Obama Wants Big Hike In Cybersecurity Research

dcblogs writes "The White House 2012 budget seeks a 35% increase to $548 million in cybersecurity research and development, including funds to help DARPA mitigate the risk of insider threats. Think WikiLeaks. Improving control system security, post Stuxnet, was also cited as priority. Overall, the budget seeks $66.1 billion for basic and applied research across all areas, an 11.6% increase. Some areas called out for special focus by the White House include robotics. The feds have already started offering grants for developing of 'co-robots,' which are 'systems that can safely co-exist in close proximity to or in physical contact with humans in the pursuit of mundane, dangerous, precise or expensive tasks.' The US also wants to focus research on nanomanufacturing, 'and the merging of self-assembly with lithography to achieve large-scale predictable placement of nanoscale components.'"

Or...

[Codex_of_Wisdom]

Instead of increasing defense funding, how about we stop making people mad enough to attack us? That way, we can spend our money on more important things.

Re:Or...

There will always be people who are mad and/or insane enough to attack us.

The key is to realize that we could defend our country just fine on half of the budget.

Re:Or...

[TheSpoom]

Unfortunately you'll find neither major party willing to say that because they're all in the pocket of defense contractors.

Like most things, third parties and independents are the answer, but the major parties have convinced Americans that they're helpless.

Re:Or...

It is not about our military actions, it is about us not being islamic.

Re:Or...

The key is to realize that there's a difference between "defending America" and "defending American interests all over the world".

Defending the American homeland is uncontroversial. Not even Osama Bin Laden himself would have any issue with that. What causes strife is when this is extended to mean "defending America's supplies of foreign goods, especially oil". That is what makes the US military so overstretched, and so astonishingly expensive.

Re:Or...

[99BottlesOfBeerInMyF]

The key is to realize that we could defend our country just fine on half of the budget.

Unfortunately you'll find neither major party willing to say that because they're all in the pocket of defense contractors. Like most things, third parties and independents are the answer...

Ahh, but how does a third party get elected or how do we change the positions of the big parties to fix the problem? Personally I think the answer is lobbing reform. That should be the swing issue tackled, rather than the level of government spending. Allow me to explain.

Most Americans when polled can't agree on programs where money should be cut that will significantly reduce spending. You'll have a hard time finding any significant area of spending where 50% of citizens want cuts. At the same time polls show something like 80% of Americans in favor of banning lobbying by corporations, more than 90% in favor of banning lobbying by foreign governments. There's even popular support for making it illegally for lobbyists to so much as organize fundraisers. And yet nothing is done. This is because our current elected officials pretty much universally benefit from current laws.

There is popular support to back a reform candidate, third party, or subset of a major party that focuses on the issue of government corruption, and the influence of lobbyists. People get mad about lobbying and corruption and they are right to do so. This just needs to be harnessed to get people elected on promises of doing something about it. If the tea party, for example, focused on that topic they'd be getting a lot more support from the other end of the political spectrum, of course since the tea party is largely run, promoted, and marketed by lobbyists this is unlikely. Still, a real grassroots campaign could be run.

Rather than supporting third parties and hoping they'll help, why not focus on why all congress critters are in the pockets of defense contractors in the first place. It's because the lobbyists of those defense contractors get them elected by supporting their party's coffers, organizing fundraisers, and sometimes directly running media campaigns. The public doesn't want that and making it an issue can get those people to stop relying upon those lobbyists or get them replaced by others not suckling at their teat. A solid strategy is better than throwing your vote behind a losing candidate as a protest. The focus should be on lobbying reform and let the chips fall where they may.

Re:Or...

[interkin3tic]

I don't see why this is modded flamebait. It's naive to think that, but naive =/= flamebait necessarily.

Does anyone here actually think everything the US does that annoys people with computers is necessary? I mean, former ambassador John Bolton runs around yelling on Fox that we should bomb Iran pretty much every day. If Iran were -reasonable- they'd think about putting child porn on his computer. It certainly doesn't discourage them from funding cyberwarfare against the rest of us.

I think if our government were to take a reasonable response to Wikileaks rather than trying to burn Asange at the stake, Anonymous might be ever-so-slightly less inclined to do some damage to government networks.

There will always be people attacking the US as long as there is a US, sure, but we do encourage a lot of it, and we could ruffle fewer feathers definitely.

Re:Or...

