Research and development (R&D) of cyber security technology is essential to creating a broader range of choices and more robust tools for building secure, networked computer systems in the federal government and in the private sector. The National Strategy to Secure Cyberspace identifies national priorities to secure cyberspace, including a federal R&D agenda. GAO was asked to identify the (1) federal entities involved in cyber security R&D; (2) actions taken to improve oversight and coordination of federal cyber security R&D, including developing a federal research agenda; and (3) methods used for technology transfer at agencies with significant activities in this area. To do this, GAO examined relevant laws, policies, budget documents, plans, and reports.
Recommendations for Executive Action
|Office of Science and Technology Policy||To strengthen cyber security research and development programs, the Director of the Office of Science and Technology Policy should establish firm timelines for the completion of the federal cyber security R&D agenda that includes near-term, mid-term, and long-term research. Such an agenda should include (1) timelines and milestones for conducting research and development activities; (2) goals and measures for evaluating research and development activities; (3) assignment of responsibility for implementation, including the accomplishment of the focus areas and suggested research priorities; and (4) the alignment of funding priorities with technical priorities.|
|Office of Management and Budget||The Director of the Office of Management and Budget should issue guidance to agencies on reporting information about federally funded cyber security R&D projects to the governmentwide repositories.|