks forward to working with the White House, the Department of Homeland Security and other federal agencies, and the U.S. Congress on an overall R&D strategy that ensures the nation's cyber security for the future."

In a 2005 report to the President, PITAC lists 10 priorities that serve as a good example of long-term research goals for the commercial and private sector.

CSIA urges Congress to adopt these priorities and use them to create a 10-year plan for cyber security R&D federal funding in conjunction with the private sector and other relevant research organizations.

• Authentication Technologies
  
  
  
• Secure Fundamental Protocols
  
  
  
• Secure Software Engineering and Software Assurance
  
  
  
• Holistic System Security
  
  
  
• Monitoring and Detection
  
  
  
  
• Mitigation and Recovery Methodologies
  
  
• Cyber Forensics
  
  
  
• Modeling and Testbeds for New Technologies
  
  
  
• Metrics, Benchmarks and Best Practices
  
  
  
• Non-Technology Issues