[Attila+Dimedici]

So, you think we should make it illegal for people to pool their money and hire someone to spend fulltime keeping track of what Congress is doing and then report back to the group. Additionally, this person will take the opinions of the group and communicate them to various members of Congress, so that the members of Congress will know what those of their constituents who are members of this group think of various laws bills being considered by Congress.
Of course, that would require a Constitutional Amendment since the Constitution says: "Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances."
While you can interpret it differently, everything lobbyists do can be interpreted as petitioning the Government for redress of grievances. And everything that you can do to petition the Government for redress of grievances can be interpreted as lobbying.

Re:Or...

[Thing+1]

This is because our current elected officials pretty much universally benefit from current laws.

I'm sure, given six lines from any of our current elected officials, ...

Re:Or...

[mbstone]

Yes, but it's impossible to determine in advance which half.

(Props to William Wrigley, Jr.).

Re:Or...

[99BottlesOfBeerInMyF]

So, you think we should make it illegal for people to pool their money and hire someone to spend fulltime keeping track of what Congress is doing and then report back to the group.

Nope, just illegal for the group to incorporate then give money to election funds or run politically themed ads.

Additionally, this person will take the opinions of the group and communicate them to various members of Congress, so that the members of Congress will know what those of their constituents who are members of this group think of various laws bills being considered by Congress.

And I personally have no problem with privately funded special interest groups, provided those groups don't provide government employees with bribes in the form of free travel accommodations, meals, etc.

Of course, that would require a Constitutional Amendment...

While I'm thinking of a different set of restrictions than you seem to be, likely there would need to be a constitutional amendment. Currently the Supreme Court precedent interprets the 14th amendment as granting corporations the same rights as citizens despite, them not having the same responsibilities and limitations. I think this is idiotic as corporations are government created entities and the government is supposed to be serving the common good.

In order to resolve this conflict, we'd probably need a constitutional amendment specifically stating that corporations are not citizens and while the individual shareholders have rights, when the corporation acts it cannot exercise the rights on behalf of those shareholders. And it should not be able to because those shareholders are not held responsible for it's acts. (For example, when a corporation profits by an act that kills people, the shareholders benefit but don't go to prison.) This amendment could further forbid corporations (and foreign governments and organizations for that matter) from interfering with the politics of the United States by donating money to campaign funds, running political ads, organizing fundraisers, donating money to political nonprofits, etc. The individual shareholders would be free to do this, just not with corporate funds or organized by the corporation. This prevents any conflict with the first amendment.

While you can interpret it differently, everything lobbyists do can be interpreted as petitioning the Government for redress of grievances. And everything that you can do to petition the Government for redress of grievances can be interpreted as lobbying.

True, but the government is starting new programs that spend billions of dollars buying unneeded junk from me and my personal financial resources are not going to get someone elected who will then turn around and award me more fat contracts. I'm also a US citizen. I'm not a business, legal entity, foreign power, or multinational conglomerate. The problem we have with lobbying is that it is undermining the democratic system by shifting power into the hands of multinational corporations, national corporations, foreign governments, and basically anything that is not a US citizen or nonprofit group of US citizens. I have no problem with individuals or nonprofits (not funded by corporations) lobbying the government. The idea is to remove the for profit influence in our political process.

The O.P. was opining that politicians spend money needlessly because they are "in the pockets" of defense contractors. That seems to be true. So why not ban those defense contractors from funding politics thus making sure there is no legal way for them to give large sums to a politician. Then, what motivation to politicians have to waste money giving it to contractors? A huge motivation for pork goes away and we can reduce the budget by actually removing waste (unlike the million promises to reduce waste that never happen because politicians are still very strongly motivated to keep that waste, because it is getting them elected).

Re:Or...

[99BottlesOfBeerInMyF]

Ahh, but how does a third party get elected or how do we change the positions of the big parties to fix the problem?

Reform the electoral system, for one thing.

Ahh, but that's a chicken and egg problem. If we reformed the electoral process we'd be able to elect more third parties, but why would the current politicians vote for it? Most individuals don't care about or understand more modern electoral systems and you can bet your ass about 50% of the population would immediately brand it as "foreign socialist fancy math voting" and thereby inferior to what the US is doing (which they probably don't even know).

The next biggest step to a third party getting elected (PROBABLY) is for you and I to vote for them and trust our fellow citizens will vote for who they think is best.

Been there, done that... for decades. It isn't working.

The point of my post was to bring up a topic Americans do strongly care about and agree upon and which can result in real improvement o our society, partly by bringing in third party candidates as a wedge issue and partly by forcing the existing parties to change and act on behalf of the populace by doing the will of the people. I'm strongly in favor of electoral reform, but it doesn't meet those needs. You are unlikely to win significant seats in congress railing to the populace about electoral reform. Telling them about corruption and the influence of corporate and foreign lobbyists, however, will get you the agreement of almost everyone and when you propose specific solutions to your opposition they have to either agree with them, refuse to comment (where you can point out their deception and lack of will), or oppose you thereby pissing off almost all the voters.

