Scientists view cybersecurity as an intimidating conundrum

Former National Science Foundation executive says technical issues and the enormity of the task make securing the Internet and networks 'the most difficult challenge' for researchers.

The Internet's extensive cybersecurity vulnerabilities are so hard to fix that information technology researchers sometimes avoid studying the topic like they were steering clear of the seamy underbelly of a great metropolitan city, top scientists said on Thursday.

Jeannette M. Wing, who served as assistant director of the computer and information science and engineering directorate at the National Science Foundation from 2007 until recently, was called in by the President's Council of Advisors on Science and Technology to discuss specific areas in the networking and information technology sector that the federal government should be investing research and development funds in.

"I think cybersecurity . . . is the most difficult challenge. And it's not just a societal and political challenge. It's a technical challenge," said Wing, who this summer returned to her post as head of the computer science department at Carnegie Mellon University. "Leadership needs to come from the top since no one sector of government, industry and academia can address this challenge alone."

PCAST, which is composed of the nation's leading scientists and engineers, makes recommendations to the president on policies ranging from flu vaccine production to nanotechnology. The panel is working on a networking and IT research and development study.

Co-chairman Eric S. Lander, who directs the Broad Institute, a joint genetics research initiative of the Massachusetts Institute of Technology and Harvard University, asked Wing which area of computer research and development is the "seamy underbelly," where the path to success is the least clear.

"One thing that we, as a world, need to really think hard about is cybersecurity," Wing replied. "Complicating this coordination is accommodating both the classified and unclassified worlds."

Nowadays, everyone expects there to be ubiquitous wireless Internet access, but such availability comes at a cost to reliability and security breaches could prompt people to stop depending on the Internet for information and services, she added.

"If there are attacks on our security or privacy, then we'll become perhaps more hesitant to use the technology or more fearful that, well, 'Why should I trust company X to protect my data? I don't even know where it is,'" Wing said.

PCAST members observed that, in the past, many advances in networking grew out of Defense Department funding, including the invention of the Internet, but, now, with innovation more prevalent in the private sector, the federal government does not have much of a role in research and development financing.

Craig Mundie, chief research and strategy officer at Microsoft, questioned whether the government is adequately funding computer science research and what purpose the government should serve in fostering IT during the next decade.

"Government-funded research in computing -- from the 1940s, you could say through maybe the 1970s or 1980s -- was a dominant driver in this evolution," he said. "That's no longer really true."

Wing said the federal government should bolster research funding at agencies that traditionally have not been considered test beds for computing, but now are conducting revolutionary work in the domain. The National Institutes of Health "is really starting to pick up the ball in that respect because of the importance of informatics and seeing model simulation in computational biology," she noted. "People are using some pretty hard-core theoretical computer science models and computation for understanding biological processes."

The Energy Department increasingly depends on IT to carry out its mission, she added. President Obama has prioritized moving power distribution to smart grids, which utilize information networks to monitor and reduce energy consumption. "You talk about smart grids, you talk about really optimization algorithms trying to produce, transmit and store energy, much as we might talk about networking," she said.