Sign In

Communications of the ACM

Inside risks

The Need For a National Cybersecurity R&D Agenda

President Barack Obama and Cyber Security Chief Howard A. Schmidt

President Barack Obama greets White House Cyber Security Chief Howard A. Schmidt, who was appointed in December 2009.

Official White House Photo by Lawrence Jackson

Government-funded initiatives, in cooperation with private-sector partners in key technology areas, are fundamental to cybersecurity technical transformation.

The full text of this article is premium content


Nicolas Rouquette

Shifting the role of government-funded R&D from military defense to cyber-security represents for me a significant improvement towards stimulating economic activity on constructive and intellectually challenging endeavors. However, the roadmap for cyber-security raises a basic question: do education and public-private partnerships constitute a sufficient quorum of strategic partnerships?

The roadmap focuses on two extremes of an evolutionary scale of ideas from education (where we learn the basics of innovative thought) to public-private partnerships (where public funding fuels the transition from innovative ideas into leap-ahead technologies). In this context, where will the metrics mentioned in the roadmap for evaluating these ideas and new technologies come from? To define clear and robust metrics, we need good standards with solid foundations. Where do these high-quality standards come from?

Good standards are great but it is very difficult to obtain resources to fund the development and improvement of high-quality standards, even if they are very important in academia, industry and government. For example, the Unified Modeling Language (UML) is the poster child of a successful specification at the Object Management Group (OMG, where it was developed and is currently maintained. Despite being implemented by dozens of commercial tool vendors, taught in hundreds of schools around the world and used by thousands of engineers around the world, it is nonetheless very difficult to secure enough resources to fix known technical issues with the UML specification. This resource limitation problem isnt unique to the UML at the OMG. If anything the same resource limitation issue affects the specifications from the W3C ( even though W3C specifications are even more widely used than those of the OMG. At the other end of the scale, even if we come up with good technical standards and specifications to support a thriving cyber-security R&D program, who will incorporate these evolving standards and specifications into education curricula? Who will train students and professionals on using these specifications and standards properly for evaluating cyber-security ideas, technologies and products? If anything, the gap between high-tech industry and fresh-thinking academia partners is too wide to bridge with just a government-funded R&D program. Partnering with strategic standards organizations like the OMG and W3C can bridge this gap in a way that builds upon existing relationships that academia, industry and government have with standards organizations.

Displaying 1 comment

Log in to Read the Full Article

Sign In

Sign in using your ACM Web Account username and password to access premium content if you are an ACM member, Communications subscriber or Digital Library subscriber.

Need Access?

Please select one of the options below for access to premium content and features.

Create a Web Account

If you are already an ACM member, Communications subscriber, or Digital Library subscriber, please set up a web account to access premium content on this site.

Join the ACM

Become a member to take full advantage of ACM's outstanding computing information resources, networking opportunities, and other benefits.

Subscribe to Communications of the ACM Magazine

Get full access to 50+ years of CACM content and receive the print version of the magazine monthly.

Purchase the Article

Non-members can purchase this article or a copy of the magazine in which it appears.