Simon Szykman, the director of cybersecurity research and development at the department, told members of the President's Information Technology Advisory Committee on Tuesday that "priorities are being reconsidered" for the Homeland Security Advanced Research Projects Agency (HSARPA). He said the agency's $18 million budget for cyber-security research, out of a total $1 billion fiscal 2004 research budget, might be increased.
Szykman said HSARPA's mission is evolving into one similar to that of the military's Defense Advanced Research Projects Agency, with some 20 percent of its budget tagged for long-term research. "Our long-term vision is to address all research areas, not just on the short-term side," he said.
Asked how HSARPA will avoid duplicating DARPA research, Szykman said, "My customer is the nation's critical infrastructure." He also said that while DARPA research is classified, HSARPA will strive to conduct unclassified, short- and long-term research on cyber security.
Szykman emphasized that Homeland Security's cyber-security research is intended solely to serve the needs of the department's cyber-security division and the national communications system within the information and infrastructure protection directorate. "Our broader challenge is to stay within our mandate" of serving specific homeland security needs and "not deal with every cyber-security problem," he said.
While HSARPA is examining traditional security measures to protect and prevent cyber attacks, it also is reviewing the long-term issues of network security, such as the Internet's underlying routing protocols and secure process-control system.
"Many of the security problems we are facing today are a result of not having security designed up front," Szykman said. The department also is working to develop testing metrics for the return on investment in security technologies, he said.
Szykman said HSARPA is looking to coordinate research efforts with other key federal agencies, including the National Security and Technology Council, a working group on protecting critical information infrastructure, and the Information Security Research Council, which examines long-term research goals and projects.
He noted that SRI International has been awarded a $3 million contract to establish a cyber-security R&D center to support the execution of department programs.
"We have a strong management plan and a long-term vision," he said.