[House Hearing, 109 Congress]
[From the U.S. Government Publishing Office]



                         THE FUTURE OF COMPUTER
                      SCIENCE RESEARCH IN THE U.S.

=======================================================================

                                HEARING

                               BEFORE THE

                          COMMITTEE ON SCIENCE
                        HOUSE OF REPRESENTATIVES

                       ONE HUNDRED NINTH CONGRESS

                             FIRST SESSION

                               __________

                              MAY 12, 2005

                               __________

                           Serial No. 109-14

                               __________

            Printed for the use of the Committee on Science


     Available via the World Wide Web: http://www.house.gov/science

                                 ______

                    U.S. GOVERNMENT PRINTING OFFICE
20-999                      WASHINGTON : 2005
_____________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov  Phone: toll free (866) 512-1800; (202) 512ï¿½091800  
Fax: (202) 512ï¿½092250 Mail: Stop SSOP, Washington, DC 20402ï¿½090001

                          COMMITTEE ON SCIENCE

             HON. SHERWOOD L. BOEHLERT, New York, Chairman
RALPH M. HALL, Texas                 BART GORDON, Tennessee
LAMAR S. SMITH, Texas                JERRY F. COSTELLO, Illinois
CURT WELDON, Pennsylvania            EDDIE BERNICE JOHNSON, Texas
DANA ROHRABACHER, California         LYNN C. WOOLSEY, California
KEN CALVERT, California              DARLENE HOOLEY, Oregon
ROSCOE G. BARTLETT, Maryland         MARK UDALL, Colorado
VERNON J. EHLERS, Michigan           DAVID WU, Oregon
GIL GUTKNECHT, Minnesota             MICHAEL M. HONDA, California
FRANK D. LUCAS, Oklahoma             BRAD MILLER, North Carolina
JUDY BIGGERT, Illinois               LINCOLN DAVIS, Tennessee
WAYNE T. GILCHREST, Maryland         RUSS CARNAHAN, Missouri
W. TODD AKIN, Missouri               DANIEL LIPINSKI, Illinois
TIMOTHY V. JOHNSON, Illinois         SHEILA JACKSON LEE, Texas
J. RANDY FORBES, Virginia            BRAD SHERMAN, California
JO BONNER, Alabama                   BRIAN BAIRD, Washington
TOM FEENEY, Florida                  JIM MATHESON, Utah
BOB INGLIS, South Carolina           JIM COSTA, California
DAVE G. REICHERT, Washington         AL GREEN, Texas
MICHAEL E. SODREL, Indiana           CHARLIE MELANCON, Louisiana
JOHN J.H. ``JOE'' SCHWARZ, Michigan  VACANCY
MICHAEL T. MCCAUL, Texas
VACANCY
VACANCY


                            C O N T E N T S

                              May 12, 2005

                                                                   Page
Witness List.....................................................     2

Hearing Charter..................................................     3

                           Opening Statements

Statement by Representative Sherwood L. Boehlert, Chairman, 
  Committee on Science, U.S. House of Representatives............    18
    Written Statement............................................    19

Statement by Representative Lincoln Davis, Member, Committee on 
  Science, U.S. House of Representatives.........................    20
    Written Statement............................................    21

Prepared Statement by Representative Jerry F. Costello, Member, 
  Committee on Science, U.S. House of Representatives............    22

Prepared Statement by Representative Eddie Bernice Johnson, 
  Member, Committee on Science, U.S. House of Representatives....    23

Prepared Statement by Representative Russ Carnahan, Member, 
  Committee on Science, U.S. House of Representatives............    23

Prepared Statement by Representative Sheila Jackson Lee, Member, 
  Committee on Science, U.S. House of Representatives............    24

                               Witnesses:

Dr. John H. Marburger, III, Director, Office of Science and 
  Technology Policy, The White Housest
    Oral Statement...............................................    25
    Written Statement............................................    27
    Biography....................................................    31

Dr. Anthony J. Tether, Director, Defense Advanced Research 
  Projects Agency
    Oral Statement...............................................    32
    Written Statement............................................    38
    Biography....................................................    56

Dr. William A. Wulf, President, National Academy of Engineering
    Oral Statement...............................................    56
    Written Statement............................................    59
    Biography....................................................    63
    Financial Disclosure.........................................    65

Dr. F. Thomson Leighton, Chief Scientist and Co-founder, Akamai 
  Technologies
    Oral Statement...............................................    67
    Written Statement............................................    68
    Biography....................................................    76

Discussion.......................................................    76

             Appendix 1: Answers to Post-Hearing Questions

Dr. John H. Marburger, III, Director, Office of Science and 
  Technology Policy, The White House.............................    98

Dr. Anthony J. Tether, Director, Defense Advanced Research 
  Projects Agency................................................   103

Dr. William A. Wulf, President, National Academy of Engineering..   106

Dr. F. Thomson Leighton, Chief Scientist and Co-founder, Akamai 
  Technologies...................................................   114

             Appendix 2: Additional Material for the Record

Joint Statement of the Computing Research Community..............   120

 
          THE FUTURE OF COMPUTER SCIENCE RESEARCH IN THE U.S.

                              ----------                              


                         THURSDAY, MAY 12, 2005

                  House of Representatives,
                                      Committee on Science,
                                                    Washington, DC.

    The Committee met, pursuant to call, at 10:10 a.m., in Room 
2318 of the Rayburn House Office Building, Hon. Sherwood L. 
Boehlert [Chairman of the Committee] presiding.



                            hearing charter

                          COMMITTEE ON SCIENCE

                     U.S. HOUSE OF REPRESENTATIVES

                         The Future of Computer

                      Science Research in the U.S.

                         thursday, may 12, 2005
                         10:00 a.m.-12:00 p.m.
                   2318 rayburn house office building

1. Purpose

    On Thursday, May 12, 2005, the House Science Committee will hold a 
hearing to examine the state of computer science research in the United 
States and the evolution of federal support for this field. 
Specifically, the hearing will examine the controversy surrounding the 
apparent shift away from basic research in overall federal support for 
computer science and the impact of the shift on federal agencies, 
academia and industry.

2. Witnesses

Dr. John H. Marburger, III is Director of the Office of Science and 
Technology Policy (OSTP), the White House science office. Prior to 
joining OSTP, Dr. Marburger served as President of the State University 
of New York at Stony Brook and as Director of the Brookhaven National 
Laboratory.

Dr. Anthony J. Tether is the Director of the Defense Advanced Research 
Projects Agency (DARPA). Prior to his appointment as Director of DARPA 
in 2001, Dr. Tether served as Chief Executive Officer of The Sequoia 
Group and of Dynamics Technology Inc.

Dr. William A. Wulf is President of the National Academy of 
Engineering. He is on leave from the University of Virginia, 
Charlottesville, where he is a University Professor and AT&T Professor 
of Engineering and Applied Sciences. His research focuses on computer 
architecture and computer security. He served as Assistant Director for 
Computer and Information Science and Engineering at the National 
Science Foundation from 1988 to 1990.

Dr. Tom Leighton is Chief Scientist and co-founder of Akamai 
Technologies. His expertise is in algorithms for network applications, 
which he used to develop a solution to freeing up Internet congestion. 
In addition to his position at Akamai, he is a Professor of Applied 
Mathematics at the Massachusetts Institute of Technology. He is 
currently a member of the President's Information Technology Advisory 
Committee (PITAC) and served as Chairman of the Committee's 
Subcommittee on Cyber Security.

3. Brief Overview

          Federal support for information technology research 
        has been a key to the development of the information technology 
        industry. The 2003 National Academy of Sciences report 
        Innovation in Information Technology lists 19 areas in which 
        federally sponsored fundamental research underpinned the 
        innovations that eventually became multi-billion-dollar 
        information technology industries. Examples include the 
        Internet and the World Wide Web, parallel and relational 
        databases, data mining, and speech recognition.

          Academic computer science research has direct 
        relevance to the information technology industry. University 
        research in computer science is funded by a number of agencies 
        within the Federal Government, but the largest contributors are 
        the Defense Advanced Research Projects Agency (DARPA) and the 
        National Science Foundation (NSF), which together accounted for 
        about 85 percent of the roughly $1.1 billion of federal funding 
        for research performed at universities and colleges in 
        mathematics and computer sciences in fiscal year 2004 (FY04).

          Recently, many computer science researchers have 
        become concerned about an apparent trend at DARPA toward 
        reducing the percentage of DARPA's computer science research 
        portfolio dedicated to long-term fundamental research. DARPA's 
        withdrawal may have contributed to increased proposal pressures 
        on NSF, which has experienced a doubling of applications for 
        funding relating to computer science over the last four years, 
        causing application approval rates to plummet.

          DARPA and NSF programs are complementary, but have 
        many significant differences. While both agencies award grants 
        competitively, DARPA has its program managers select the 
        awardees, while NSF uses a peer-review process. Peer review 
        allows a wider range of views to be considered, but also tends 
        to be more conservative. DARPA awards also tend to be targeted 
        to a more specific end-product even though that product may be 
        many years away. The general view in the computer science field 
        is that both agencies need to support fundamental research to 
        allow for a balanced national portfolio. A sense of the 
        relative strengths of the two agencies can be seen in the 
        development of the Internet. DARPA-sponsored research led to 
        the initial forerunner of the Internet, known as ARPANET. NSF 
        funding led to the expansion of networks (initially for 
        university use) and to the development of the World Wide Web.

          In March 2005, the President's Information Technology 
        Advisory Committee (PITAC) released a report entitled Cyber 
        Security: A Crisis of Prioritization. In it, the Committee 
        describes the importance of federally supported research in 
        cyber security and recommends additional federal investment at 
        several agencies (including NSF and DARPA) to develop the next 
        generation of cyber security technologies and increase the size 
        of the cyber security research community. The PITAC report also 
        recommends strengthening cyber security technology transfer 
        efforts and improving interagency coordination of cyber 
        security research programs.

          The Science Committee has been a leader in pushing 
        for increased research in cyber security through, for example, 
        passage in 2002 of the Cyber Security Research and Development 
        Act (P.L. 107-305), which authorized $903 million over five 
        years for cyber security research and fellowship programs at 
        NSF and at the National Institute of Standards and Technology. 
        In FY05, NSF cyber security programs are funded at about $82 
        million, $46 million below the level authorized in the Act.

4. Overarching Questions

          What effects are shifts in federal support for 
        computer science--e.g., shifts in the balance between short- 
        and long-term research, shifts in the roles of different 
        agencies--having on academic and industrial computer science 
        research and development? What impacts will these changes have 
        on the future of the U.S. information technology industry and 
        on innovation in this field?

          Are the Federal Government's current priorities 
        related to computer science research appropriate? If not, how 
        should they be changed?

          What should the Federal Government be doing to 
        implement the recommendations of the recent President's 
        Information Technology Advisory Committee (PITAC) report on 
        cyber security?

5. Background

Federal Support for Information Technology Research
    Many of the technologies that enabled electronic commerce to take 
off in the 1990s are based on research initially conducted at 
universities and funded by DARPA and NSF. The 2003 National Academy of 
Sciences (NAS) report Innovation in Information Technology lists 19 
areas in which federally sponsored fundamental research underpinned the 
innovations that eventually became multi-billion dollar information 
technology industries.\1\ Examples relating to e-commerce include web 
browsers, search engines, cryptography methods that allow secure credit 
card transactions, databases to manage information and transactions, 
and the protocols and hardware underlying the Internet itself. Often, 
the unanticipated results of such research are as important as the 
anticipated results. For example, the early research that led to e-mail 
and instant messaging technologies was originally done in the 1960s as 
part of a project examining how to share expensive computing resources 
among multiple simultaneous and interacting users.
---------------------------------------------------------------------------
    \1\ Computer Science and Telecommunications Board, National 
Academies, Innovation in Information Technology, National Academy Press 
(2003), pages 6-7.
---------------------------------------------------------------------------
    These innovations have helped create an information technology 
sector that is credited for nearly 30 percent of real growth in the 
U.S. gross domestic product from 1994 to 2000 and that currently 
accounts for 29 percent of all U.S. exports.\2\ The military also 
depends heavily on the information technology sector's commercial-off-
the-shelf products to meet its critical information technology needs.
---------------------------------------------------------------------------
    \2\ Data from the Information Technology Industry Council, http://
www.itic.org/sections/Economy.html.
---------------------------------------------------------------------------
    Since the pace of change in information technology products is so 
rapid, companies' main competitive advantage often comes from being 
first to market with a particular product or feature. If the U.S. 
research community isn't producing the ideas, or if the ideas are 
classified, it is less likely that U.S. companies will be the first to 
benefit from the research results.
    Academic research also contributes to the training of the 
information technology workforce. Research grants support graduate 
students, and undergraduate and graduate computer science and 
engineering programs at universities produce the software developers 
and testers, hardware designers, and other personnel that power the 
computing and communications industries and the industries that depend 
on information technologies. (For example, automotive and manufacturing 
companies rely on modeling and simulation for product development and 
production management, and the financial services sectors utilize 
information technology for modeling markets and securing financial 
transactions.)
Agencies That Support Academic Computer Science Research
    University research in computer science is funded by a number of 
agencies within the Federal Government but the largest contributors are 
DARPA and NSF, which together accounted for about 85 percent of the 
roughly $1.1 billion of federal funding for research performed at 
universities and colleges in mathematics and computer sciences in FY04. 
Other agencies that contribute in this area include the National 
Institutes of Health, the National Aeronautics and Space 
Administration, the Department of Energy, and the research agencies of 
the Armed Forces. Coordination among the agencies primarily occurs 
through working groups organized under the multi-agency National 
Information Technology Research and Development Program (NITRD), which 
operates under the auspices of the White House Office of Science and 
Technology Policy.

