House Bill Slashes Research Critical To Cybersecurity

dcblogs writes: A U.S. House bill that will set the nation's basic research agenda for the next two years increases funding for computer science, but at the expense of other research areas. The funding bill, sponsored by Rep. Lamar Smith (R-Texas), the chair of the Science, Space and Technology Committee, hikes funding for computer science, but cuts — almost by half — social sciences funding, which includes the study of human behavior. Cybersecurity uses human behavior research because humans are often the weakest security link. Research funding social, behavioral and economic sciences will fall from $272 million to $150 million, a 45% decrease. The bill also takes a big cut out of geosciences research, which includes climate change study, from $1.3 billion to $1.2 billion, an 8% decrease. The insight into human behaviors that comes from the social science research, "is critical to understanding how best to design and implement hardware and software systems that are more secure and easier to use," wrote J. Strother Moore, the Computing Research Association chair and a professor of computer science at the University of Texas.

No cuts are ever possible

[Kohath]

because every area facing cuts is always "critical".

And it's impossible for anyone to make software easy to use without government money to run a study.

Re:No cuts are ever possible

For something that no one in the military actually wants.

That is not true - the Air Force wants it desperately. You know, the same Air Force who gave us the F4 Phantom, which was without a doubt one of the worst aircraft ever built. And it was also to be an aircraft "used by all branches of the armed forces, for all types of missions - air defense, ground attack, close air support, reconnaissance", just like the F35 - which does nothing well, and costs a LOT more per airframe; the are already having to perform retrofits and modifications for little things like:

A 2015 Pentagon report found these issues:

        The Joint Program Office is re-categorizing or failing to count aircraft failures to try to boost maintainability and reliability statistics;
        Testing is continuing to reveal the need for more tests, but the majority of the fixes and for capability deficiencies being discovered are being deferred to later blocks rather than being resolved;
        The F-35 has a significant risk of fire due to extensive fuel tank vulnerability, lightning vulnerability and an OBIGGS system unable to sufficiently reduce fire-sustaining oxygen, despite redesigns;
        Wing drop concerns are still not resolved after six years, and may only be mitigated or solved at the expense of combat maneuverability and stealth;
        The June engine problems are seriously impeding or preventing the completion of key test points, including ensuring that the F-35B delivered to the Marine Corps for IOC meets critical safety requirements; no redesign, schedule, or cost estimate for a long-term fix has been defined yet, thereby further impeding g testing;
        Even in its third iteration, the F-35â(TM)s helmet continues to show high false-alarm rates and computer stability concerns, seriously reducing pilotsâ(TM) situational awareness and endangering their lives in combat;
        The number of Block 2Bâ(TM)s already limited combat capabilities being deferred to later blocks means that the Marine Corpsâ(TM) FY2015 IOC squadron will be even less combat capable than originally planned;
        ALIS software failures continue to impede operation, mission planning, and maintenance of the F-35, forcing the Services to be overly reliant on contractors and âoeunacceptable workaroundsâ;
        Deficiencies in Block 2B software, and deferring those capabilities to later blocks, is undermining combat suitability for all three variants of the F-35;
        The programâ(TM)s attempts to save money now by reducing test points and deferring crucial combat capabilities will result in costly retrofits and fixes later down the line, creating a future unaffordable bow wave that, based on F-22 experience, will add at least an additional $67 billion in acquisition costs; and
        Low availability and reliability of the F-35 is driven by inherent design problems that are only becoming more obvious and difficult to fix.

Three different types of data âoemassagingâ are identified in the DOT&E report: moving failures from one category to another, less important one; ignoring repetitive failures, thus inflating numbers of failure-free hours; and improper scoring of reliability

In conclusion: A piece of shit that should be stopped NOW.

It's hard to credit the behavioural science claim.

[tlambert]

It's hard to credit the behavioural science claim.

Since we already know how to social engineer our way into secure areas, secure building (including nuclear and military facilities), and to get people to give their passwords or reset someone else's password, and even get the police to respond with deadly force to a perceived threat by an otherwise innocent third party (e.g. SWATting), and get them to click on crap they shouldn't click on in emails, and get them to insteall "media player updates" that aren't, anti-mallware that's actually malware, and so on...

How is additional funding for behavioural science in this area going to make us any more secure by making us even more aware of the exploits we already know, such as those being used by Mitnick prior to 1995 to get into the phone company?

We already understand the human behaviour which allows these attacks to work -- and so does Microsoft, and they're not really spending any effort fixing their software over this knowledge.

So how *exactly* will additional spending in this area impact cybersecurity again? Will it make anyone less likely to believe someone pretending to be from the IT department? Will it make someone less likely to let you on the premises when you pretend you want to talk to the property manager "or someone else in charge" about purchasing land adjacent to an otherwise secure facility?

I kind of don't think so.

But... BOOGA! BOOGA! Cybersecurity! Cyberwarfare! Fund us, fund us!

Is this submission for real?!

[felrom]

It's quite the logical leap to go from

cuts — almost by half — social sciences funding

to

House Bill Slashes Research Critical To Cybersecurity

only based on the vague claim that

Cybersecurity uses human behavior research because humans are often the weakest security link.

The submitter had to really stretch things to get enough almost-tech-related and republican-hating to have his story accepted.

A sad day on Slashdot

[zapadnik]

It is a sad day on Slashdot when there is wailing and gnashing of teeth by (alleged) Slashdotters when funding for Computer Science is INCREASED and funding for pseudo-science is decreased to cover the boost for Computer Science.

A sad, sad day indeed.

Re:well, why wouldn't they?

[peragrin]

So why increase military spending?

450 billion for a plane that isn't yet flying gets an increase yet you bitch and moan over 1 billion. Talk about pinching pennies to waste hundreds.