We need candidates that engage audiences, rather than ones who give canned answers, like a sports superstar in the locker room. We need actual representatives, not agents of representative bodies.

True, but engaging the constituency on specific topics they care about and actually representing their interests on this specific topic is a lot more likely to yield real results, because it is a topic people care about and agree on and where they aren't being represented. This differentiates it from spending cuts or electoral reform, where we just wish the populace were informed and intelligent and motivated enough to care and have a good consensus.

At least *someone* is laying cards on the table...

[mlts]

Partisianism aside, this is a good thing. Security initiatives are not going to be coming from the business sector because security has no ROI [1]. So, the only real origin of more robust tools to keep the blackhats out are going to have to come from governments.

Of course, my fear is that this security initiative (meant to keep data safe from being exposed, or worse, tampered with), may turn into funding for nastier DRM. Mainly because DRM does seem to have a ROI attached to it while security in general doesn't.

[1]: Of course, security saves money, but to a PHB, they don't really know or care that expanded security means that trade secrets keeping a competitive edge are safe. Couple this with the attitude of a lot of SMBs that "gee, if I get hacked, I can call Geek Squad 24/7 and they can fend off the hackers", and it is just shameful for a lot of the private sector. Not all, there are a few companies who actually keep their flies zipped up, but unless a regulation forces a company to keep data secure, it just won't be done.

yay more work for me!

ka-ching

DARPA money through Mudge

[fwice]

Note that a large portion of the money for DARPA is going to cybersecurity research with Mudge of the L0pht as the DARPA Program Manager.

[1] http://www.pcworld.com/businesscenter/article/219725/government_employs_hackers_in_brave_new_scheme.html
[2] http://www.wired.com/dangerroom/2010/08/darpas-star-hacker-looks-to-wikileak-proof-the-pentagon/
[3] http://www.foxnews.com/scitech/2011/02/07/internet-creators-ask-hackers-help/

Re:At least *someone* is laying cards on the table

[c0lo]

[1]: Of course, good security saves money,

FTFY. Two examples why this is important:
1. how much security the TSA scanners bring? how much do they cost?
2. a very recent case showed a group of 3 companies trying to get a contact for 6 months at 2 mils/month. Turned out that one of them wasn't even able to secure its digital assets.

I admit, I didn't say what good security mean. Well, that's let as homework.. for extra points, see how much of what Obama wants is indeed good security.

Cyberwhat?

What's with the 'cyber' prefix anyway? It doesn't mean anything.

Re:Cyberwhat?

[Fluffeh]

What's with the 'cyber' prefix anyway? It doesn't mean anything.

Yes, it means that you can double your fee for the cyberfix.

1> Security Issue: $10 Million to fix.
2> Cyber Security Issue: $20 Million to fix.

Think back ten to fifteen years - Anyone with "dotcom" development experience could double or triple their salary by including that on their resume. Same person, no difference, but it makes the dollars involved higher.

Re:Cyberwhat?

[spun]

Cyber is the longer, more old fashioned way of saying e- or i-. We use to call it cyberwarfare, now we don't have time for that, and so we call it iWar.

Re:Cyberwhat?

[countertrolling]

Yeah it does. It means 'cool computer/robot shit'

Re:Cyberwhat?

[Troll-Under-D'Bridge]

I think originally the prefix cyber- was related to the sci-fi notion of a cyborg, basically a human fused with a machine, until it was hijacked by a certain cyberpunk writer and converted into cyberspace, an emptiness vaster than interstellar space. For "most people", cyber- is synonymous with anything that can be done with an Internet connection. Ergo, cyber-sex, cyber-war, cyber-bullying, cyber-stalking, etc (with or without the hyphen). Sadly, a cybernaut is someone who explores cyberspace rather than a bionic astronaut.

Cash for 'cyber' is flowing

[AHuxley]

http://www.pcworld.com/businesscenter/article/219725/government_employs_hackers_in_brave_new_scheme.html
"...harness those within the hacking community who typically present research at black or white hat conventions but whose work flies under the radar of DARPA."
"hacker incubators" and made it clear that the DoD would not request commercial rights to any innovations discovered.
" a new type of Windows rootkit that was undetectable and almost impossible to remove." http://crowdleaks.org/hbgary-inc-working-on-secret-rootkit-project-codename-magenta/

Easy.

[istartedi]

If it's really important, don't put it on the Internet. If routing over another physical network is too expensive, encrypt it.

