ACM
ACM and CRA Sponsor
Cyber Security Policy Event
Congress to Approve
Funding for Computing Research and Education
OMB Issues New
Privacy Guidelines
FBI Plans to
Open Five New Computer Crime Labs
NIST Seeks Comment on New
Security Controls and Secure Hash Standard
New Congressional
Research Services Report on E-Voting
Nanotechnology
R&D Authorization Enacted into Law
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
ACM and CRA Sponsor
Cyber Security Policy Event
On November 20, ACM and the Computing Research Association (CRA) sponsored a cyber security research policy event on Capitol Hill for key Congressional staff and agency officials from the White House Office of Science and Technology Policy and the Department of Homeland Security, among others. During the event, computing leaders from industry and academia identified four major research challenges to insuring effective cyber security that fall outside the current research portfolio of most public and private organizations.
The ideas presented stem from the CRA’s “Grand Research Challenges in Information Security and Assurance Conference” and include: eliminating epidemic-style attacks (viruses, worms, email spam) within 10 years; developing tools and principles that allow construction of highly trustworthy large-scale systems for important societal applications such as medical records systems; developing quantitative information-systems risk management that is at least as good as quantitative financial risk management within the next decade; and, giving end-users security controls they can understand and privacy they can control for the dynamic, pervasive computing environments of the future.
“These challenges may seem obvious, but they include complex underlying problems that will not be easy to achieve,” noted Dr. Eugene H. Spafford, Chair of the Grand Research Challenges Conference. “Continuing advances in information technology, coupled with increasingly pervasive deployment offer significant change for our society, and we hope those changes are beneficial,” he added, “but we believe current approaches to building trustworthy computing may not provide the necessary capabilities.” Dr. Spafford, a member of CRA’s Board of Directors and Co-Chair of USACM (ACM’s Public Policy Committee) concluded that addressing these challenges would lead to advances in a variety of areas that will shape the future in a positive way. “These challenges are worth a sustained commitment of resources and effort,” he said.
In addition to Dr. Spafford, who is Executive Director of the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University, the panel included: USACM member Dr. Annie Antón, Founder and Director, thePrivacyPlace.org, Associate Professor, North Carolina State University; Dr. Dan Geer, Independent Security Consultant; USACM member Dr. Susan Landau, Senior Staff Engineer, Sun Microsystems; and Mr. John Richardson, Government Technical Liaison Director, Intel Corporation.
To review slides from the policy event and an archived web cast (when available), see CRA’s Grand Research Challenges Conference web site at:
http://www.cra.org/Activities/grand.challenges/security/home.html
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
Congress to Approve
Funding for Computing Research and Education
Congressional negotiators have reached agreement on FY 2004 appropriations for information technology research and development (IT R&D) and the National Science Foundation (NSF). Under the agreement, NSF's budget is slated to grow to $5.57 billion in FY 2004, an increase of $268 million over FY 2003, or 5 percent.
Under its allotment, the Computer and Information Science and Engineering (CISE) directorate of NSF will grow to $606 million for FY 2004, an increase of $24 million over FY 2003, or just over 4 percent. The increase includes $225 million for NSF's Information Technology Research program (ITR) and "not less than $20 million" for the agency's cyberinfrastructure initiatives in FY 2004. NSF's education initiatives, including the President's Math and Science Partnerships, the Noyce Scholarship Program, and the Science, Technology, Engineering and Mathematics Talent Expansion (STEP, or Tech Talent) program, will also receive slight increases.
For a broad overview of the Congressional FY2004 appropriations agreement, see:
http://appropriations.house.gov/
To review NSF's FY2004 guide to programs and grants, see:
http://www.nsf.gov/od/lpa/news/publicat/nsf04009/start.htm
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
OMB Issues New
Privacy Guidelines
The White House Office of Management and Budget (OMB) has ordered government agencies to create uniform privacy guidelines for e-government services provided to the public. Under the new rules, all visitors to Federal web sites will receive notice of their privacy rights and information on how to give consent to the use of personal data that they might provide during e-government exchanges. In addition, Federal e-sites also must disclose to users what type and for what purpose the information was collected.
Among the new changes are requirements that federal agencies conduct "privacy-impact assessments" before implementing information technology systems that utilize or retain personally identifiable information. The memorandum directs all agencies to submit an annual report to OMB on electronic privacy initiatives and to update their privacy impact assessments whenever new risks emerge.
