Skip to Highlights
Highlights

Research and development (R&D) of cyber security technology is essential to creating a broader range of choices and more robust tools for building secure, networked computer systems in the federal government and in the private sector. The National Strategy to Secure Cyberspace identifies national priorities to secure cyberspace, including a federal R&D agenda. GAO was asked to identify the (1) federal entities involved in cyber security R&D; (2) actions taken to improve oversight and coordination of federal cyber security R&D, including developing a federal research agenda; and (3) methods used for technology transfer at agencies with significant activities in this area. To do this, GAO examined relevant laws, policies, budget documents, plans, and reports.

Skip to Recommendations

Recommendations

Recommendations for Executive Action

Agency Affected Recommendation Status
Office of Science and Technology Policy To strengthen cyber security research and development programs, the Director of the Office of Science and Technology Policy should establish firm timelines for the completion of the federal cyber security R&D agenda that includes near-term, mid-term, and long-term research. Such an agenda should include (1) timelines and milestones for conducting research and development activities; (2) goals and measures for evaluating research and development activities; (3) assignment of responsibility for implementation, including the accomplishment of the focus areas and suggested research priorities; and (4) the alignment of funding priorities with technical priorities.
Closed - Not Implemented
As stated in a recent GAO report on cybersecurity R&D challenges (GAO-10-466), OSTP has not yet created a prioritized national or federal R&D agenda. As such, we recommended that OSTP establish a comprehensive national R&D agenda that, among other things, contains priorities for short-term, mid-term, and long-term complex cybersecurity R&D.
Office of Management and Budget The Director of the Office of Management and Budget should issue guidance to agencies on reporting information about federally funded cyber security R&D projects to the governmentwide repositories.
Closed - Not Implemented
OMB has not implemented this recommendation. Specifically, in 2008, the RaDiUS database, which was intended to be the primary repository for tracking research and development projects, was decommissioned. According to a senior official at NSF, the data in RaDiUS were incomplete, users had difficulty using it, and the database was built with antiquated technology. In August 2010, OMB officials stated that they are currently evaluating several repositories to replace RaDiUS as a centralized database to house all government-funded R&D programs, including cybersecurity R&D. Officials anticipate selecting a repository by January 2011.

Full Report

GAO Contacts