Committee OK's funding for cybersecurity R&D, including Internet standards and assessing methods

As reported last week, the House Homeland Security Committee has passed a $2.7 billion appropriations bill, H.R. 4842 Homeland Security Science and Technology Authorization Act of 2010. The bill allocates $150 million over two years to the Department of Homeland Security's Science and Technology Directorate.

Section 4.04 provides for funding of activities to “advance the development and accelerate the deployment of more secure versions of fundamental Internet protocols and architectures, including for the domain name system and routing protocols.” This work will be undertaken by the Directorate in coordination with “the National Science Foundation, the Defense Advanced Research Projects Agency, the Information Assurance Directorate of the National Security Agency, the National Institute of Standards and Technology, the Department of Commerce, and other appropriate working groups established by the President”.

To date, spending by the Directorate on DNSSEC and secure routing efforts (e.g., RPKI, sBGP) has been about $5-6M per year, with most of this going to organizations (e.g., Shinkuro, SPARTA) whose employees participate heavily in Internet governance institutions like IETF, ICANN, and ARIN. The Directorate expects funding in this area to increase slightly for these efforts.

Another interesting part of the bill (Section 4.05) calls on the National Research Council to undertake a study “to assess methods that might be used to promote market mechanisms that further cybersecurity,” including examining “mandated reporting of security breaches that could threaten critical societal functions,” regulation of best practices for operators of critical infrastructure, and certification from standards bodies about conformance to relevant cybersecurity standards. Ideally the study design will put emphasis on understanding how these methods impact global Internet governance.

As we've seen lately, efforts to incorporate a domestic cybersecurity agenda into a private, global governance regime without accounting for political economy can backfire miserably. ICANN cited the 2009 DHS IT Sector Baseline Risk Assessment in its recent strategic initiatives document and in building its business case for a Global DNS-CERT, an effort which was immediately met with strong resistance from the Internet community outside the United States. A study that explicitly accounts for the transnational character of the Internet and recognizes how governments' competing national interests (e.g., around standardization, privacy, national security) can threaten it will go a long way toward making the Internet more secure and keeping it global.

One comment

  1. Anonymous

    That must have Cerf, Klensin, Crocker & Crocker working overtime to secure.