Recent legislation calls for improvements in cybersecurity research and development, and the White House has advanced R&D as a top priority for improving cybersecurity, but GAO has cited a need for stronger centralized leadership to drive the effort.
The National Strategy to Secure Cyberspace, a document published by DHS in 2003, recommended that the Office of Science and Technology Policy coordinate the development of an annual cybersecurity research agenda that includes near, mid and long-term goals.
While OSTP has taken initial steps toward developing such an agenda, one does not currently exist that is sufficiently up to date or detailed which any stakeholder can point to and identify as basic guidance.
OSTP, a multiagency coordination body responsible for providing leadership in coordinating cybersecurity R&D, has failed to lead agencies in a strategic direction and until its networking and IT subcommittee exercises its leadership responsibilities, federal agencies will lack overall direction for cybersecurity R&D, according to GAO-10-466.
Legislation currently being considered in the Senate could change the high-level coordination of cybersecurity R&D.
The Protecting Cyberspace as a National Asset Act of 2010, S-3480, would establish a White House Office of Cyberspace Policy to lead all federal cyber security efforts.
The bill amends the Homeland Security Act to direct the under secretary for science and technology, in coordination with the National Center for Cybersecurity and Communications to carry out an R&D program to improve the security of information infrastructure.
It also directs the DHS to establish a National Cybersecurity Advisory Council to advise NCCC.