To see the OMB memorandum on E-Government Privacy, see:
http://www.whitehouse.gov/omb/memoranda/m03-22.html
To review USACM Comments to OMB, see:
http://www.acm.org/usacm/Letters/OMB_Privacy.htm
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
FBI Plans to Open Five New Computer Crime Labs
By the end of 2004,
the FBI hopes to have five new state of the art Regional Computer Forensic
Laboratories (RCFLs) in operation. The locations of
the new laboratories will be
The RCFL project is a
collaborative effort between the FBI and other law enforcement agencies
representing federal, state and local governments operating within a specific
geographic area. Each participating agency provides personnel to serve as
examiners, and in exchange, they receive access to Federal resources in the
form of computer forensic examination and advisory services; sophisticated
technical training for their employees; and improved computer forensic
capability for law enforcement purposes.
The role of a computer
crime lab technician is similar to that of other forensic experts who work to
solve crimes through the scientific analysis of evidence. They are responsible for the collection and
examination of digital evidence located at crime scenes, and may offer testimony
in trials.
To review the
Regional Computer Forensic Laboratories Web site, see:
www.nationalrcfl.org
To review the FBI
announcement, see:
http://www.fbi.gov/pressrel/pressrel03/lab100803.htm
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
NIST Seeks Comment on
New Security Controls and Secure Hash Standard
The National Institute of Standards and Technology (NIST) is seeking comment on their recently released public draft of Special Publication 800-53, which will recommend a number of security controls for federal information systems. The draft is based on security categorization definitions found in NIST Federal Information Processing Standards (FIPS) publication 199. This guideline, when completed, will be the NIST interim guidance for information security until 2005. The new guidelines come as a direct result of public law 107-347, also known as the Federal Information Security Management Act (FISMA) of 2002.
Special Publication 800-53 will promote the development of standards and guidelines to support the security categorization of information and information systems; promote the selection of appropriate security controls for information systems, verification of security control effectiveness; and determine information system vulnerabilities and operational authorization for processing of information systems.
NIST is responsible for developing standards and guidelines, including minimum requirements, for providing adequate information security for all civilian agency operations and assets, but these standards and guidelines will not apply to national security systems.
In other NIST news, a change notice for FIPS 180-2, the
Secure Hash Standard, has been issued that will specify an additional hash
function, SHA-224, that is based on SHA-256. NIST
requests comments for the change notice by
To review the NIST’S draft Special Publication, see:
http://csrc.nist.gov/publications/drafts/draft-SP800-53.pdf
To review the notice for comment on the proposed change in the Secure Hash Standard, see:
http://csrc.nist.gov/publications/fips/fips180-2/FIPS180-2_changenotice.pdf
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
New Congressional
Research Services Report on E-Voting
The Congressional Research Service (CRS) of the Library of Congress issued a new report to Congress entitled, "Election Reform and Electronic Voting Systems: Analysis of Security Issues." The report details the types of threats and vulnerabilities that could jeopardize the voting process, as well as the specific complaints broached by security experts. This balanced look at the e-voting issue recognizes that recent analysis demonstrates the existence of security flaws in Direct Recording Electronic voting machines (DRE), which are cause for addition scrutiny and safeguards.
In other related news,
To review the Congressional Research Service's E-Voting Report, see:
http://www.acm.org/usacm/PDF/crsreportE-Voting.pdf
To review USACM’s ongoing efforts on E-Voting, see:
http://www.acm.org/usacm/Issues/EVoting.htm
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
Nanotechnology R&D
Authorization Enacted into Law
Congress and the Bush Administration recently gave final approval to legislation authorizing nearly $4 billion in research and development into nanotechnology over the next four years. The new law calls for the creation of new research centers, education and training programs, and expanded efforts to transfer nanotechnology into the marketplace. To enhance collaboration and leverage investment, the law creates a coordination office. Finally, the law also requires the creation or designation of an advisory committee to provide guidance and prioritization of research initiatives, including research into the societal and ethical consequences of nanotechnology. The President's Council of Advisers on Science and Technology (PCAST) is expected to be designated as the primary adviser to the nanotechnology initiative.
To review a summary of the bill (S.189) that was enacted into law, see:
http://www.house.gov/science/press/108/S189_summary.htm
For additional information on the federal government's nanotechnology research initiatives, see:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
For earlier editions of the ACM Washington Update, see:
http://www.acm.org/usacm/update/. To subscribe to the ACM WASHINGTON UPDATE
send an e-mail to listserv@acm.org with "subscribe WASHINGTON-UPDATE"
(no quotes) in the body of the message.
Should you wish to stop receiving ACM Washington Update or have
questions, comments, or suggestions regarding public policy issues or USACM
activities, please contact the ACM Public Policy Office located in