APA Member Anita D’Amico Testifies on Cyber Security R&D

APA Member Anita D’Amico, Director of the Secure Decisions division of Applied Visions, Inc., a human factors psychologist, gave testimony before the Subcommittee on Research and Science Education of the House Committee on Science and Technology on cyber security research and development on June 10, 2009. This was the first of three scheduled on cyber security—on the recommendation of Science GRO staff.

On June 10, APA Member Anita D’Amico, Director of the Secure Decisions division of Applied Visions, Inc., gave testimony before the Subcommittee on Research and Science Education of the House Committee on Science and Technology on cyber security research and development. D’Amico, a human factors psychologist, had been invited to the hearing—the first of three scheduled on cyber security—on the recommendation of Science GRO staff. Fittingly, the hearing followed on the heels of an Obama administration review of cyber security policy and the President’s announcement that he would implement one of the review’s recommendations by naming a cyber security czar. Although that czar has not yet been named, a sustained July 4th weekend cyber attack reportedly disabled websites at the Treasury Department, Secret Service, Federal Trade Commission and Department of Transportation and will likely step up pressure to fill that post.

Prior to the hearing, D’Amico had been asked to address a number of questions in her prepared remarks, including several about the role of behavioral and social sciences in the development of more secure systems; collaborations between behavioral scientists, computer scientists and engineers; the federal investment in cyber security research; and the private sectors’ involvement in developing that research portfolio.

She was an eloquent spokesperson for the central role psychology must play in the evolution of cyber security and at the outset brought the name of her division - Secure Decisions - to the subcommittee’s attention. “We chose that name to stress the importance of human decisions in cyber security. As a psychologist, I wanted to reflect our goal to help security professionals make better decisions,” D’Amico said. She transitioned to a career in cyber security a decade ago drawing from her research to improve situational awareness in such diverse settings as maritime operations, manned spacecraft and aerial surveillance. Taking an entrepreneurial approach, she recognized opportunities to improve the way cyber defenders collaborate to visualize gaps in security and her research has since been funded by the Departments of Defense, Homeland Security and the Intelligence community.

She noted the need for multidisciplinary education that would include a large role for the social sciences in developing the next generation of cyber security professionals. And while formal information security curricula are being taught, on-the-job training opportunities have become few and far between. D’Amico suggested the need to grow mentorship programs that would foster collaboration between academic institutions and the private sector. Further, she pointed to the need for training in high fidelity simulations to provide a safe but realistic learning environment, as well as a test-bed for new technologies.

As for enabling useful and useable improvements in cyber security, D’Amico lamented that “few results of federally-funded cyber R&D ever make it into real-world operations.” However, she did credit one area of federal funding with stimulating the growth of cyber security research—the Small Business Innovation Research (SBIR) program—because it is a grant mechanism that rewards and actually holds recipients accountable for prototype development and technology transition.

On the final point D’Amico was asked to address, she expressed concern about the lack of private sector input on the federal cyber security R&D portfolio. But that may be changing. In July, the National Academy of Sciences (NAS) held a conference sponsored by the National Science Foundation and the National Institute of Standards and Technology entitled “Usability, Security, and Privacy of Computer Systems: A Workshop.” The goal of the workshop was to examine collaborative research opportunities and potential roles for the federal government, academia, and industry and ways to embed usability considerations in research, design, and development related to security and privacy.

Following the hearing, Dr. D’Amico met with a science staffer and military fellow in Rep. Steve Israel’s (D-NY) office to discuss Fiscal Year 2010 funding for defense research. She urged staffers to recommend restoration of planned cuts to Department of Defense research portfolios in President Obama’s budget, using her own research on cyber security to point out the valuable, mission-related expertise that would be lost if the cuts are sustained by congressional appropriations committees as they mark up funding bills.