Computer-board report teaches urgent lessons on cybersecurity

WASHINGTON, April 8 (UPI) -- In 2007 a U.S. Computer Science and Telecommunications Board research report titled "Toward A Safer and More Secure Cyberspace" concluded that the U.S. research and development program to ensure national cybersecurity was still wholly inadequate.

"Both traditional and unorthodox approaches will be necessary," the report warned. "Traditional research is problem-specific, and there are many cybersecurity problems for which good solutions are not known. ... Research is and will be needed to address these problems."

However, it continued, "Problem-by-problem solutions, or even problem-class by problem-class solutions, are highly unlikely to be sufficient to close the gap by themselves.

"Unorthodox, clean-slate approaches will also be needed to deal with what might be called a structural problem in cybersecurity research now, and these approaches will entail the development of new ideas and new points of view that revisit the basic foundations and implicit assumptions of security research," the Computer Science and Telecommunications Board research report said.

"Addressing both of these reasons for the lack of security in cyberspace is important, but it is the second -- closing the knowledge gap -- that is the primary goal of cybersecurity research," it concluded.

The Computer Science and Telecommunications Board report goes on to lay out an appropriate research agenda including such issues as deterring would-be attackers and managing the degradation and reconstitution of systems in the face of concerted attacks.

A further step in implementing any truly effective national cybersecurity strategy for the United States must be to "get safe."

Encouraging innovation is perhaps the quickest and most effective way to promote public-private engagement and build a national ability to mitigate and respond to cyber threats. Providing liability protection is one proven means of promoting private-sector innovation.

Since the terrorist attacks of Sept. 11, 2001, the U.S. Congress has acted decisively and to good effect in one area of liability protection: The Support Anti-Terrorism by Fostering Effective Technologies Act lowered the liability risks of manufacturers that provide products and services used in combating terrorism.

The act, passed in 2002 and known as the SAFETY Act, protects the incentive to produce products that the secretary of homeland security designates as Qualified Anti-Terrorism Technologies. The Department of Homeland Security has made a concerted effort to implement the program, and about 200 companies have obtained SAFETY Act certification.

--

Part 11: How the 2002 SAFETY Act should be further used

--

(James Jay Carafano, Ph.D., is assistant director of the Kathryn and Shelby Cullom Davis Institute for International Studies and senior research fellow for national security and homeland security in the Douglas and Sarah Allison Center for Foreign Policy Studies, a division of the Davis Institute, at the Heritage Foundation. Eric Sayers is a research assistant in the Allison Center for Foreign Policy Studies at the Heritage Foundation.)

--

(United Press International's "Outside View" commentaries are written by outside contributors who specialize in a variety of important issues. The views expressed do not necessarily reflect those of United Press International. In the interests of creating an open forum, original submissions are invited.)