There. Problem solved. All I ask is 10% of what they are planning to spend on this problem. I think that's reasonable. I'll be by the Treasury to pick up my money on Tuesday. I'll be the one in the Bugatti Veyron, which the dealers will happily front me when I explain to them what I've done.

Re:Easy.

[failedlogic]

Your idea sucks because:

1) There is no way a defense contractor or IT company can make any money with this model.
2) It is much better to leave systems insecure and then try to patch it up with super secure OS, Software, Hardware, guard sharks and people to feed the sharks. And some TSA agents to feel you up.
3) You suggestion makes sense.

This is why you probably don't work in Washington DC.

Re:Easy.

[SethThresher]

Exactly, Obama's just trying to raise MORE spending, and dressing it up in a way that's going to make the scared masses cave in and let it happen.

Re:Easy.

[geekoid]

This spending is good. RnD leads to more jobs, more technology and more advances. It always has.

Re:Easy.

[geekoid]

Don't be stupid. That's like securing banks by removing all the roads around it. Now it's secure and useless.

ANd it's a hell of a lot more then files you want kept out of the purview of others. It's stopping people from actually doing damage.

Typical, someone whop has no clue of what's involved thinks he can do it cheaper.

And you have no clue about the whats involved in buying a Veyron either.

Re:Easy.

[istartedi]

Got humor?

Re:Easy.

[Jane+Q.+Public]

How is it good? Increasing the budget by 35% in order to get government departments to do things they are already supposed to be doing?

They're just throwing good money after bad.

Re:Easy.

[dachshund]

If it's really important, don't put it on the Internet.

Exactly --- just like Iran did with their centrifuge controllers.

Re:Easy.

[raddan]

I think you vastly misunderstand security. "Don't put it on the Internet" and "encrypt it" are good rules-of-thumb, but they rely on many assumptions, many of which we only think we understand. For example, P != NP is a fundamental assumption in cryptography, but it is unproven. It appears as if we're probably right, but we do not know for sure. The budget calls for "basic research" in security-- this means that someone who is seeking to understand security from a computational (i.e., mathematical) standpoint can apply. So-- "cybersecurity" doesn't even need to include computers-- it could be a set of general principles for use in any organized system, like the military, or the government, or a company, or e-commerce software. Once you have a good mathematical model for security, you can apply that knowledge generally across many, many fields. You might be looking to develop some principles for preventing leakage of secret information. Ideas like this were developed in the 1970's, but sadly went out of style. We are finding that we need more of this kind of knowledge as it gets easier to leak information.

Re:Easy.

[WindShadow]

When I was doing work requiring clearance (DoD and DoE at various times) there was a lot of stuff to understand about need to know. Having low level clerks see things I would restrict to cabinet level access is stupid, and no new research needed, just applying principles practiced in the 1970s.

Given the chance to design an access system, I would have a "can see" bit map and put characterizing bits (flags, whatever) on each item, so unless someone was cleared for all characteristics of a document or folder, they wouldn't even see that it exists.

I'm skipping some implementation details which are important, this isn't a technical forum, and I know they exist.

Another Star-Wars boondoggle...

[Kazoo+the+Clown]

All that fancy stuff is useful in theory, but in reality will pale in comparison with boots on the ground, from both the practical and economic standpoint. A fully automated Big Brother security system sounds impressive, but you still have to keep it working and up to date over time, even if there aren't any exploitable bugs in it.

Techno P. T. Barnums are plentiful, and always ready to collect your money. And in this case, there's a politician looking for an easy answer born every minuite.

Re:Another Star-Wars boondoggle...

[Kazoo+the+Clown]

I didn't talk about the President, I talked about the idea, knee-jerk. And you obviously have no idea how research grants are awarded. P. T. Barnums are pretty synonymous with defense contractors and opportunistic PhDs. It's an expensive solution that we can't afford right now, and is unlikely to produce results that are both useful and constitutional. If the fear is Wikileaks, I'm sorry, but privacy is dead, get over it and stop wasting taxpayer dollars.

Re:Another Star-Wars boondoggle...

[raddan]

You'll be surprised to discover that a great deal of computer science theory is also useful in practice. Take compiler front-ends, essentially the part that parses your written code. Before the 1970's, nearly all of this was done by hand. Now, using formal language theory, almost all of it can be automated, and recent work in grammars can produce ambiguity-free grammars for C, which is full of all kinds of nasty surprises. This means that C compilers become much simpler, produce better output, and are easier to maintain. Solving these problems is not easy, but when you find solutions, their payoffs are huge. Digital computers themselves are the result of some inspired theoretical thinking that happened in the 1920's and 1930's.

I contend that is is nearly impossible to know what R&D will payoff from a practical and economic standpoint. But we know that it often does.

Re:Another Star-Wars boondoggle...

[Kazoo+the+Clown]

Except here we're not talking about compiler front ends, we're talking about protecting against information leaks and implementing automated surveillance robots and nanomachines. You have to ask 1) are such systems capable of eliminating whistleblower leaks given the fact we live in a country with free speech protectections, 2) is that an appropriate use of taxpayer dollars, 3) are such surveillance systems cost effective for what they can actually do, and 4) can we afford this sort of thing right now?

I'm totally amazed by the Pollyanna attitudes by those who just seem to think that the ends justify the means, and since there are some bad guys out there we have to do everything we can to protect against them. When you look at things like the pass given to Scooter Libby for outing a CIA agent, and giving AT&T amnesty for spying on US citizens, I think you have to ask yourself-- do you trust people like Hillary Clinton, Nancy Pelosi, Joe Biden, Dick Cheney, Sarah Palin, or Orrin Hatch, for example, with the power to arbitrarily listen in on the phone conversations of US citizens without a warrant? Some of which no doubt, would be conversations between running candidates and their party members while planning their election campaigns? Do you trust these folks with micro robots that can be joysticked into your bedroom without a warrant? Ok, so you all seem to hate one side or the other, Obama or Palin or whatever, but only until the idea comes across that we should allow ALL of these bozos to violate law after law in the name of protecting us all against terrorist boogeymen? When did we become such a nation of cowards?

We're talking about spending money that we don't have on technologies that may not even work or can't be used legally in the US (of course, that doesn't stop them as we've seen). Why should my tax money be spent on this kind of scam when instructors at the local schools are being laid off in droves, the elderly's saftey net is being looted, and basic infrastructures are being ignored. And most of you are just going to roll over for it. "La la la, " the government is going to fund more useless security theater (like the TSA), invade your privacy and waste your money, and you just can't wait to get a piece of that through a grant to R&D some new electronic toys for them all.

When I see the sort of total fiscal irresponsibility this government has come to embody, and then someone comes along and says that the government is going to spend $500B on blue-sky security theater? Give me a break. I'm as in favor of science as the next guy, but I'm sorry, this is just not a "Sputnik Moment."

Re:Another Star-Wars boondoggle...

[bzipitidoo]

"Kid, take the money and do something good with it" is what I once heard about this problem. That's politics. Politically, security is an easy sell. It may be stupid and misguided. And there will be some unscrupulous characters who will take the money and use it to research something like the "evil bit", and they may even convince themselves they aren't wasting money. But most will do something good, and it will even be related to security. But it does help to have oversight with at least a little bit of a clue, which was rather lacking in the previous administration.

How about a microkernel based OS like Minix 3, that can be formally verified, is libre software, and actually works, doesn't have a performance penalty built in, and runs useful apps? Would be a big gain for more than security, and need not, perhaps is best not approached from that perspective. Approach this from the direction of making software more reliable. While of course telling the govt sponsors how it's actually all about security.

Most attacks have nothing to do with being mad

[Timmy+D+Programmer]

Most attacks have nothing to do with being mad, Most are organized crime, doing it to make a buck. The next largest subset are simply vandal type hackers doing it to amuse themselves. Very few are politically motivated.

Obama provides $66Bn funding for 'Anonymous'

[biodata]

who else does he think is going to build all the new locks? everything's going to plan gentlemen.

Re:Obama provides $66Bn funding for 'Anonymous'

[Narnie]

Do you really expect additional locks to be built? I think the plan is to spend money to add more back doors to the network.

Down the drain

[sandslash]

Just means more money to scam artists like HBGary. Bye bye tax dollars!

Nitpicking... Obama cabinet wants....

[BlueCoder]

Obama is hardly a nerd that cares directly about these things... he's just listening to his cabinet.

Re:Nitpicking... Obama cabinet wants....

[raddan]

I'm satisfied with having a president who listens to other people, and not just his "gut."

Anyone got his cell phone number?

[Bardwick]

Give him a call or shoot him a text, let him know we're broke.. Thanks.

budget

[rodneylee]

Make them earn there budget, print more dept is no solution

The answer to beating cheap labor in China...

[tarlss]

Is robots.

Re:What's wrong with our priorities?

[GameboyRMH]

Sure you can just cut your labor costs and environmental regulations down to compete with China.

Oh? What's that? You want cheap (tariff-free Chinese) goods, a toxic-sludge-free town and world-leading wages all at the same time? Well I guess you're still IP-dependent then.

Re:why is slashdots comment section so useless

[GameboyRMH]

No, lowsy coders.