Spafford and Lazowska on cybersecurity R&D

There are a couple of interesting cybersecurity items currently worthy of your attention:

* USACM Chair Eugene Spafford makes comments on the Department of Defense’s approach to cybersecurity in a recent Federal Computer Week article:

[…] Spafford said incremental changes will not strengthen existing networks and a whole new approach [to DOD cybersecurity] is needed.

“Unfortunately, the government is not funding much research in cybersecurity and almost none in long-range research,” said Spafford, who is also executive director of Purdue’s Center for Education and Research in Information Assurance and Security […]

* Peter Harsha alerts us to former PITAC co-chair Ed Lazowska’s strong words about the administration’s handling of cybersecurity research and development in an interview with CIO Magazine:

[Worthen:] You feel strongly that the government’s treatment of cybersecurity R&D has been particularly neglectful.

[Lazowska:] PITAC found that the government is currently failing to fulfill this responsibility. (The word failing was edited out of our report, but it was the committee’s finding.)