            Defense Advanced Research Projects Agency

    DARPA's mission is to ensure that the U.S. military remains, over 
the long-run, at the cutting edge of technology. DARPA conducts its 
mission by sponsoring revolutionary, high-payoff research that bridges 
the gap between fundamental discoveries and their military use. (The 
research it sponsors tends to be more revolutionary and more targeted 
than the research funded by NSF.) DARPA does not conduct any research 
itself; it sponsors research in academia and industry. DARPA's programs 
are organized around strategic thrusts in areas of importance to 
national security, and projects are sought out and selected by program 
managers. These program managers usually come to DARPA on leave from 
technical positions in the private sector, other government agencies, 
or academia and usually stay at DARPA for about four to six years. 
DARPA program managers are encouraged to pursue high-risk technical 
ideas and have the authority to quickly make decisions about starting, 
continuing, or stopping research projects.
    DARPA played a key role in the birth and maturation of computer 
science as a field and the development of many of the important sub-
specialties. As described by the NAS report, DARPA helped start many of 
today's university computer science programs by funding large-scale 
university centers of excellence early in the history of the computer 
science field.
    DARPA supported research that produced advances in areas as diverse 
as computer graphics, artificial intelligence, networking, and computer 
architecture.\3\ A recent Defense Science Board report also describes 
the unique role DARPA has played. DARPA program managers have 
encouraged simultaneous yet competing work by industrial and university 
researchers on the technological barriers to new computing capabilities 
and has also funded university researchers to produce convincing 
prototypes of revolutionary concepts.\4\
---------------------------------------------------------------------------
    \3\ Computer Science and Telecommunications Board, National 
Academies, Innovation in Information Technology, National Academy Press 
(2003), pages 23-25.
    \4\ Report of the Defense Science Board Task Force on High 
Performance Microchip Supply, February 2005, page 87.
---------------------------------------------------------------------------
    However, in the past five years, the computer science research 
community in both academia and industry has raised concerns that DARPA 
has been narrowing its focus. The community believes DARPA has been 
moving away from investing in longer-term basic research in favor of 
increased funding for development of specific technologies for the 
armed forces' more immediate defensive and offensive needs. They 
believe that this change in focus is evident in a number of ways--a 
reduction of funding for university research in computer science, an 
increase in classification of research programs and restriction on 
participation of non-citizens, and reviews of whether to continue 
funding individual research projects at 12- to 18-month intervals, 
which is short for fundamental research.\5\,\6\ These 
concerns recently received public airing in an article on the front 
page of the business section of the New York Times (Attachment A) and 
an editorial in Science magazine (Attachment B).
---------------------------------------------------------------------------
    \5\ ``An Endless Frontier Postponed,'' by Edward D. Lazowska and 
David A. Patterson, Science Magazine, Volume 308, May 6, 2005, page 
757.
    \6\ Report of the Defense Science Board Task Force on High 
Performance Microchip Supply, February 2005, page 88.
---------------------------------------------------------------------------
    The way DARPA categorizes its research makes it difficult to get a 
complete picture of the trends in its computer science research. 
DARPA's budget requests, relevant appropriations language, and project 
portfolio management are organized in a constantly changing array of 
``program elements'' rather than by field. However, in response to a 
Congressional request for historical data on DARPA funding for computer 
science and the amount of that funding given to universities, DARPA 
reviewed individual projects from the recent past to determine which 
could be classified as computer science research. The data was provided 
for FY01 through FY04 (Table 1) and showed that while overall computer 
science funding grew slightly (from $546 million in FY01 to $583 
million in FY04), funding awarded to universities for computer science 
research declined each year in that period, going from $214 million in 
FY01 to $123 million in FY04 (a drop of 43 percent).



    Another source of information on the changing role of DARPA in 
supporting university computer science research is data gathered by the 
Computing Research Association. These data show that at leading 
university computer science departments, both the dollar amount of 
funding received from DARPA, and the percent of their funding from 
DARPA dropped sharply between FY99 and FY04. The percentage of their 
funding from DARPA in FY04 was roughly half of what it was in FY99.
    DARPA has cited several factors that have contributed to this 
decline in its funding for university computer science research. First, 
much more DARPA computing research is classified, and universities 
generally do not perform classified research. The impact of increased 
classification has been particularly noticeable in the area of 
information assurance (also known as cyber security) for which the 
unclassified budget dropped by 50 percent between FY01 and FY04, 
leading to a drop in university funding from $20 million to $4 million. 
Second is the congressional termination\7\ in FY04 of DARPA's program 
on asymmetric threats, which included approximately $11 million in 
university funding.
---------------------------------------------------------------------------
    \7\ DARPA's work on asymmetric threats was terminated as part of 
congressional elimination of DARPA's larger Terrorism Information 
Awareness program (also known as Total Information Awareness) in FY04 
due to congressional concerns about the appropriateness of the overall 
program goals.
---------------------------------------------------------------------------
    The third and perhaps most critical explanation for why DARPA's 
funding for university computer science research has declined is that 
work in many ongoing programs has progressed from the research phase to 
the product development and construction phase. For example, DARPA 
notes that work on high-performance computing has moved from research 
on how to design new computers to product development, leading funding 
to shift from universities to industry. Similarly, work in intelligent 
software has gone beyond the fundamental research stage, leading DARPA 
funding in that area for universities to decline from about $28 million 
in FY01 to about $8 million in FY04. But computer scientists argue 
that, while work has progressed in these programs, there is basic 
research to be pursued in other, new areas.
    Finally, DARPA may be feeling increasing pressure from the 
Department of Defense and the individual armed services to more quickly 
develop new technologies that can be deployed to meet current and near-
term needs. DARPA has always played a critical role in the development 
of technologies for the armed forces. Examples of current DARPA 
programs with important short-term impacts include the Marine Airborne 
Retransmission System program, which helps extend the range of tactical 
radios and is expected to be deployed with the Marine Corps in Iraq 
very soon, and work on operating systems for unmanned combat air 
vehicles.
    DARPA has always carried out a mix of nearer- and longer-term work 
and the question is whether the current balance is appropriate. 
Academic and some industry researchers fear that the balance is now 
shifting too much in the direction of nearer-term work, which will 
deprive the U.S. industry (and military) of ideas that could be helpful 
in the future. For example, research is needed on how to integrate 
nanotechnology and biotechnology with information technology systems.

            National Science Foundation
    Like DARPA, NSF performs no research itself. At NSF, projects are 
selected for funding through a competitive, peer review process, in 
which NSF brings together panels of experts in a given field to review 
proposals anonymously. Researchers can send project proposals to NSF 
either in response to agency-issued requests for proposals in specific 
areas or as unsolicited proposals.
    Computer science research at NSF is conducted almost entirely in 
the Computer and Information Sciences and Engineering Directorate 
(CISE), although the directorate funding is not entirely devoted to 
computer science research. Relevant CISE activities include support for 
investigator-initiated research in all areas of computer and 
information science and engineering; development and maintenance of 
cutting-edge national computing and information infrastructure for 
research and education in many fields; and support for the education 
and training of the next generation of computer scientists and 
engineers.
    In the five years between FY00 and FY04, the number of proposals 
received at CISE annually has more than doubled (Table 2). While 
funding has also increased, it has not kept pace with increasing 
proposal pressure and the rising costs of doing research. As a result, 
the success rate for proposals dropped to 16 percent, which is the 
lowest of any NSF directorate. During the same time period, the 
percentage of federal funding for research performed at universities 
and colleges in mathematics and computer sciences that was provided by 
NSF grew from 55 percent to 65 percent.\8\
---------------------------------------------------------------------------
    \8\ Federal Funds for Research and Development: Fiscal Years 2002, 
2003, and 2004; Federal Funds for Research and Development: Fiscal 
Years 2001, 2002, and 2003; and Federal Funds for Research and 
Development: Fiscal Years 2000, 2001, and 2002. All compiled by the NSF 
Division of Science Resources Statistics.




    A number of factors have contributed to this rise in proposal 
pressure and the drop in success rate. One is the growing number of 
computer science faculty looking to the Federal Government for research 
support. From the 1999-2000 academic year to the 2003-2004 academic 
year, the number of faculty in the top 24 U.S. computer science 
departments increased by 27 percent (nearly 300 new faculty), and 
similar growth patterns were seen in the total number of faculty at all 
computer science departments.\9\ Another factor is the growth of 
interest in the types of computer science-related programs funded by 
CISE. As researchers from other disciplines have discovered the value 
of information technology in tackling outstanding questions in their 
fields, scientists in physics, oceanography, biology, and many other 
areas have begun to seek funding from CISE. Finally, while the number 
of proposals was rising, CISE was also making a concerted effort to 
increase grant size in order to enhance researchers' productivity and 
improve opportunities for training students. While this strategy was 
consistent with recommendations made by PITAC and overall NSF goals, it 
also limited CISE's ability to increase the number of grants awarded.
---------------------------------------------------------------------------
    \9\ Annual Taulbee Surveys from the Computing Research Association. 
Available on line at http://www.cra.org/statistics/.
---------------------------------------------------------------------------
    Given the multitude of factors that have contributed to the 
increase in proposals submitted to CISE, it is difficult to determine 
how much of this change is due to researchers shifting their focus to 
NSF from DARPA because of the increasing difficulty of getting DARPA 
grants.

            How DARPA and NSF Complement Each Other
    Both DARPA and NSF have played a critical role in the development 
of computer science. NSF programs are generally driven by researchers' 
proposals and peer review while DARPA's investments are generally 
driven by the priorities set out by program managers who try to push 
the research envelope to meet particular military and national needs. 
NSF support is essential to the ongoing research and education work of 
a broad computer science community; DARPA work is essential to pulling 
that community into specific, newer areas. Both agencies have funded 
work that has led to technological leaps in information technology.
    The Science Committee has been reviewing the relationship between 
the two agencies for some time. For example, on May 14, 2003, the 
Science Committee held a hearing to examine federal cyber security R&D 
activities. At the hearing, Dr. Tether, the Director of DARPA, in 
response to a question about whether the Federal Government was giving 
sufficient priority to the needs of cyber security, answered that DARPA 
is ``more idea limited right now than we are funding limited,'' and 
indicated that DARPA relied on NSF to supply ideas. That appeared to be 
a shift away from DARPA's historic role, in which it funded fundamental 
research to foster new ideas as well as working to bring ideas to the 
development stage. Also many computer scientists expressed surprise at 
the DARPA comment, arguing that numerous ideas for research were going 
begging for money.

PITAC Report--Cyber Security: A Crisis of Prioritization
    On March 18, 2005, the President's Information Technology Advisory 
Committee (PITAC) released their report Cyber Security: A Crisis of 
Prioritization. (The Executive Summary of the report is Attachment C.) 
In it, the Committee argues for increased federal funding for cyber 
security research and emphasizes the important and complementary roles 
multiple agencies play in ensuring that the next generation of cyber 
security technologies will be developed and implemented.
    Specifically, the report presents four findings and 
recommendations. The first recommendation is that Congress and the 
Administration should substantially increase funding for fundamental 
research in civilian cyber security at a number of agencies, especially 
NSF, DARPA, and the Department of Homeland Security (DHS). In 
particular, the report recommends that funding for cyber security 
research at NSF be increased by $90 million annually.
    The second recommendation from the Committee is that the Federal 
Government increase its support for recruitment and retention of cyber 
security researchers and students at research universities, with a goal 
of at least doubling the size of the civilian cyber security 
fundamental research community by the end of the decade. In particular, 
the report recommends increased, stable funding for research, 
recruitment of people from other fields into cyber security, and 
increased emphasis on the importance of unclassified cyber security 
research.
    The third recommendation from the Committee is that, because 
current cyber security technology transfer efforts are not adequate to 
move the results of federal research investments into civilian sector 
best practices and products, the Federal Government should strengthen 
its cyber security technology transfer partnership with the private 
sector. Examples of what the Federal Government could do include: 
placing greater emphasis on the development of metrics, models, data 
sets, and testbeds so that new products and best practices could be 
evaluated; and encouraging federally supported graduate students and 
postdoctoral researchers to gain experience in industry as researchers, 
interns, or consultants.
    The final recommendation from the Committee is that the Federal 
Government should improve coordination and oversight of federal cyber 
security R&D to increase the focus and efficiency of the programs. 
Currently several interagency groups focus on, or include cyber 
security research in their missions, but there is not a single group 
with primary responsibility. The Committee recommends that the 
Interagency Working Group on Critical Information Infrastructure 
Protection become the focal point for coordinating federal cyber 
security R&D efforts. One task for a strengthened version of this 
working group would be to systematically collect data on federal cyber 
security R&D efforts.

6. Witness Questions

    The witnesses were asked to address the following questions in 
their testimony:
Questions for Dr. John Marburger:

          What are the Administration's highest priorities in 
        computer science research? How and why have these priorities--
        and overall federal support for computer science research--
        changed in the last five years?

          What are the relative roles of the National Science 
        Foundation and the Defense Advanced Research Projects Agency in 
        supporting computer science research? How and why have these 
        roles been changing?

          What is the Administration's response to the recent 
        President's Information Technology Advisory Committee (PITAC) 
        report on cyber security?

Questions for Dr. Anthony Tether:

          How does the Defense Advanced Research Projects 
        Agency's (DARPA's) support for computer science research relate 
        to its overall mission?

          What are DARPA's highest priorities in computer 
        science research?

          How do you determine the balance between short- and 
        long-term research programs? How does DARPA utilize academic 
        and industrial researchers for computer science projects? Has 
        the balance between short- and long-term research and between 
        academic and industrial researchers within DARPA's computer 
        science research portfolio changed in the last five years? If 
        so, why?

          What is DARPA's response to the recent President's 
        Information Technology Advisory Committee (PITAC) report on 
        cyber security?

Questions for Dr. Wm. Wulf:

          What effects are shifts in federal support for 
        computer science--e.g., shifts in the balance between short- 
        and long-term research, shifts in the roles of different 
        agencies--having on academic and industrial computer science 
        research? What effects are changes in that research likely to 
        have on the future of the U.S. information technology industry 
        and on innovation in this field?

          Are the Federal Government's current priorities 
        related to computer science research appropriate? If not, how 
        should they be changed?

          What are your views on the recent President's 
        Information Technology Advisory Committee (PITAC) report on 
        cyber security? What should the Federal Government be doing to 
        implement the recommendations of this report? Should PITAC be 
        renewed when its current term expires on June 1?

Questions for Dr. Tom Leighton:

          Please explain the findings and recommendations of 
        the recent President's Information Technology Advisory 
        Committee (PITAC) report on Cyber Security: A Crisis of 
        Prioritization.

          What role does cyber security research conducted at 
        universities play in the development of cyber security tools 
        and the implementation of good cyber security practices by U.S. 
        companies?

          How have the composition and activities of the cyber 
        security research community changed in recent years? How has 
        federal support for cyber security research changed in recent 
        years?

