House bill slashes research critical to cybersecurity

A U.S. House bill that will set the nation's basic research agenda for the next two years increases funding for computer science, but at the expense of other areas important to cybersecurity.

A U.S. House bill that will set the nation's basic research agenda for the next two years increases funding for computer science, but at the expense of other areas important to cybersecurity.

The funding bill, sponsored by Rep. Lamar Smith (R-Texas), the chair of the Science, Space and Technology Committee, hikes funding for computer science, but cuts - almost by half - social sciences funding, which includes the study of human behavior. Cybersecurity uses human behavior research because humans are often the weakest security link.

The bill, known as the Competes Act, sets National Science Foundation (NSF) funding for the 2016 and 2017 fiscal years, and divides it up by research disciplines. The way it works is this: In the computer and information sciences and engineering area, for instance, the bill increases funding from $922 million to $1.050 billion in 2016, a nearly 14% increase. It stays at that funding level in 2017.

But some of the increase in computer science funding is coming at the expense of social, behavioral and economic sciences. Research funding there will fall from $272 million to $150 million, a 45% decrease. The bill also takes a big cut out of geosciences research, which includes climate change study, from $1.3 billion to $1.2 billion, an 8% decrease.

Smith has been a critical of social science funding, and last year termed a $1 million project at Indiana University dubbed "Truthy" as a misuse of public funds. The research analyzed meme behavior on Twitter, but was characterized by critics as an effort to suppress speech. The researchers denied this and said their work was being politicized.

The funding bill was strongly criticized Tuesday by the Computing Research Association (CRA).

The measure raises NSF funding over two years by 3.4% to $7.6 billion, an amount that "fails to provide for steady and real growth in the federal investment in research," said the CRA, in a letter to lawmakers.

The House committee is working on an authorization, not an appropriation, which means the money isn't assured regardless of the funding level set. All this legislation does is set the ceiling for the appropriations.

The CRA also faulted, specifically, the cutbacks in social, behavioral and economic science research, as well as geosciences.

The insight into human behaviors that comes from the social science research, "is critical to understanding how best to design and implement hardware and software systems that are more secure and easier to use," wrote J. Strother Moore, the CRA chair and a professor of computer science at the University of Texas.

This is true at Carnegie Mellon University, where computer and social scientists have been working as a team on cybersecurity issues, said Lorrie Faith Cranor, a professor of computer science and of engineering and public policy at CMU.

In security and privacy, "there are a lot of important human factor questions," said Cranor. For instance, in trying to prevent phishing attacks -- the term used for messages that appear to be coming from a trusted source -- researchers can write software "to try to detect those emails and delete them automatically. But that's not 100% effective. We also need look at why people are falling for these and what educational mechanism that we can deploy to try to prevent that," she said.

Human failure is a leading reason for all types of problems in technology, and understanding human behavior is very important to improving computer security, said Cranor.

Computer security is a system, and not just any one algorithm, and it involves a lot of components that "are totally dependent on human users doing the right thing," said Cranor.

Join the CSO newsletter!

Error: Please check your email address.

Tags National Science FoundationintrusionCompetesecurityIndiana UniversityCybercrime & Hacking

More about CRAMellonTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Patrick Thibodeau

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts