The US government is carrying out its war on terrorism on many fronts. One of the latest initiatives is the Bush administration’s Cyber Security Research and Development Act, which earmarks $900 million for IT security research. Datamonitor’s Ian Williams investigates what the money will do for the online community – and for the IT security industry.
While many are gearing up for a war with Iraq and the fight against anti-western terrorists continues unabated, the US government’s emphasis seemed to shift at the end of November to the murky world of cyber-terrorism.
The Bush administration, which has already highlighted its commitment to ensure the safety of America’s IT infrastructure as well as its people and property, passed the Cyber Security Research and Development Act (CSRDA) designed to further research into IT Security technologies and procedures in order to develop better methods of dealing with cyber incidents.
Nine hundred million dollars…
The Act puts aside $900 million of Federal funds over the next five years as part of the Homeland Security initiative to leave the US better prepared for terrorist attacks of all kinds in the future. With the growing trend around the world for attacks by political and religious action groups by electronic means, the US is signaling with this act that it takes the threat to its critical infrastructure seriously.
One of the key problems for the IT community has always been a relative lack of skilled professionals with the appropriate knowledge to deal with the threats and to help develop new ways of averting the danger. As such, much of the money allocated is designed to encourage research in these fields.
Approximately $230 million is being put aside for research grants for non-profit organizations or universities. The funds are specifically designed to encourage research in areas such as authentication, cryptography, intrusion detection, vulnerability assessment and threat analysis. Other areas of concern include forensics, wireless security, anti-piracy measures, forensics and privacy.
The inclusion of the last measure is perhaps the most intriguing, given that the US has been a bit of a backwater where data protection legislation is concerned – at least compared to the EU member states. Indeed, many would argue that privacy, particularly on the Internet, would be the first casualty of any anti-cyber-terrorist offensive.
The remaining money is also aimed at improving knowledge within the US with regard to IT security, with $96 million set-aside for undergraduate and masters degrees, $275 million for post-doctoral courses and $144 million for the creation of Network Security Research Centers, designed to carry out dedicated IT security research.
The initiatives are part of a concerted effort by the American government to protect an economy that has become increasingly reliant on its IT infrastructure. In 1997 the US Department of Defense carried out an information warfare exercise designed to determine how prepared the US is for attacks of this nature. The results revealed that there was a lack of preparation for a coordinated cyber and physical attack on critical military and civilian infrastructure.
…but it’s mixed news for vendors
It’s hard to deny that for the overall IT community, the thought of greater security is encouraging. While the news is in part welcoming for the IT security industry, it may create a bit of a problem for existing firms.
While IT security players will no doubt benefit from the influx of skilled engineers, they will also see their tax dollars nurturing competitors of the future. Many, for example, have had to allocate vast R&D resources to the development of their current products as well as acquiring smaller firms with interesting or pioneering technologies.
Now they may see firms emerge that have not had to face the same financial burden – and that can offer their products at a reduced price because they will not have to factor in return on investment for research and development into their business plans. Some foreign governments may therefore view the move as protectionist, because it will make it more difficult for foreign firms who have not had the same degree of financial support to compete on a cost basis.
Of course, in the end, and particularly with much of the Internet infrastructure in US hands, it is comforting to see so much money allocated to protecting these resources. The initiative should eventually help reduce the possibility of any concerted IT security attack succeeding, which would be to the benefit of all western economies.
If you found this article useful, you may also be interested in Datamonitor’s report Global Network Security Markets: 3rd Edition. The report contains market sizing, key drivers & inhibitors and opinions on the likely developments in the key product and services markets, throughout the Americas, EMEA and Asia-Pacific.