Attachment A

                PENTAGON REDIRECTS ITS RESEARCH DOLLARS

                 New York Times, April 2, 2005, page C1
                            By John Markoff

    SAN FRANCISCO, April 1--The Defense Advanced Research Projects 
Agency at the Pentagon--which has long underwritten open-ended ``blue 
sky'' research by the Nation's best computer scientists--is sharply 
cutting such spending at universities, researchers say, in favor of 
financing more classified work and narrowly defined projects that 
promise a more immediate payoff.
    Hundreds of research projects supported by the agency, known as 
DARPA, have paid off handsomely in recent decades, leading not only to 
new weapons, but to commercial technologies from the personal computer 
to the Internet. The agency has devoted hundreds of millions of dollars 
to basic software research, too, including work that led to such recent 
advances as the Web search technologies that Google and others have 
introduced.
    The shift away from basic research is alarming many leading 
computer scientists and electrical engineers, who warn that there will 
be long-term consequences for the Nation's economy. They are accusing 
the Pentagon of reining in an agency that has played a crucial role in 
fostering America's lead in computer and communications technologies.
    ``I'm worried and depressed,'' said David Patterson, a computer 
scientist at the University of California, Berkeley who is President of 
the Association of Computing Machinery, an industry and academic trade 
group. ``I think there will be great technologies that won't be there 
down the road when we need them.''
    University researchers, usually reluctant to speak out, have 
started quietly challenging the agency's new approach. They assert that 
DARPA has shifted a lot more work in recent years to military 
contractors, adopted a focus on short-term projects while cutting 
support for basic research, classified formerly open projects as secret 
and placed new restrictions on sharing information.
    This week, in responding to a query from the staff of the Senate 
Armed Services Committee, DARPA officials acknowledged for the first 
time a shift in focus. They revealed that within a relatively steady 
budget for computer science research that rose slightly from $546 
million in 2001 to $583 million last year, the portion going to 
university researchers has fallen from $214 million to $123 million.
    The agency cited a number of reasons for the decline: increased 
reliance on corporate research; a need for more classified projects 
since 9/11; Congress's decision to end controversial projects like 
Total Information Awareness because of privacy fears; and the shift of 
some basic research to advanced weapons systems development.
    In Silicon Valley, executives are also starting to worry about the 
consequences of DARPA's stinting on basic research in computer science.
    ``This has been a phenomenal system for harnessing intellectual 
horsepower for the country,'' said David L. Tennenhouse, a former DARPA 
official who is now Director of Research for Intel. ``We should be 
careful how we tinker with it.''
    University scientists assert that the changes go even further than 
what DARPA has disclosed. As financing has dipped, the remaining 
research grants come with yet more restrictions, they say, often 
tightly linked to specific ``deliverables'' that discourage exploration 
and serendipitous discoveries.
    Many grants also limit the use of graduate students to those who 
hold American citizenship, a rule that hits hard in computer science, 
where many researchers are foreign.
    The shift at DARPA has been noted not just by those researchers 
directly involved in computing technologies, but by those in other 
fields supported by the agency.
    ``I can see they are after deliverables, but the unfortunate thing 
is that basic research gets squeezed out in the process,'' said 
Wolfgang Porod, Director of the Center for Nano Science and Technology 
at the University of Notre Dame.
    The concerns are highlighted in a report on the state of the 
Nation's cyber security that was released with little fanfare in March 
by the President's Information Technology Advisory Committee. DARPA has 
long focused on long-term basic research projects with time horizons 
that exceed five years, the report notes, but by last year, very little 
of DARPA's financing was being directed toward fundamental research in 
the field.
    ``Virtually every aspect of information technology upon which we 
rely today bears the stamp of federally sponsored university 
research,'' said Ed Lazowska, a computer scientist at the University of 
Washington and co-chairman of the advisory panel. ``The Federal 
Government is walking away from this role, killing the goose that laid 
the golden egg.''
    As a result of the new restrictions, a number of computer 
scientists said they had chosen not to work with DARPA any longer. Last 
year, the agency offered to support research by Leonard Kleinrock, a 
computer scientist at the University of California, Los Angeles who was 
one of the small group of researchers who developed the Arpanet, the 
1960's predecessor to today's Internet.
    Dr. Kleinrock said that he decided that he was not interested in 
the project when he learned that the agency was insisting that he 
employ only graduate assistants with American citizenship.
    DARPA officials, who declined repeated requests for interviews, 
disputed the university researchers. The agency, which responded only 
in writing to questions, contended that the criticisms leveled by the 
advisory committee and other researchers were not accurate and that it 
had always supported a mix of longer- and shorter-term research.
    ``The key is a focus on high-risk, high-payoff research,'' Jan 
Walker, a DARPA spokeswoman, stated in an e-mail message. Given the 
threat from terrorism and the demands on troops in Iraq, she wrote, 
DARPA is rightly devoting more attention to ``quick reaction'' projects 
that draw on the fruits of earlier science and technology to produce 
useful prototypes as soon as possible.
    The Pentagon shift has put added pressure on the other federal 
agencies that support basic information technology research.
    At the Directorate for Computer and Information Science and 
Engineering of the National Science Foundation, the number of research 
proposals has soared from 2,000 in 1999 to 6,500 last year. Peter A. 
Freeman, its director, said that the sharp rise was partly attributable 
to declines in Pentagon support.
    ``DARPA has moved away from direct funding to universities,'' Mr. 
Freeman said. ``Even when they do directly fund, some of the conditions 
and constraints seem to be pretty onerous. There is no question that 
the community doesn't like what the head of DARPA has been doing, but 
he has his reasons and his prerogatives.''
    The transformation of DARPA has been led by Anthony J. Tether, a 
Stanford-educated electrical engineer who has had a long career moving 
between executive positions at military contractors and the Pentagon.
    Last year, Dr. Tether's new approach led to a series of cutbacks at 
a number of computer science departments. Program financing for a DARPA 
project known as Network Embedded Sensor Technology--intended to 
develop networks of sensors that could potentially be deployed on 
battlefields to locate and track enemy tanks and soldiers--has been cut 
back or ended on as many as five university campuses and shifted 
instead to traditional military contractors.
    ``The network has now become as vital as the weapons themselves,'' 
Dr. Tether said in an appearance before the advisory committee last 
year, testifying that secrecy had become more essential for a 
significant part of the agency's work.
    That has created problems for university researchers. Several 
scientists have been instructed, for example, to remove previously 
published results from Web sites. And at U.C.L.A. and Berkeley, DARPA 
officials tried to classify software research done under a contract 
that specified that the results would be distributed under so-called 
open-source licensing terms.
    ``We were requested to remove all publicly accessible pointers to 
software developed under the program,'' said Deborah Estrin, Director 
of Embedded Network Sensing at U.C.L.A. ``This is the first time in 15 
years that I have no DARPA funding.''
    At Berkeley, Edward A. Lee, who was recently named Chairman of the 
Computer Science Department, agreed not to publish a final report at 
DARPA's request, even though he told officials the data had already 
become widely available.
    Despite the complaints, some pioneering researchers support the 
changes being driven by Dr. Tether and say they are necessary to 
prepare the Nation for a long battle against elusive enemies.
    ``There are pressures and demands on DARPA to be relevant,'' said 
Robert Kahn, a former DARPA administrator who is now President of the 
Corporation for National Research Initiatives in Reston, Va. ``People 
think it should stay the same, but times have changed.''
    Still, a number of top scientists argue that the Pentagon's shift 
in priorities could not have come at a worse time. Most American 
companies have largely ended basic research and have begun to outsource 
product research and development extensively even as investments in 
Asia and Europe are rising quickly.
    And many computer scientists dispute DARPA's reasoning that 
fighting wars demands a shift away from basic research. During the 
Vietnam War, they say, DARPA kept its commitment to open-ended computer 
research, supporting things like a laboratory in the hills behind 
Stanford University dedicated to the far-out idea of building computing 
machines to mimic human capabilities.
    John McCarthy founded the Stanford artificial research lab in 1964, 
helping to turn it into a wellspring for some of Silicon Valley's most 
important companies, from Xerox Parc to Apple to Intel.
    ``American leadership in computer science and in applications has 
benefited more from the longer-term work,'' Mr. McCarthy said, ``than 
from the deliverables.''

Attachment B

                EDITORIAL: AN ENDLESS FRONTIER POSTPONED

          SCIENCE Magazine, Volume 308, May 6, 2005, page 757
              By Edward D. Lazowska and David A. Patterson

    Next month, U.S. scientists Vinton G. Cerf and Robert E. Kahn will 
receive computing's highest prize, the A.M. Turing Award, from the 
Association for Computing Machinery. Their Transmission Control 
Protocol (TCP), created in 1973, became the language of the Internet. 
Twenty years later, the Mosaic Web browser gave the Internet its public 
face. TCP and Mosaic illustrate the nature of computer science 
research, combining a quest for fundamental understanding with 
considerations of use. They also illustrate the essential role of 
government-sponsored university-based research in producing the ideas 
and people that drive innovation in information technology (IT).
    Recent changes in the U.S. funding landscape have put this 
innovation pipeline at risk. The Defense Advanced Research Projects 
Agency (DARPA) funded TCP. The shock of the Soviet satellite Sputnik in 
1957 led to the creation of the agency, which was charged with 
preventing future technological surprises. From its inception, DARPA 
funded long-term non-classified IT research in academia, even during 
several wars, to leverage all the best minds. Much of this research was 
dual-use, with the results ultimately advancing military systems and 
spurring the IT industry.
    U.S. IT research grew largely under DARPA and the National Science 
Foundation (NSF). NSF relied on peer review, whereas DARPA bet on 
vision and reputation, complementary approaches that served the Nation 
well. Over the past four decades, the resulting research has laid the 
foundation for the modern microprocessor, the Internet, the graphical 
user interface, and single-user workstations. It has also launched new 
fields such as computational science. Virtually every aspect of IT that 
we rely on today bears the stamp of federally sponsored research. A 
2003 National Academies study provided 19 examples where such work 
ultimately led to billion-dollar industries, an economic benefit that 
reaffirms science advisor Vannevar Bush's 1945 vision in Science: The 
Endless Frontier.
    However, in the past three years, DARPA funding for IT research at 
universities has dropped by nearly half. Policy changes at the agency, 
including increased classification of research programs, increased 
restrictions on the participation of noncitizens, and ``go/no-go'' 
reviews applied to research at 12- to 18-month intervals, discourage 
participation by university researchers and signal a shift from pushing 
the leading edge to ``bridging the gap'' between fundamental research 
and deployable technologies. In essence, NSF is now relied on to 
support the long-term research needed to advance the IT field.
    Other agencies have not stepped in. The Defense Science Board noted 
in a recent look at microchip research at the Department of Defense 
(DOD): ``[DARPA's] withdrawal has created a vacuum. . .. The problem, 
for DOD, the IT industry, and the Nation as a whole, is that no 
effective leadership structure has been substituted.'' The Department 
of Homeland Security, according to a recent report from the President's 
Information Technology Advisory Committee, spends less than two percent 
of its Science and Technology budget on cyber security, and only a 
small fraction of that on research. NASA is downsizing computational 
science, and IT research budgets at the Department of Energy and the 
National Institutes of Health are slated for cuts in the president's 
fiscal year 2006 budget.
    These changes, combined with the growth of the discipline, have 
placed a significant burden on NSF, which is now showing the strain. 
Last year, NSF supported 86 percent of federal obligations for 
fundamental research in IT at academic institutions. The funding rate 
for competitive awards in the IT sector fell to 16 percent, the lowest 
of any directorate. Such low success rates are harmful to the 
discipline and, ultimately, to the Nation.*
    At a time when global competitors are gaining the capacity and 
commitment to challenge U.S. high-tech leadership, this changed 
landscape threatens to derail the extraordinarily productive interplay 
of academia, government, and industry in IT. Given the importance of IT 
in enabling the new economy and in opening new areas of scientific 
discovery, we simply cannot afford to cede leadership. Where will the 
next generation of ground-breaking innovations in IT arise? Where will 
the Turing Awardees 30 years hence reside? Given current trends, the 
answers to both questions will likely be, ``not in the United States.''
    About the Authors: Edward D. Lazowska holds the Bill & Melinda 
Gates Chair in Computer Science & Engineering at the University of 
Washington. David A. Patterson holds the E.H. and M.E. Pardee Chair of 
Computer Science at the University of California, Berkeley, and is 
president of the Association for Computing Machinery. Both are members 
of the National Academy of Engineering and the President's Information 
Technology Advisory Committee, and past chairs of the Computing 
Research Association.
    * The House Science Committee will consider these issues at a 12 
May hearing on ``The Future of Computer Science Research in the U.S.'' 
See http://www.cra.org/research.

Attachment C

               CYBER SECURITY: A CRISIS OF PRIORITIZATION

  Report to the President from the President's Information Technology 
                           Advisory Committee
                          Released March 2005

EXECUTIVE SUMMARY

    The information technology (IT) infrastructure of the United 
States, which is now vital for communication, commerce, and control of 
our physical infrastructure, is highly vulnerable to terrorist and 
criminal attacks. The private sector has an important role in securing 
the Nation's IT infrastructure by deploying sound security products and 
adopting good security practices. But the Federal Government also has a 
key role to play by supporting the discovery and development of cyber 
security technologies that underpin these products and practices. The 
PITAC finds that the Federal Government needs to fundamentally improve 
its approach to cyber security to fulfill its responsibilities in this 
regard.

Background

    The Nation's IT infrastructure has undergone a dramatic 
transformation over the last decade. Explosive growth in the use of 
networks to connect various IT systems has made it relatively easy to 
obtain information, to communicate, and to control these systems across 
great distances. Because of the tremendous productivity gains and new 
capabilities enabled by these networked systems, they have been 
incorporated into a vast number of civilian applications, including 
education, commerce, science and engineering, and entertainment. They 
have also been incorporated into virtually every sector of the Nation's 
critical infrastructure--including communications, utilities, finance, 
transportation, law enforcement, and defense. Indeed, these sectors are 
now critically reliant on the underlying IT infrastructure.
    At the same time, this revolution in connectivity has also 
increased the potential of those who would do harm, giving them the 
capability to do so from afar while armed with only a computer and the 
knowledge needed to identify and exploit vulnerabilities. Today, it is 
possible for a malicious agent to penetrate millions of computers 
around the world in a matter of minutes, exploiting those machines to 
attack the Nation's critical infrastructure, penetrate sensitive 
systems, or steal valuable data. The growth in the number of attacks 
matches the tremendous growth in connectivity, and dealing with these 
attacks now costs the Nation billions of dollars annually. Moreover, we 
are rapidly losing ground to those who do harm, as is indicated by the 
steadily mounting numbers of compromised networks and resulting 
financial losses.
    Beyond economic repercussions, the risks to our nation's security 
are clear. In addition to the potential for attacks on critical targets 
within our borders, our national defense systems are at risk as well, 
because the military increasingly relies on ubiquitous communication 
and the networks that support it. The Global Information Grid (GIG), 
which is projected to cost as much as $100 billion and is intended to 
improve military communications by linking weapons, intelligence, and 
military personnel to each other, represents one such critical network. 
Since military networks interconnect with those in the civilian sector 
or use similar hardware or software, they are susceptible to any 
vulnerability in these other networks or technologies. Thus cyber 
security in the civilian and military sectors is intrinsically linked.
    Although the large costs associated with cyber insecurity have only 
recently become manifest, the Nation's cyber security problems have 
been building for many years and will plague us for many years to come. 
They derive from a decades-long failure to develop the security 
protocols and practices needed to protect the Nation's IT 
infrastructure, and to adequately train and grow the numbers of experts 
needed to employ those mechanisms effectively. The short-term patches 
and fixes that are deployed today can be useful in response to isolated 
vulnerabilities, but they do not adequately address the core problems. 
Rather, fundamental, long-term research is required to develop entirely 
new approaches to cyber security. It is imperative that we take action 
before the situation worsens and the cost of inaction becomes even 
greater.

Summary of Findings and Recommendations

    The PITAC's recommendations on cyber security, and the findings 
upon which those recommendations are based, are summarized below.

Issue 1:  Federal Funding Levels for Fundamental Research in Civilian 
Cyber Security

    Long-term, fundamental research in cyber security requires a 
significant investment by the Federal Government because market forces 
direct private sector investment away from research and toward the 
application of existing technologies to develop marketable products. 
However, federal funding for cyber security research has shifted from 
long-term, fundamental research toward shorter-term research and 
development, and from civilian research toward military and 
intelligence applications. Research in these domains is often 
classified and the results are thus unavailable for use in securing 
civilian IT infrastructure and commercial off-the-shelf (COTS) products 
in widespread use by both government and the civilian sector. These 
changes have been particularly dramatic at the Defense Advanced 
Research Projects Agency (DARPA) and the National Security Agency 
(NSA); other agencies, such as the National Science Foundation (NSF) 
and the Department of Homeland Security (DHS), have not stepped in to 
fill the gaps that have been created. As a result, investment in 
fundamental research in civilian cyber security is decreasing at the 
time when it is most desperately needed.
    The PITAC finds that the Federal R&D budget provides inadequate 
funding for fundamental research in civilian cyber security, and 
recommends that the NSF budget in this area be increased by $90 million 
annually. Funding for fundamental research in civilian cyber security 
should also be substantially increased at other agencies, most notably 
DHS and DARPA. Funding should be allocated so that at least the ten 
specific areas listed in the ``Cyber Security Research Priorities'' 
section beginning on page 37 of Chapter 4 are appropriately addressed. 
Further increases in funding may be necessary depending on the Nation's 
future cyber security posture.

Issue 2: The Cyber Security Fundamental Research Community

    Improving the Nation's cyber security posture requires highly 
trained people to develop, deploy, and incorporate new cyber security 
products and practices. The number of such highly trained people in the 
U.S. is too small given the magnitude of the challenge. At U.S. 
academic institutions today, the PITAC estimates, there are fewer than 
250 active cyber security or cyber assurance specialists, many of whom 
lack either formal training or extensive professional experience in the 
field. In part, this situation exists because cyber security has 
historically been the focus of a small segment of the computer science 
and engineering research community. The situation has been exacerbated 
by the insufficient and unstable funding levels for long-term, civilian 
cyber security research, which universities depend upon to attract and 
retain faculty.
    The PITAC finds that the Nation's cyber security research community 
is too small to adequately support the cyber security research and 
education programs necessary to protect the United States. The PITAC 
recommends that the Federal Government intensify its efforts to promote 
recruitment and retention of cyber security researchers and students at 
research universities, with a goal of at least doubling the size of the 
civilian cyber security fundamental research community by the end of 
the decade. In particular, the Federal Government should increase and 
stabilize funding for fundamental research in civilian cyber security, 
and should support programs that enable researchers to move into cyber 
security research from other fields.

Issue 3: Translating Research into Effective Cyber Security for the 
Nation

    Technology transfer enables the results of federally supported R&D 
to be incorporated into products that are available for general use. 
There has been a long and successful history of federally funded IT R&D 
being transferred into products and best practices that are widely 
adopted in the private sector, in many cases spawning entirely new 
billion-dollar industries. Technology transfer has been particularly 
challenging in the area of cyber security, however, because the value 
of a good cyber security product to the consumer lies in the reduced 
incidence of successful attacks--a factor difficult to quantify in the 
short-term as a return on investment.
    The PITAC finds that current cyber security technology transfer 
efforts are not adequate to successfully transition federal research 
investments into civilian sector best practices and products. As a 
result, the PITAC recommends that the Federal Government strengthen its 
cyber security technology transfer partnership with the private sector. 
Specifically, the Federal Government should place greater emphasis on 
the development of metrics, models, data sets, and testbeds so that new 
products and best practices can be evaluated; jointly sponsor with the 
private sector an annual interagency conference at which new cyber 
security R&D results are showcased; fund technology transfer efforts 
(in cooperation with industry) by researchers who have developed 
promising ideas or technologies; and encourage federally supported 
graduate students and postdoctoral researchers to gain experience in 
industry as researchers, interns, or consultants.

Issue 4: Coordination and Oversight for Federal Cyber Security R&D

    One of the key problems with the Federal Government's current 
approach to cyber security is that the government-wide coordination of 
cyber security R&D is ineffective. Research agendas and programs are 
not systematically coordinated across agencies and, as a result, 
misconceptions among agencies regarding each others' programs and 
responsibilities have been allowed to develop, causing important 
priorities to be overlooked. In the absence of coordination, individual 
agencies focus on their individual missions and can lose sight of 
overarching national needs. Initiatives to strengthen and enlarge the 
cyber security research community and efforts to implement the results 
of R&D would be more effective and efficient with significantly 
stronger coordination across the Federal Government.
    The PITAC finds that the overall federal cyber security R&D effort 
is currently unfocused and inefficient because of inadequate 
coordination and oversight. To remedy this situation, PITAC recommends 
that the Interagency Working Group on Critical Information 
Infrastructure Protection (CIIP) become the focal point for 
coordinating federal cyber security R&D efforts. This working group 
should be strengthened and integrated under the Networking and 
Information Technology Research and Development (NITRD) Program.
    Chairman Boehlert. I want to welcome everyone here this 
morning to this extraordinarily important hearing. We are here 
to examine the state of federal computer science funding. That 
may sound like an arcane and even dreary subject, but what is 
at stake is nothing less than our nation's future prosperity 
and security.
    That is not an exaggeration. Information technology 
advances are responsible for our productivity and economic 
health, and information technology undergirds and facilitates 
just about every personal and commercial activity we undertake 
these days. Information technology provides not just a web, it 
is the warp and woof of our society.
    And it is too easy to take something that has become so 
basic and so omnipresent for granted. But we didn't get to 
where we are today by accident and indirection. We are the 
world leader in information technology, in part, because of 
strategic investments the Federal Government began making 
decades ago. And we will only remain the world leader if we 
continue to make the right investments.
    Let me say parenthetically, I have just come from a press 
conference with Chairman Wolf, one of the cardinals on the 
Appropriations Committee, and Dr. Ehlers of our own committee, 
and John Engler, former Secretary and Governor and now head of 
NAM [National Association of Manufacturers], and a host of 
others to reveal to the world that we are planning a conference 
on innovation later this year, and there is $1 million in the 
appropriations bill that we just passed last week. And Chairman 
Wolf, as he opened up the conference, said that he just is 
amazed at the interest in the subject matter. And he pointed 
out that last year, he was invited to a conference on 
innovation and technology out in his district, and it was the 
night of the World Series, and he said that he didn't think 
there would be many people there, because of what was happening 
up in Boston. But to his surprise, there was an overflow crowd. 
Then he introduced me, and I said, ``In your crowd, we are all 
Yankee fans.'' That is supposed to be funny. Everybody else 
laughed.
    I think there is a broad consensus, at least in theory, 
about what the Federal Government needs to be doing. We need to 
continue to follow our recipe for success. That means we need a 
balanced portfolio that includes significant funding for long-
term, fundamental computer science research, much of it at 
universities, the kind of research that has brought us the 
Internet and the World Wide Web.
    And as this committee has said repeatedly, some of that 
long-term research needs to be focused on cyber security, 
because we are not going to protect our information technology 
in today's world through a hodgepodge of patches and existing 
know-how.
    I don't think anyone disagrees with those statements. The 
question is whether current federal funding is in line with the 
theoretical consensus. And despite some rather defensive 
testimony we will hear today, one has to conclude that the 
answer to that question is ``no.''
    Current federal funding is not properly balanced. It does 
not adequately continue our historic commitment to longer-
range, more basic research in computer science, and it does not 
focus sufficiently on cyber security.
    We cannot have a situation where university researchers can 
point to sharp declines in DARPA funding, reviews of research 
results that reflect telescoped time horizons, and increased 
classification. We can not have a situation where the rates of 
proposal approvals at the National Science Foundation drop by 
half in just a few years. We can't have a situation where a 
Presidential Advisory Council declares that our information 
technology infrastructure is ``highly vulnerable'' and that 
there is ``relatively little support for fundamental research 
to address the larger security vulnerabilities.'' That is not 
just us saying that. That is the Presidential Advisory Council. 
We can not have a situation where a Pentagon Advisory Board 
similarly expresses deep concern over the lack of long-term 
computing research.
    This is not a matter of questioning the budget--the policy 
or budget of any single agency. This is a matter of having a 
critical, high-profile national need that is not being 
addressed by an overall coordinated federal policy or by 
overall federal spending.
    I know we are operating in a time of major fiscal 
constraints. I know we have a war on. But I think Dr. Wulf 
makes an important point in his testimony when he notes that if 
we had similarly narrowed our focus during the Vietnam War, we 
probably wouldn't have the Internet or the other computing 
technology we take for granted today. And incidentally, the 
technology that was the leading reason for why we had such a 
successful '90s, year after year of record growth and profits, 
and the economy was stimulated and moving along and all based, 
essentially, on our investment in information technology.
    So I hope we can have a robust and open discussion today 
about what specifically we can all do to ensure that we have a 
more balanced, better focused computer science portfolio that 
will, among other things, enhance funding of cyber security 
research. The status quo is simply unacceptable.
    This committee has long been a leader in pushing the 
Federal Government to move ahead in computer science, whether 
that meant helping to create NSF's supercomputer centers or 
passing the Cyber Security Research and Development Act.
    I know that all of our witnesses today care about these 
issues just as much as we do, and indeed spend far more of 
their time working on them. Together, we need to come up with a 
plan to get us back on a path that has brought us the 
information technology on which we have become utterly reliant.
    Mr. Davis.
    [The prepared statement of Chairman Boehlert follows:]

          Prepared Statement of Chairman Sherwood L. Boehlert

    I want to welcome everyone here this morning to this 
extraordinarily important hearing. We're here to examine the state of 
federal computer science funding. That may sound like an arcane and 
even dreary subject, but what's at stake is nothing less than our 
nation's future prosperity and security.
    That's not an exaggeration. Information technology advances are 
responsible for our productivity and economic health, and information 
technology undergirds and facilitates just about every personal and 
commercial activity we undertake these days. Information technology 
provides not just a web, it is the warp and woof of our society.
    And it is too easy to take something that has become so basic and 
so omnipresent for granted. But we didn't get to where we are today by 
accident and indirection. We are the world leader in information 
technology, in part, because of strategic investments the Federal 
Government began making decades ago. And we will only remain the world 
leader if we continue to make the right investments.
    In theory at least, I think there's a broad consensus about what 
the Federal Government needs to be doing. We need to continue to follow 
our recipe for success. That means we need a balanced portfolio that 
includes significant funding for long-term, fundamental computer 
science research, much of it at universities--the kind of research that 
has brought us the Internet and the World Wide Web.
    And as this committee has said repeatedly, some of that long-term 
research needs to be focused on cyber security because we're not going 
to protect our information technology in today's world through a hodge-
podge of patches and existing know-how.
    I don't think anyone disagrees with those statements. The question 
is whether current federal funding is in line with the theoretical 
consensus. And despite some rather defensive testimony we'll hear 
today, one has to conclude that the answer is ``no.''
    Current federal funding is not properly balanced. It does not 
adequately continue our historic commitment to longer-range, more basic 
research in computer science, and it does not focus sufficiently on 
cyber security.
    We cannot have a situation where university researchers can point 
to sharp declines in DARPA funding, reviews of research results that 
reflect telescoped time horizons, and increased classification. We 
cannot have a situation where proposal approval rates at the National 
Science Foundation (NSF) drop by half in just a few years. We cannot 
have a situation where a Presidential advisory council declares that 
our information technology infrastructure is ``highly vulnerable'' and 
that there is ``relatively little support for fundamental research to 
address the larger security vulnerabilities.'' We cannot have a 
situation where a Pentagon advisory board similarly expresses deep 
concern over the lack of long-term computing research.
    This is not a matter of questioning the policy or budget of any 
single agency. This is a matter of having a critical, high-profile 
national need that is not being addressed by an overall, coordinated 
federal policy or by overall federal spending.
    I know we are operating in a time of major fiscal constraints. I 
know we have a war on. But I think Dr. Wulf makes an important point in 
his testimony when he notes that if we had similarly narrowed our focus 
during the Vietnam War, we probably wouldn't have the Internet or the 
other computing technology we take for granted today.
    So I hope we can have a robust and open discussion today about what 
specifically we can all do to ensure that we have a more balanced, 
better focused computer science portfolio that will, among other 
things, enhance funding of cyber security research. The status quo is 
simply unacceptable.
    This committee has long been a leader in pushing the Federal 
Government to move ahead in computer science, whether that meant 
helping to create NSF's supercomputer centers or passing the Cyber 
Security Research and Development Act. I know that all our witnesses 
today care about these issues just as much as we do--and indeed spend 
far more of their time working on them.
    Together, we need to come up with a plan to get us back on a path 
that has brought us the information technology on which we have become 
utterly reliant.
    Mr. Davis.

    Mr. Davis. Chairman Boehlert, thanks for calling the 
hearings today to review the state of computer science research 
in our country. It certainly is an important occasion and 
something that we have needed for some time, and I applaud you 
and your efforts in bringing together the panel that we have 
today that will be giving testimony.
    This subject, certainly, is an important one. I would like 
to point at a chart that has appeared in several reports, and 
which Dr. Wulf includes in his testimony.
    [Chart.]
    This chart is from a 1995 National Academy of Sciences 
report on the value of the federal, multi-agency High 
Performance Computing and Communications programs, which this 
committee helped establish in 1991.
    This chart traces the intertwined government and private 
sector research efforts that ultimately led to the development 
of the information technology industry, such as the Internet, 
graphic user interfaces, and relational databases. This chart 
reminds us that computer science research has resulted in 
substantial payoffs for our economy and our country.
    Research investments require patience and long-term vision 
in order to gain these particular payoffs. The chart shows that 
it takes as much as 15 years or more for early research 
investments to bear fruits and turn into a billion-dollar 
commercial market.
    Years ago, this Science Committee recognized the importance 
of sustained and coordinated federal support for research to 
advance these technologies. This Science Committee also 
recognized the importance of support for basic research in 
computer science that fuels these advances in technology.
    Chairman Boehlert, I am pleased that this hearing has been 
called to inquire about the current state of the health for 
federal support for fundamental, long-term research in computer 
science. We have heard the concerns from the research community 
that agency roles in support of computing science research are 
changing and that these changes have led to declining funding 
for fundamental, university-based research.
    The changes appear to be driven by DARPA's move toward more 
applied, results-driven research. We will have the opportunity 
to discuss this today with the DARPA Director, and I would like 
to welcome Dr. Tether to the hearing today. I look forward to 
your testimony, and for additional funding in the future.
    Also today, we will look at cyber security research; 
research that keeps the Internet and our computers safe.
    The President's Information Technology Advisory Committee 
has recently released a critique of cyber security research. 
This critique raises a number of concerns and makes several 
recommendations.
    I am pleased to have Dr. Marburger here today to give the 
Administration's response to this report. I would also like to 
hear the Administration's views on the current priorities, 
agency roles, and funding support levels for basic computer 
science research.
    As stated earlier, the subject of this hearing demands our 
attention because of the impact of information technology on 
the Nation, now and in the future.
    We can't afford to squander our technological edge in a 
field that will only grow more in importance.
    Mr. Chairman, I want to join you in welcoming our 
distinguished guests, and I certainly look forward with much 
anticipation to the discussion to follow.
    [The prepared statement of Mr. Davis follows:]

           Prepared Statement of Representative Lincoln Davis

    Mr. Chairman, thank you for calling this hearing to review the 
state of computer science research in the U.S.
    This subject is an important one. I would like to point out a chart 
that has appeared in several reports, and which Dr. Wulf includes in 
his testimony. The chart is from a 1995 National Academy of Sciences 
report on the value of the federal, multi-agency High-Performance 
Computing and Communications program, which this committee helped 
establish in 1991.
    This chart traces the intertwined government and private sector 
research efforts that ultimately led to the development of the 
information technology industry--such as the Internet, graphic user 
interfaces, and relational databases.
    This chart reminds us that computer science research has resulted 
in substantial payoffs for our economy. Research investments require 
patience and long-term vision in order to gain these payoffs. The chart 
shows that it can take 15 years or more for early research investments 
to bear fruit and turn into a billion dollar commercial market.
    Years ago, the Science Committee recognized the importance of 
sustained and coordinated federal support for research to advance these 
technologies. The Science Committee also recognized the importance of 
support for basic research in computer science that fuels these 
advances in technology.
    Mr. Chairman, I am pleased that this hearing has been called to 
inquire about the current state of health for federal support for 
fundamental, long-term research in computer science.
    We have heard concerns from the research community that agency 
roles in support of computer science research are changing, and that 
these changes have led to declining funding for fundamental, 
university-based research.
    The changes appear to be driven by DARPA's move toward more 
``applied,'' results-driven research. We will have the opportunity to 
discuss this today with the DARPA Director, and I would like to welcome 
Dr. Tether to the hearing.
    Also today, we will look at cyber security research. Research that 
keeps the Internet and our computers safe.
    The President's Information Technology Advisory Committee has 
recently released a critique of cyber security research. That critique 
raises a number of concerns and makes several recommendations.
    I am pleased to have Dr. Marburger here today to give the 
Administration's response to this report. I would also like to hear the 
Administration's views on the current priorities, agency roles, and 
funding support levels for basic computer science research.
    As I said earlier, the subject of this hearing demands our 
attention because of the impact of information technology on the 
Nation, now and in the future.
    We cannot afford to squander our technological edge in a field that 
will only grow in importance.
    Mr. Chairman, I want to join you in welcoming our distinguished 
witnesses, and I look forward to our discussion.

    Chairman Boehlert. Thank you very much, Mr. Davis.
    [The prepared statement of Mr. Costello follows:]

         Prepared Statement of Representative Jerry F. Costello

    Good morning. I want to thank the witnesses for appearing before 
our committee to review the current state and future prospects for 
computer science research in the U.S., with a focus on federal agency 
roles and responsibilities. In addition, today's hearing will examine 
the findings and recommendations of the President's Information 
Technology Advisory Committee (PITAC) report on cyber security 
research.
    Basic research in computer science has changed. As a result, 
opportunities for advancements in information technologies have been 
delayed, due to a drop in funding. I am concerned that the long-term 
impact of inadequate support for such research could harm the economy 
and have adverse consequences for national defense. Defense Advanced 
Research Projects Agency (DARPA) has been the lead sponsor of basic 
research in computer science to assess advances in information 
technology. Over the past few years, DARPA appears to have shifted its 
primary focus and objective. Between fiscal year 2001 and fiscal year 
2004, DARPA support for university-based, non-classified research 
dropped by over 40 percent, from $214 million to $123 million. This had 
a significant impact on the university research community. 
Consequently, the National Science Foundation (NSF) was deferred to as 
the principal federal sponsor of basic research in computer science. 
Although NSF received a large increase in research funding requests, 
its success rate began to decline from 31 percent in 1999 to 16 percent 
in 2004. I am interested in learning what efforts are being made by the 
Administration to adjust and rebalance research support for non-
classified, long-term computer science research as DARPA moves toward 
support for classified, near-term research.
    Secondly, the Committee will review the findings and 
recommendations of the recent PITAC cyber security report. It is my 
understanding that the report finds a serious under-investment in cyber 
security research. The recommended funding increase was for $90 million 
per year at NSF and significant increases for non-classified research 
at DARPA and DHS. Additionally, the report suggested that the focus on 
short-term, military classified, and academic research are below 
critical mass. Therefore, it is important to determine if increased 
funding for academic cyber security research would automatically 
increase the size and vitality of the research community.
    I welcome the panel of witnesses and look forward to hearing their 
testimony today.

    [The prepared statement of Ms. Johnson follows:]

       Prepared Statement of Representative Eddie Bernice Johnson

    Thank you Chairman Boehlert and Ranking Member Gordon for calling 
this very important hearing. I also wish to thank our expert witnesses 
for agreeing to testify today.
    The purpose of the hearing is to review the current state and 
future prospects for computer science research in the U.S., with a 
focus on federal agency roles and responsibilities.
    We all agree that a skilled workforce is the essential fuel to 
propel the economy and ensure a high quality of life. The success of 
our nation's economy depends on us producing a scientifically literate 
workforce.
    Unfortunately, the budget submitted to us from the administration 
could possibly put us at risk of reversing all the wonderful computer 
science research programs that drove the our economy to the greatness 
we witnessed in the 1990's.
    In the past, the Defense Advanced Research Projects Agency has 
poured billions of dollars into universities to pay for fundamental 
research of what would become the building blocks of computing, 
Internet and countless other high-tech endeavors.
    But while DARPA spending on basic computer science research has 
risen from $546 million in fiscal 2001 to $583 million, the cut of it 
going toward to academic institutions has fallen from $214 million to 
$123 million during the same period.
    Researchers say the shift already is affecting other research 
agencies such as the NSF, which has seen its own budget increases slow 
down in recent years.
    DARPA's funding shift comes at a time when foreign governments are 
boosting their basic research efforts and as U.S. companies have cut 
back theirs. In fact, many U.S. companies partner with universities, 
which in part rely on government funding and which produce the 
scientists who eventually might create new companies or work in a 
corporate lab.
    We cannot hope to educate tomorrow's employees and managers without 
more basic research into what works in the classroom. Our technology-
based society is under constant change and additional research will 
help us master these changes.
    That being said, I hope our witnesses can help us today by 
providing light on how we can maintain our status in the worldwide 
technology industry with our government support or lack there of 
computer science research.

    [The prepared statement of Mr. Carnahan follows:]

           Prepared Statement of Representative Russ Carnahan

    Mr. Chairman and Mr. Ranking Member, thank you for hosting this 
important hearing.
    I represent the third district of Missouri, home to both Washington 
University of St. Louis and the University of Missouri at St. Louis. 
Both of these institutions are a great resource to our country, 
excelling in computer science research, and have received millions of 
dollars worth of funding through NSF's computer science awards. I am 
proud of the work being done within my congressional district and 
beyond.
    NSF and DARPA house enormously important programs. In fact, they 
have been the driving force behind the Federal Government's role and 
our nation's role in the computer science field. If we wish to maintain 
our global role in this field we need to assess whether or not our 
priorities and allocated resources for NSF and DARPA are appropriate.
    I welcome our witnesses to our committee today and look forward to 
hearing their testimony. Thank you.

    [The prepared statement of Ms. Jackson Lee follows:]

        Prepared Statement of Representative Sheila Jackson Lee

    Chairman Boehlert, Ranking Member Gordon,

    I want to thank you for organizing this important hearing to 
discuss the future of computer science research in the United States. 
Unfortunately, it seems we once again have to discuss a vital area in 
science that is receiving less federal funding than it needs. Computer 
Sciences must be made central to research at academic institutions for 
the long term well-being of our nation.
    Mr. Chairman, I could understand that maybe thirty years ago we 
would not comprehend the need to fund computer science research. It's 
been a recent phenomenon in computer science when the home computer and 
the Internet came to change the face of our nation and indeed the 
world. It seems now that almost every child born learns to type on a 
keyboard and surf the web before they even learn how to ride a bicycle. 
Such is the new age we live in, computers are not only essential to our 
livelihoods, but in fact they have become completely ingrained in our 
day-to-day tasks. For example, it is not impossible now to buy a car 
that not only has a computerized system in it, but one that can give 
you pinpoint directions, play music beamed from a satellite and give 
you updated stock quotes and sports scores. The point is that maybe 
thirty years ago we could plead ignorance to the possibilities of 
computer science; perhaps it all seemed a bit far fetched. But the fact 
today is that we can not plead ignorance to the power of computer 
science and our dependence on this research is only going to grow 
larger not smaller as time goes on and I believe our nation would be at 
a great disadvantage to fall behind in this vital research.
    I am troubled to learn that the Defense Advanced Research Projects 
Agency (DARPA) is now scaling back its computer science research from 
long-term, non-classified research to classified research to meet near-
term defense requirements. Between FY 2001 and FY 2004, DARPA support 
for university-based, non-classified research dropped by over 40 
percent, from $214 million to $123 million. Meanwhile, it seems the 
entire burden of computer science research is being put on NSF. In 
fact, last year NSF supported 86 percent of federal obligations for 
fundamental research in IT at academic institutions. At the same time 
that NSF has seen a large increase in research funding requests, it has 
also seen an accompanying decline in proposal success rate from 31 
percent to 16 percent. For cyber security research proposals, the 
success rate for FY 2004 was a measly eight percent. The United States 
of America cannot stand for mediocrity in the critical area of computer 
science.
    Computer science research is not only essential for our economic 
and technological development, but it is indeed essential for our 
national security. The amount of information that travels through the 
Internet and cyberspace on a daily basis is astounding. Because so much 
information travels through cyberspace it increases our vulnerability. 
As I said, our dependence on computers is only going to grow larger as 
time goes on; therefore we need to work now to close all the security 
gaps before our reliance on technology can be used against us. Less 
than two months ago, the President's Information Technology Advisory 
Committee (PITAC) released their report Cyber Security: A Crisis of 
Prioritization. Among the recommendations they made is that Congress 
and the Administration should substantially increase funding for 
fundamental research in civilian cyber security at a number of 
agencies, especially NSF, DARPA, and the Department of Homeland 
Security (DHS). In particular, the report recommends that funding for 
cyber security research at NSF be increased by $90 million annually. I 
have been in full support of these cyber security initiatives, both 
here in the Science Committee as well as in the Homeland Security 
Committee, where I am a Member. This kind of Homeland Security can not 
wait another day; any delay we take now will be a huge risk for our 
security in the future.
    While I am unsatisfied by the status of computer science research 
being conducted on the federal level, I am also disturbed by the lack 
of female and minority representation in the field of computer science. 
The statistics show that women and minorities are not being 
proportionally represented in academia when it comes to computer 
science. In 2003, women represented barely over 20 percent of the 
computer science doctoral degrees granted. The same statistics show 
that in 2003 the White population made up about 70 percent of the 
doctoral degrees granted to U.S. citizens and permanent residents. At 
the same time, Asian/Pacific Islanders made up about 20 percent of the 
doctoral degrees granted, but Blacks, Hispanics and American Indian/
Native Alaskans made up less than five percent of the doctoral degrees 
granted. These statistics are very discouraging and show that we are 
not reaching out to our entire population. Indeed, the problem starts 
in the classroom, where many under-privileged youth do not have nearly 
the same access to computers and the Internet. If they don't have this 
background at an early age, its not surprising that they don't pursue 
the field in higher education and later in life.
    We simply can not allow our nation to fall behind in computer 
science. We must utilize our entire population including women, 
minorities and the under-privileged. Our discoveries of the last few 
decades have changed the face of the world, but we must continue down 
this path if we are to prosper for the future.
    Thank you.

    Chairman Boehlert. And what a distinguished panel it is, 
all veterans, appearing before this committee. So you know how 
we work, we are not going to be arbitrary with the clock, but 
when you see the red light go on, if you would begin to 
summarize where you are, and then that will allow us more time 
for questions.
    We have before us Dr. John H. Marburger, III, Director of 
the Office of Science and Technology Policy, The White House. 
Dr. Marburger, it is good to have you here. Dr. Anthony J. 
Tether, Director, Defense Advanced Research Projects Agency. 
Dr. Tether--and incidentally, you should know that within the 
past two weeks, I have had occasion on two separate--in two 
separate instances to speak with Secretary Rumsfeld and General 
Myers, and in both instances, I expressed to him my 
apprehensive and concern about the BRAC list tomorrow. The 
rumor mill suggests that there might be undue cuts in the 
laboratory complexes under DOD, and that would be very 
shortsighted indeed. I hope you guys share my concern about 
that. And hope the rumor mill is wrong. And invariably, it is 
wrong, but let us hope it springs eternal.
    We have Dr. William Wulf, President, National Academy of 
Engineering who is so helpful as a resource to this committee. 
And Dr. Wulf, it is good to see you back.
    And Dr. Tom Leighton, Chief Scientist and Co-founder of 
Akamai Technologies.
    Gentlemen, it is a pleasure to have you here.
    Dr. Marburger, you are first up.

 STATEMENT OF DR. JOHN H. MARBURGER, III, DIRECTOR, OFFICE OF 
         SCIENCE AND TECHNOLOGY POLICY, THE WHITE HOUSE

    Dr. Marburger. Thank you very much, Mr. Chairman. I am 
pleased to have this opportunity to talk about federal support 
for computer science research in the United States, and I want 
to begin by saying that federally-sponsored R&D in networking 
and information technologies is an Administration priority. 
These technologies support advances in every area of science 
and engineering and generate further new capabilities that fuel 
our economy.
    The Administration recognizes the importance of these 
fields and highlights the multi-agency Networking and 
Information Technology Research and Development Program, which 
I am going to refer to as NITRD in my oral testimony, as an R&D 
priority in the President's budget.
    The 9/11 terrorist attacks and the war against terrorism 
have influenced our current thinking about these fields. 
Networking and information technology R&D investments for 
national defense, national security, and homeland security have 
received high priority in Administration actions. So this work 
is classified, for obvious reasons.
    These new demands, however, have not affected our 
commitment to the central role of the NITRD program in filling 
the pipeline of skilled people and innovative ideas we need for 
national security, economic competitiveness, and scientific 
leadership in the future.
    The 2006 budget proposal of $2.2 billion for the NITRD 
program raises the Administration's cumulative five-year 
investment in this activity over the $10 billion mark to $10.4 
billion. Despite significant program redirections, the NITRD 
budget basically holds steady in the President's fiscal year 
2006 budget.
    This Administration supports breadth and diversity in the 
NITRD programs, which we view as an important strength. 
Especially at a time of budget constraints, NITRD's multi-
agency collaborative approach strongly supports spending 
efficiency by leveraging each agency's expertise, minimizing 
duplicative efforts and enabling results that no single agency 
could achieve.
    As this committee knows, we did act to address concern 
about one NITRD program area. My office chartered the High End 
Computing Revitalization Task Force in 2003 to provide a new 
vision for this increasingly important sector of information 
technology. The Task Force produced an excellent report, and 
the Administration strongly encourages this long-term 
revitalization effort.
    The report defined a roadmap that identifies key research 
challenges in hardware, software, and systems technologies. 
Federal supercomputing capabilities clearly are critical to our 
national defense and national security missions as well as for 
leading-edge scientific research and more broadly for economic 
innovation and U.S. leadership in science and technology.
    One of the first developments to emerge from the Task Force 
activity is a new multi-agency program, the High End Computing 
University Research Activity, supported by DARPA, DOE, NSA, and 
NSF that funds university-based R&D in high-end applications 
and system software. This program was launched quickly in 
fiscal year 2004, resulting in 34 grants with total funding of 
$27.3 million over three years.
    Information security and assurance and the management of 
large data flows are two important priorities for this program 
and are further described in my written testimony. I won't say 
more about them here.
    But regarding these priorities, in March 2004, my office 
asked the President's Information Technology Advisory Council 
to undertake an examination of the federal role in cyber 
security R&D and PITAC, which is the acronym for that council, 
responded with a useful report.
    We began to respond to the report's findings and 
recommendations as soon as we heard about them; we did not wait 
until the report appeared. As soon as we were aware of some of 
their concerns, we did begin to act. We agree with PITAC that 
improved coordination of federal cyber security R&D activities 
can increase the efficiency and effectiveness of the 
government's investment in this area. My office is facilitating 
the report's recommendation to integrate the National Science 
and Technology Council's Interagency Working Group on Critical 
Information Infrastructure Protection R&D with the NITRD 
program.
    And also before PITAC's final report was released, that 
program, Critical Information Infrastructure Protection, had 
begun the process of defining our top cyber security R&D needs 
and mapping these against current activities. We take very 
seriously the vulnerabilities in critical U.S. infrastructures 
pointed to by the report and continue to evaluate PITAC's 
recommendations regarding other steps that can be taken to 
enhance the effectiveness of federal efforts in cyber security.
    For several years, the National Science Foundation, the 
agency with the broadest science portfolio, has been the lead 
agency in the NITRD program. My written testimony includes much 
more detail on their programs, but over the past five years, 
NSF's NITRD budget has risen nearly 25 percent, from $643 
million in fiscal year 2002 to $803 million in fiscal year 
2006.
    Over the same period, DARPA's much smaller NITRD program 
budget has declined 33 percent from $263 million in 2002 to 
$176 million in 2006, reflecting their priority changes. Dr. 
Tether will provide more detail on these changes in his 
testimony, but I want to emphasize that computer science has 
developed very significantly since DARPA provided early 
stimulation to this field. And its current breadth justifies a 
new pattern of funding within DOD and among agencies in 
general.
    In this connection, the President's fiscal year 2006 budget 
request tasks the National Coordination Office for NITRD and 
the NITRD agencies to commission a study by the National 
Academies that identifies important scientific questions and 
technical problems for which an extraordinary advancement in 
our understanding is difficult or impossible without leading-
edge computing capabilities.
    I want to thank the Committee for its attention to this 
important subject, and I will be happy to answer additional 
questions.
    [The prepared statement of Dr. Marburger follows:]

              Prepared Statement of John H. Marburger, III

    Chairman Boehlert, Ranking Minority Member Gordon, and Members of 
the Committee. I am pleased to appear before you today to discuss the 
critical role of computer science research in the Federal Government's 
research and development (R&D) investment portfolio. As ever, I much 
appreciate the effective ongoing interactions between our office and 
your committee, which I believe ultimately benefit the Nation's science 
and technology enterprise.
    Federal R&D in networking and information technologies has been and 
continues to be one of the Administration's highest R&D priorities. It 
is our view that these technologies provide a foundation for advances 
in virtually every other area of science and technology and generate 
myriad new capabilities and tools that grow our economy and make it 
more productive. Because of their unique role--as universal enablers 
for advanced science, engineering, and technology--networking and 
information technologies constitute a strategic component of the 
Nation's 21st century infrastructure. The Administration clearly 
recognizes that, and highlights this area as an R&D priority in the 
President's budget.
    Before I address your specific questions, I would like to lay out 
what I believe is the broad context for our discussion. When I appeared 
before you in February to testify about the President's FY 2006 R&D 
budget, I acknowledged that it was subject to considerable pressure, 
making it the tightest proposal in nearly two decades. The President is 
committed to winning the war against terrorism, while moderating the 
growth in overall spending and cutting the deficit in half as a share 
of the GDP by 2009. These important goals obviously affect budget 
choices. So I was pleased to report to you that, despite these 
pressures, overall funding for Federal R&D increases to a record $132 
billion in the President's FY 2006 budget--the highest level of 
government support for R&D in the world and a 45 percent increase over 
FY 2001's total of $91 billion.
    Let me also note here my belief that the overall health of U.S. 
science and technology today is strong. We are spending three times as 
much as Japan on R&D and half again as much as all the European nations 
combined. Our FY 2006 R&D budget is three-quarters of a billion dollars 
higher than our FY 2005 request.
    This basically strong and stable environment for U.S. R&D does not 
obviate the need to assure that we are spending federal research 
dollars wisely and effectively. That entails planning to establish 
priorities and shifting funds in an orderly way toward the high-
priority programs. Well-designed budgets will therefore inevitably have 
reductions as well as increases within large clusters of programs such 
as those in the R&D portfolio. These considerations are especially 
important during a time of significant fiscal constraints.
    Now let me turn to your questions.
    The first question asks about Administration priorities and how 
they have changed in the last five years. Clearly, the Administration's 
priorities in networking and information technology R&D were 
dramatically affected by 9/11 and the war against terrorism. Networking 
and information technology R&D investments for national defense, 
national security, and homeland security purposes received highest 
priority. Some of this work is classified for obvious reasons.
    The 2006 budget proposal of $2.2 billion for the multi-agency 
Networking and Information Technology Research and Development (NITRD) 
Program--the Federal Government's primary vehicle for long-term, 
fundamental R&D in networking, computing systems, software, and related 
information technologies--puts the Administration's cumulative five-
year investment in the NITRD activity over the $10-billion mark, to 
$10.4 billion. Despite significant program re-directions, the NITRD 
budget basically holds steady in the President's FY 2006 Budget.
    As our NITRD budgets make clear, this Administration supports the 
breadth and diversity of the NITRD program's research interests. We 
view the scope of NITRD activities as one of the program's great 
strengths--encompassing work to advance high-performance computing and 
high-speed networking architectures for leading-edge research, to 
improve the quality and cost-effectiveness of software, to increase the 
security and reliability of computing and networking infrastructure, 
and to understand the implications of new technologies for education, 
workforce development, and social structures. Especially at a time of 
budget constraints, NITRD's multi-agency collaborative approach 
strongly supports spending efficiency, by leveraging each agency's 
expertise, minimizing duplicative efforts, and enabling results--such 
as prototype all-optical networks--that no single agency could achieve.
    We consider all the NITRD activities to be of high priority, for 
precisely the reason that there is no other broad-based, fundamental IT 
R&D effort of the kind anywhere in this country. NITRD is a national 
resource.
    We did, as you know, act to address concern about one NITRD domain. 
When my office chartered the High End Computing Revitalization Task 
Force (HECRTF) in 2003, it was in the recognition that the Federal R&D 
effort in high-end computing for vital federal missions was in need of 
a new vision and fresh approaches. The Task Force produced a first-rate 
report, which I was delighted to present to your committee on May 10, 
2004. The Administration strongly encourages this long-term 
revitalization effort guided by a roadmap that points to the key 
research challenges in hardware, software, and systems technologies. 
Federal supercomputing capabilities clearly are critical for our 
national defense and national security missions, as well as for 
leading-edge scientific research, and more broadly for economic 
innovation and U.S. leadership in science and technology.
    It is relevant to your inquiries that one of the first developments 
to emerge from the Task Force activity is a new multi-agency program, 
the High End Computing University Research Activity (HEC-URA) supported 
by the Defense Advanced Research Projects Agency (DARPA), the 
Department of Energy (DOE), the National Security Agency (NSA), and the 
National Science Foundation (NSF), that funds university-based R&D in 
high-end applications and system software. This program was launched 
quickly in FY 2004, resulting in 34 grants with total funding of $27.3 
million over three years.
    The high-end computing plan also extends access to the Nation's 
fastest, most powerful computing platforms to the national research 
community. The 2005 and 2006 budgets fund investments by the National 
Aeronautics and Space Administration (NASA) and the DOE Office of 
Science in advanced supercomputing systems whose management will 
include time allocations for outside researchers selected on a 
competitive basis. The concept of ``national user facilities,'' being 
tested with these first two platforms, will itself have a galvanizing 
positive effect on the U.S. research community.
    Another indication of the Administration's interest in the HEC area 
is that we have re-chartered NITRD's HEC Coordinating Group as an 
Interagency Working Group (IWG), calling for agency membership at a 
higher level of membership with increased agency commitment.
    Two important priorities for NITRD are information security and 
assurance and the management of enormous data flows.
    First, assuring the security, safety, and highly dependable 
performance of systems, networks, and software in critical applications 
and infrastructures is one of the most significant and difficult 
challenges in information technology R&D. The technical complexity of 
these systems continues to grow rapidly in two directions--ever-larger 
systems of systems involving thousands of processors and ever-smaller 
embedded systems and networks of embedded systems. NITRD agencies are 
doing critical work toward next-generation software, system, and 
network engineering that incorporates high assurance levels from the 
ground up, and even ``self-healing'' capabilities.
    We currently rely on systems that are fragile, attackable, failure-
prone, and often impossible to troubleshoot. The risks of such problems 
in safety- and life-critical applications are clear. This is an 
extremely valuable NITRD focus, carried out across several of its major 
research areas (Large Scale Networking, High Confidence Software and 
Systems, Human-Computer Interaction and Information Management, and 
Software Design and Productivity).
    Second, advanced technologies are required for dealing with the 
overwhelming volume of information currently being generated. This 
NITRD research tackles the subjects of how technologies can help us 
capture and process information (such as multi-modal language 
translation and video, sound, and signal recognition), and how 
technologies can help us integrate and make sense of vast amounts of 
heterogeneous data in multiple formats (complex data sets). These 
capabilities are critical not only in military and national security 
environments but increasingly so in civilian applications such as 
health care, emergency response, education, and research across the 
spectrum including in the private sector.
    To summarize, the Administration's overall R&D investments clearly 
have been affected by the Nation's move to a war footing after 9/11. 
Needs in the national defense, national security, and homeland security 
arenas have been immediate and great. However, these new demands have 
not affected our commitment to the central role of the NITRD Program in 
filling the pipeline of skilled people and innovative ideas we need for 
national security, economic competitiveness, and scientific leadership 
in the years to come.
    The second question asked about the relative roles of NSF and DARPA 
and changes to these roles.
    NSF has for several years been the lead agency in the NITRD 
Program. Over the last five years, NSF's NITRD budget has risen nearly 
25 percent, from $643 million in FY 2002 to $803 million in FY 2006. 
Over the same period, DARPA's NITRD budget has declined 33 percent, 
from $263 million in FY 2002 to $176 million in FY 2006, reflecting 
priority changes. Dr. Tether will comment in his testimony on the 
specifics involved.
    As the only federal research agency with a broad mission to advance 
both research and education across the physical and social sciences, 
mathematics, engineering, and technology, NSF plays a unique and 
invaluable role in the overall Federal R&D portfolio, and certainly in 
its NITRD activities. The National Science Foundation funds high-risk, 
long-term, basic research, and it is the only agency supporting that 
kind of R&D in all the core areas of the NITRD program. The agency 
identifies the most promising award candidates through a peer-based 
merit review process and makes awards to single investigators, teams, 
and center-scale projects. These grants permit investigators to explore 
promising new research opportunities as they arise, provide funding for 
projects exploring large-scale, experimental systems, and help educate 
future generations of computer scientists and provide workforce 
preparation for others.
    In the national IT R&D community, NSF plays a powerful leadership 
role, constantly working to identify emerging research needs and 
innovative directions across the spectrum of networking and computing 
R&D and then developing programs to encourage fresh thinking among 
researchers and students at colleges and universities. The NSF 
leadership has compiled a remarkable track record of timely, successful 
initiatives to maintain leadership in information technology. Specific 
examples of initiatives follow:
    The five-year Information Technology Research (ITR) program, whose 
concluding grants were awarded in FY 2004, was a foundation-wide 
initiative explicitly designed to promote multi-disciplinary research 
by expanding computer science R&D into new areas. The program's novel 
requirements--that proposing teams cross disciplinary boundaries and 
include computer scientists in proposals addressing multi-disciplinary 
problems--produced good results, not only for multi-disciplinary 
inquiry--an increasingly important aspect of research problem solving--
but for integration of computer science applications into all NSF's 
science and engineering directorates.
    A recent committee of visitors convened to review ITR found that 
the program enabled many ``best-of-breed ideas'' and resulted in 
significant community building across disciplines.
    Beginning in FY 2004, NSF established a cross-cutting emphasis to 
encourage the study of the vulnerabilities of networked computing 
systems. Although this has been a longstanding concern of the NITRD 
agencies, NSF's Cyber Trust program crystallized the need for new 
approaches to cyber security, and also began addressing the national 
shortage of IT specialists with cyber security training. With the 
addition of the Cyber Trust program, funding for cyber security 
research at NSF has risen from $57 million in FY 2004 to $70 million in 
the President's 2006 budget. In FY 2005, NSF is also launching a new 
Science and Technology Center devoted to cyber security R&D, which I 
describe below.
    NSF is also playing a key role in the NITRD high confidence 
software and systems work that I cited earlier. NSF's Science of Design 
theme is supporting development of a rigorous scientific base for 
greatly improved methods and tools for building software-intensive 
systems; this effort is funded at $10 million in 2005 and 2006. And in 
2006, NSF plans to work with other NITRD agencies in a project to 
develop a prototype real-time embedded operating system.
    In its five-year Network Middleware Initiative (NMI), NSF is 
spurring innovation in another core computer science area--the evolving 
layer of services that resides between the network and more traditional 
applications and enables networked computing systems to interact 
transparently with the network and other networked resources. 
Middleware is a critical component of scientific computing that NSF has 
stepped in to improve.
    In 2006, NSF will begin a new $10-million program--Broadening 
Participation in Computing--to increase the number of domestic students 
receiving degrees in computer science.
    It is clear that NSF is steadfastly and imaginatively pursuing its 
mission in information technology.
    The third question concerned the Administration response to the 
President's Information Technology Advisory Committee (PITAC) report on 
cyber security.
    In March 2004, my office asked PITAC to undertake an examination of 
the federal role in cyber security R&D so that we could better 
understand what steps are needed to advance the Administration's 
priority goals of strengthening national and homeland security. During 
PITAC's study, we asked for and received support from the Office of 
Management and Budget in identifying federal agencies' cyber security-
related R&D investments, which remain very difficult to pinpoint 
because cyber security activities are not always clearly delineated or 
called out within broader programs, and, when they can be identified, 
it can still be difficult to estimate the extent to which the 
activities are related to IT and security and research.
    OSTP much appreciates the PITAC's review of this extremely 
important topic. As I told PITAC members at their April 14 meeting, we 
began to respond to the report's findings and recommendations long 
before the published report appeared.
    We agree with the PITAC that improved coordination of federal cyber 
security R&D activities is key to increasing the efficiency and 
effectiveness of the government's investments in this area. I am 
pleased to report that my office is facilitating one of the report's 
principal recommendations: integration of the National Science and 
Technology Council's (NSTC's) Interagency Working Group on Critical 
Information Infrastructure Protection (CIIP) R&D with the NITRD 
Program. Under the new structure, the CIIP IWG will have a broader 
charter integrating it with NITRD and providing for dual reporting to 
the NSTC's Subcommittees on Infrastructure and on Networking and 
Information Technology R&D. The results will be better coordination 
among researchers from diverse Federal IT security communities, higher 
visibility for this vital area of Federal R&D, and an improved capacity 
to gauge the progress we are making toward new security technologies 
for our computing and networking infrastructures.
    Also, before PITAC's final report was released, the CIIP had begun 
the process of defining our top cyber security R&D needs and mapping 
those against current activities. This is crucial if we are to better 
address the critically important issue of defining priorities.
    I wish to call your attention to a recent NSF announcement to 
establish in FY 2005 a new Science and Technology Center devoted to 
cyber security R&D. Led by the University of California, Berkeley, the 
multi-institutional collaborative effort will investigate key issues of 
computer trustworthiness in an era of increasing attacks at all levels 
on computer systems and information-based technologies.
    My office continues to evaluate PITAC's findings and 
recommendations regarding other specific steps that can be taken to 
enhance the effectiveness of federal efforts in cyber security. 
Certainly, the vulnerabilities in critical U.S. infrastructures pointed 
to by the report need to be taken very seriously.
    The future of computer science R&D will be determined in part by 
our ability to demonstrate its significance convincingly over time. I 
believe we need better metrics of our R&D accomplishments and new 
models for analyzing funding for science and technology in general. Our 
current indicators are based on a data taxonomy that is decades old and 
does not really represent the way R&D is actually conducted today.
    In the NITRD area, we are making a start at improving these 
measures. The President's FY 2006 Budget tasks the National 
Coordination Office for IT R&D and the NITRD agencies to commission a 
study by the National Academies that identifies and categorizes 
important scientific questions and technological problems for which an 
extraordinary advancement in our understanding is difficult or 
impossible without leading-edge computing capabilities.
    Thank you for your attention to this important subject. I would be 
happy to answer additional questions.

                  Biography for John H. Marburger, III

    John H. Marburger, III, Science Adviser to the President and 
Director of the Office of Science and Technology Policy, was born on 
Staten Island, N.Y., grew up in Maryland near Washington D.C. and 
attended Princeton University (B.A., Physics 1962) and Stanford 
University (Ph.D., Applied Physics 1967). Before his appointment in the 
Executive Office of the President, he served as Director of Brookhaven 
National Laboratory from 1998, and as the third President of the State 
University of New York at Stony Brook (1980-1994). He came to Long 
Island in 1980 from the University of Southern California where he had 
been a Professor of Physics and Electrical Engineering, serving as 
Physics Department Chairman and Dean of the College of Letters, Arts 
and Sciences in the 1970's. In the fall of 1994 he returned to the 
faculty at Stony Brook, teaching and doing research in optical science 
as a University Professor. Three years later he became President of 
Brookhaven Science Associates, a partnership between the university and 
Battelle Memorial Institute that competed for and won the contract to 
operate Brookhaven National Laboratory.
    While at the University of Southern California, Marburger 
contributed to the rapidly growing field of nonlinear optics, a subject 
created by the invention of the laser in 1960. He developed theory for 
various laser phenomena and was a co-founder of the University of 
Southern California's Center for Laser Studies. His teaching activities 
included ``Frontiers of Electronics,'' a series of educational programs 
on CBS television.
    Marburger's presidency at Stony Brook coincided with the opening 
and growth of University Hospital and the development of the biological 
sciences as a major strength of the university. During the 1980's 
federally sponsored scientific research at Stony Brook grew to exceed 
that of any other public university in the northeastern United States.
    During his presidency, Marburger served on numerous boards and 
committees, including chairmanship of the Governor's Commission on the 
Shoreham Nuclear Power facility, and chairmanship of the 80 campus 
``Universities Research Association'' which operates Fermi National 
Accelerator Laboratory near Chicago. He served as a trustee of 
Princeton University and many other organizations. He also chaired the 
highly successful 1991/92 Long Island United Way campaign.
    As a public spirited scientist-administrator, Marburger has served 
local, State and Federal governments in a variety of capacities. He is 
credited with bringing an open, reasoned approach to contentious issues 
where science intersects with the needs and concerns of society. His 
strong leadership of Brookhaven National Laboratory following a series 
of environmental and management crises is widely acknowledged to have 
won back the confidence and support of the community while preserving 
the Laboratory's record of outstanding science.

    Chairman Boehlert. Thank you very much, Dr. Marburger.
    Dr. Tether.

STATEMENT OF DR. ANTHONY J. TETHER, DIRECTOR, DEFENSE ADVANCED 
                    RESEARCH PROJECTS AGENCY

    Dr. Tether. Mr. Chairman, Mr. Davis, Members of the 
Committee, first of all, I would like to say that we at DARPA 
support the strong funding of all disciplines and at all 
levels: undergraduate, high school, and graduate.
    Now why do we do that?
    Well, at DARPA, our role is really in the multi-
disciplinary area. We are a projects agency, and we execute 
projects, which require multiple disciplines in order to be 
successful.
    I would like to have you bear with me for a second, because 
I couldn't figure out how to really go through this without 
using pictures, and so I have slides. Yeah, we are from DARPA. 
We don't know how to talk without slides.
    [Slide.]
    So what I would like to do is spend a few moments, with 
your indulgence, explaining how DARPA operates. Now this is not 
just my impression of how DARPA operates. When I first came to 
DARPA, I met with the second DARPA Director, Austin ``Cy'' 
Betts, down at Southwest in Texas. Charles Herzfeld was the 
fourth Director. I have met with George Heilmeier, Bob Cooper, 
Craig Fields, Larry Lynn, Frank Fernandez, and Johnny Foster, 
who really wasn't a DARPA Director, but we all felt he was 
anyway. And I meet with these people constantly, and we go over 
what DARPA is doing, looking at it from the historical 
perspective and what we are doing now.
    So what I am about to give you is something that if they 
all were here in this room, they would all agree, ``Yes, this 
describes DARPA.''
    Next slide.
    [Slide.]
    Most of all, the DARPA organization is an organization that 
is very similar to the NSF in the following sense, not in the 
offices, because they are all program or problem-oriented 
rather than discipline-oriented, but in that the people are 
only there three to five years. And so we bring them in from 
industry, from universities, keep them three to five years, and 
they go back out to industry and universities. These are not 
detailees. These are people who had to give up a job to come to 
DARPA and then leave again. And that is the same thing that 
happens, quite frankly, at NSF.
    Next slide.
    [Slide.]
    How do we fit? This is really the burning question.
    I don't want you to get hung up too much on near, mid, and 
far. That is a notion of the time distance an idea is from 
becoming an acquisition program or a product. If you look at 
the service science and technology, it turns out to be on the 
near end. Now this is great science and technology. This is 
science and technology that makes radars more sensitive, jet 
engines more efficient and so forth and so on, but it is all 
about things we know about.
    Then there are these people here on the far side. These are 
the people who will come to you and say, ``Look, I can create a 
whole new capability by putting two systems together.'' The 
problem is, one system may be an Air Force system and the other 
may be an Army system. And for that to get funded, this process 
is difficult, at best. Or these are the people who come to you 
and say, ``Look, I can create whole new materials. I can move 
atoms around. I can create materials that we have never thought 
of before.'' Or, ``I can make titanium be $1 a pound.'' For 
these people to get funded, they almost have to be like an 
electron and tunnel their way across.
    DARPA was created by President Eisenhower in 1958 to bridge 
that gap.
    Next slide.
    [Slide.]
    DARPA was created on the onset of Sputnik when President 
Eisenhower had his 9/11 Commission and the forensics said there 
was no reason why the Russians beat us into space. The problem 
was that the people over here didn't quite have high enough on 
their priority list the problem of getting a satellite in 
space, but there were plenty of people out here in the far side 
who said, ``We could have done it. You just had to give us the 
money.'' And DARPA was created, not necessarily to create the 
far side, but to mine that far side worldwide to--no matter 
where the ideas were coming from, to be that agency which 
looked at these ideas, decided was it time, was it time to take 
them from the basic fundamental research to a product.
    And that is what we have done, and we have done that 
extraordinarily well for nearly 50 years.
    Now somebody in this room may be thinking, ``Well, that was 
a great story, you know, but have you guys ever really done 
anything?''
    Next slide.
    [Slide.]
    This is just an example of the things that DARPA has 
brought this country over the last 50 years by finding somebody 
on the far side, sometimes bringing that person into DARPA as a 
program manager, giving them a pot full of money with the 
express purpose of taking that idea or concept to the near side 
and get out. That is what we do, and we have done that from 
Saturn. President Kennedy would not have been as bullish when 
we said we are going to the Moon in 1969 if he didn't already 
know that the Saturn Rocket was there to have that possibility. 
That was DARPA's fifth project when it started.
    Mundane things during the Vietnam War like the M-16 rifle 
was a DARPA program all of the way to Global Hawk, Predator. 
These are all DARPA programs that were brought to you by doing 
a multi-disciplinary approach to problems requiring these 
disciplines that have to be funded.
    Next slide.
    [Slide.]
    By the way, here is the budget. This Administration has 
treated DARPA extraordinarily well. And Dr. Marburger will 
confirm that R&D has gone up over the last four years 
extraordinarily well, and they have treated us really well.
    Next slide.
    [Slide.]
    Where is it going?
    Well, in the Department of Defense, we have something 
called the QDR [Quadrennial Defense Review]. This is the QDR 
from 2001. We are redoing it again. We are going through that 
process again.
    But next slide.
    [Slide.]
    This shows you where our money has gone. Leveraging 
information technology is dramatically increasing. Space has 
dramatically increased, and this category called ``other'' is 
where our 6.1 basic research budget is. DARPA has really a very 
small 6.1 budget, about $150 million, because we use that money 
to be able to go to the meetings to find those ideas to see if 
they are ready. In other words, we are not necessarily the 
agency that ever really has highly-funded basic research, but 
we are the agency that goes to take that basic research to the 
next stage.
    Next slide.
    [Slide.]
    I have heard, reading it in the papers, that we are no 
longer doing ``blue sky research,'' so I thought I would give 
you some examples.
    Electronics. An atomic clock, I don't know if you have ever 
seen one, but it is big. We are taking that atomic clock and 
putting it on a chip. Now why are we interested in doing that? 
Most of our network systems today all need a common time sync, 
and they all use GPS. So if somebody jams GPS, we are out of 
business in the military. We can't afford that. So we are 
basically creating an atomic clock standard, which will be in 
your radio.
    Diodes, laser diodes, 70 percent efficiency. This is a big 
deal for anybody who knows what it takes to make a high-powered 
laser where the problem is getting the heat out to make things 
small.
    Next slide.
    [Slide.]
    Materials. Morphing aircraft. Titanium. We have a process 
we are working on right now where we believe we are going to 
get titanium down to less than $2 a pound. If we can do that, 
that will dramatically change the way we do business, not only 
in the United States but in the world if we can get titanium 
down to the cost of aluminum.
    Next slide.
    [Slide.]
    Bio. We have learned how to, using the mind, control an 
arm.
    Mr. Rohrabacher. How much is titanium now?
    Dr. Tether. It is anywhere from $16 to $30 a pound.
    We have learned how to use the thoughts of the mind to 
control an arm. We have a process right now where we are going 
to build a prosthetic that is controlled by the mind. Now this 
is a lot of technology in that arm. It is a real, true, multi-
disciplinary approach. Materials, computer science, all of it 
is in that arm, but the enabling things, we found out how to 
basically take the thoughts of the mind and moving an arm and 
have that happen.
    Last slide.
    [Slide.]
    Computer science. $584 million. You heard about the High 
Performance Computing Program, but if you really look at it, 
the only one that is doing anything is the DARPA program that 
is really building a computer. And we will have a new high-
productivity computer system that will give us, again, a 
competitive advantage in the world in about 2009 or 2010.
    Computer science, in general. We are now focusing in 
computer science at what would be called cognitive processing, 
making a computer learn you as opposed to you having to learn 
the computer. Now why is that a big deal? First of all, for the 
Department of Defense, it is a big deal, because we can reduce 
people. Now when Bill Gates a couple years ago was out on the 
stump trying to gin up support for computer science and kids 
were asking him questions, and they said, ``What's in it?'' 
What is the next biggest thing that we could be in this 
business? He said that if we can show how to have a computer 
that learns, that will be worth more than 10 Microsofts. So 
here we are, developing in computer science an area which is 
important to the DOD. And if we can do it, it will be an 
economy that we haven't really heard of before. So we are 
actually in an area that is new. The people who were in 
computer science in the '90s have not followed that trend. 
Well, we are having people working in this program that are 
really the new people just coming out of schools.
    Next slide.
    [Slide.]
    Okay. Upcoming key events. For those of you that really 
want to hear about DARPA, we have a symposium in August. It is 
in Anaheim. It is open to the world, foreigners. Why Anaheim? 
It is Disneyland. Where else would you have a DARPA conference, 
right?
    Also, we have this thing called the Grand Challenge.
    Next slide.
    [Slide.]
    What is that about?
    It is a winner takes-all. The Congress gave us the ability 
to have prizes. An event that is going to occur on October 8, 
$2 million in cash. Winner takes-all for an autonomous vehicle 
to go a hundred or so miles and do it in less than 10 hours.
    Next slide.
    [Slide.]
    What is involved?
    Look at this, 195 teams from 36 states, three high schools, 
35 universities. Why did we pick this one? Everybody owns a 
car. Everybody can buy a computer. You can go buy the sensors. 
The only thing left is you, your intellect. This is the 
ultimate in a multi-disciplinary approach, but the neat thing 
here is that we are exciting kids, people who would never work 
on the DOD problem are working on the DOD problem.
    Who are we reaching?
    Next slide.
    [Slide.]
    These kids, this is what it is all about. This is what I 
worry about constantly. Are we keeping the feed stock? I really 
worry about this more than I worry about ``Is some professor 
being funded?'' We have to make sure that kids really want to 
be interested in engineering in order to pursue that career.
    Chairman Boehlert. Is that a question to the Chair? The 
answer is no.
    Dr. Tether. What? We are not interested?
    Chairman Boehlert. We are not doing enough.
    Dr. Tether. We are not doing enough. And the Grand 
Challenge was really set up to really put excitement back into 
the United States, like it did back in the space race to the 
moon. And we have done that in a very micro way with this 
effort here.
    Next slide.
    [Slide.]
    You know, I have heard, ``My God, you are really 
concentrating on Iraq and therefore you are not doing research 
anymore.'' Yes, we are putting things in Iraq today, which are 
saving people's lives. This gun truck is a very simple thing 
made out of armor. Actually, we are finding out how it has 
saved people's lives. It is in Iraq now working. All I want to 
say is that the technology, the heavy lifting to have this over 
in Iraq was all paid for in the '90s. This is what DARPA 
typically does. We are way out ahead of the curve. When Iraq 
occurred and we started to put things into Iraq, we wanted to 
get what we had before and basically--the amount of money being 
used to get these in Iraq today is small compared to what it 
cost to develop in the '90s.
    Next slide.
    [Slide.]
    All right. Let us get down to it.
    What happened to university funding, especially computer 
science?
    Next slide.
    [Slide.]
    Well, when I heard all of the fuss, I thought, ``Well, 
maybe there is something going on.'' I knew that we at DARPA 
were not doing anything deliberate. I mean, it wasn't like we 
were throwing out proposals or refusing to fund people, but 
there was such a noise that I figured something must be going 
on.
    So I went and gathered some data, and this is the data of 
selected universities. I left their names off for privacy 
reasons. This is one particular university that really has been 
on a downward trend since 1999. By the way, this black line is 
when I showed up. This blue line, these two dates here, these 
two costs should be averaged, because this is a program that 
was one particular contract that was funded late in the fiscal 
year. So if you look at these lines here, you find that from a 
university viewpoint, funding from DARPA has been either 
constant or actually going up a little bit. Now this is 
everything to universities.
    Next slide.
    [Slide.]
    This is all in my testimony, but this is our average funds 
to university performers. This is just 2002 to 2004. This is 
your basic research column. This amount has actually doubled 
over the last five years. But notice that we at DARPA are 
funding universities to the tune of $450 million a year. I 
mean, this doesn't sound to me like an organization that is not 
friendly to universities. We are putting in 20 percent of our 
budget. On top of that, I said, ``Well, they say we are making 
them go to industry;'' in other words, instead of a prime 
becoming a subcontractor. So I had our comptroller, who by now 
was nuts in trying to get me this data, go look at fiscal year 
2003. And it is true, $75 million went to universities through 
subs. So you could add $75 million to that and say that DARPA 
funds universities about $525 million a year.
    Now computer science. Well, this is from 1994, and it is in 
2004 constant dollars. And it is a very interesting up and 
down. I really haven't figured out why we have these peaks and 
valleys, but they are really only spread over 10 or 15 percent. 
Look at the scale on the map. But in general, the funding at 
DARPA in computer science has been upward with its ups and 
downs, but it has been upward. (On the other hand, it is true 
that the funding to universities in this time period has 
shifted. However, we don't fund things by disciplines, so in 
order to figure out how much is funded to computer science, we 
have to almost go program by program, and we have about 500 of 
them. And again, my comptroller, who by now is ready to quit, 
went and calculated those numbers.)
    But this is--doesn't sound like a place that is anti-
university and most certainly not a place that is anti-computer 
science. But the issue is the university funding.
    Next slide.
    [Slide.]
    Well, where did the money go? I mean, I was as curious as 
all of you. So I went to the websites of the universities. My 
God. They aren't funding disciplines anymore. Every website at 
every university you go to is multi-disciplinary something or 
another. They are building multi-disciplinary buildings for bio 
info. And what is happening, that I can tell, is that the 
universities have discovered that multi-disciplinary efforts 
are the wave of the future. We agree. We absolutely agree, 
because that is the approach we have had over 50 years. The 
problems have changed, the thrusts have changed over 50 years, 
but our approach always has been a multi-disciplinary approach.
    Finally, we believe that individual disciplines need to be 
funded. Healthy funding of individual disciplines is required 
to assure that we can do multi-disciplinary work. We can't have 
a case where we are going to fund a multi-disciplinary team and 
somebody says, ``Well, the physics guy is not available. Well, 
go get the zoologist.'' You really need to have the disciplines 
to do that.
    One vehicle is block funding as a vehicle. I am treading on 
dangerous political grounds with that statement, but all 
disciplines, however, not just computer science, in order to 
make sure they are healthy, you might want to say we are going 
to fund them specifically.
    But DOD is doing its part. I want you to understand that we 
at DOD understand this problem, and we are worried about it. We 
are really worried about it, not from a single discipline 
viewpoint. We are worried about it from the feed stock of where 
the kids are coming into high school going into universities to 
keep that going. So we are doing our part. We have the National 
Defense Graduate Fellowship, the SMART program, which Congress 
established in 2005. We have two interns coming to DARPA. We 
have Multi-disciplinary University Research Initiatives, or 
MURIs. And we have something called a Focus Research Center in 
both microelectronics and nanotechnology, and we are talking 
about opening up one in cognitive.
    Next slide.
    [Slide.]
    This is what a focus center program is. It is a joint 
program between industry and the government. We put $10 million 
in. Industry puts $10 million in. That $20 million goes to 
these universities. It is run by universities to work on a 
rather focused problem. It is where we get our far side to 
figure out what to do next, and in fact, from this, we have had 
our microelectronics program basically generating what we want. 
We are going to open up one in nanotechnology, and quite 
frankly, we are going to try to open up one in computer 
science, also in cognitive. I am going to approach Microsoft to 
see if they would like to join up with us, because I do 
believe, as Microsoft believes, that the computer science of 
today and the future is not the computer science of the '90s, 
but is in a new area called cognitive.
    Next slide.
    [Slide.]
    Thank you very much for your time.
    [The prepared statement of Dr. Tether follows:]

                Prepared Statement of Anthony J. Tether

    Mr. Chairman, Members, and staff. I am Tony Tether, the Director of 
the Defense Advanced Research Projects Agency (DARPA). I am pleased to 
be here today to talk about research at DARPA.

DARPA Funding for ``Blue Sky'' Research

    Last month, an article appeared in the New York Times (April 2, 
2005), ``Pentagon Redirects Its Research Dollars.'' The general message 
in the article is that DARPA has decided to shift away from basic 
research in favor of financing more classified work and narrowly 
defined projects that promise a more immediate payoff.
    That simply is not correct.
    There has been no decision to divert resources, as the article 
implies. DARPA's commitment to seek new ideas, to include ideas that 
support research by bringing together new communities of research 
scientists, is the same as it has been, dating back to the Agency's 
inception in 1958. You can see from my biography that I was at DARPA 
nearly 25 years ago, so I speak from years of personal experience.
    Rather than go through a blow-by-blow rebuttal of the article, I am 
providing the Committee with my answers to specific questions from the 
Times reporter (Appendix A) and my response to a question from the 
Senate Armed Services Committee staff (Appendix B) which was used in 
the article. I urge you to read this information in order to better 
assess the claims made in the New York Times article itself, which is 
included in Appendix C for your convenience.
    A mistaken impression that readers may get from the New York Times 
article is that DARPA is carelessly eliminating universities from 
research funding by requiring increased security classification. The 
case cited by the article is DARPA's Network Embedded Systems 
Technology (NEST) program. NEST is developing technology for networks 
of small, low-power sensor nodes that can operate under extreme 
resource constraints of power, timing, memory, communication, and 
computation, while simultaneously being highly scalable and robust.
    As you will see from Appendix A, NEST started in 2001 and was 
originally planned to end this fiscal year. DARPA extended the program 
for one year to focus on military applications of the technology. 
Contrary to the article, NEST funding to universities for research 
actually increased during the life of the program. From fiscal year FY 
2001 through FY 2005, NEST program funding for university research 
increased from the original plan of $18.8 million to $26.1 million--an 
increase of $7.3 million, or nearly 40 percent.
    In addition, the article implies that DARPA is moving away from 
long-range ``blue sky'' research. Let me assure you that also is not 
the case. Appendix D is a list of representative DARPA research 
programs that show DARPA is, indeed, funding radical ideas that involve 
long-range research.
    When I first heard about the university funding concerns several 
months ago, I decided to investigate the claim. One of the first things 
I did was to determine whether a trend existed in DARPA's university 
funding over the past several years.
    Figure 1, entitled ``DARPA funding at selected universities, FY 
1999 to FY 2004,'' shows the results from that investigation. For 
privacy reasons, I have not identified the universities, but I will 
provide the Committee the information on request.



    The graph shows that funding at individual universities varies over 
time; from year to year, funding typically goes up and down at any 
given school. However, with one notable exception,\1\ funding varies 
around a roughly constant level.\2\
---------------------------------------------------------------------------
    \1\ After I saw the dramatic decrease in the university plotted as 
the red line, I contacted the president of the university. We are 
trying to figure out what is going on, and we plan to meet in June.
    \2\ The peculiar funding profile for the university plotted as the 
purple line, with a dramatic increase in FY 2003 followed by a sharp 
decrease in FY 2004, is the result of the timing of one contract; the 
funding for those two years should be averaged.
---------------------------------------------------------------------------
    The black vertical line in Figure 1 marks the period when I 
returned to DARPA as Director. Analyzing the data, I could not find any 
correlation between funding levels and trends since my return to the 
Agency. Even the university with the large decrease was on this path 
long before I became Director.
    Figures 1 leads to an interesting observation.
    The major complaint about reduced university funding seems to be 
coming from one discipline--computer science. But if DARPA's overall 
funding of universities is more or less constant, then other 
disciplines must be the recipients of DARPA's research funding.
    The key question becomes, ``What other discipline has grown 
significantly over the past five years at the expense of computer 
science?"
    As part of my investigation, I reviewed several dozen university 
websites to see if I could determine the new discipline that was on the 
rise.
    The answer is surprising on the one hand and obvious on the other: 
no single discipline has been taking over.
    Every university website I visited advertised that they had created 
centers for multi-disciplinary research and professed that these 
centers were the harbinger of the future. What must be happening is 
that, while computer science is always part of the multi-disciplinary 
efforts, its past dominance and, hence, respective share must be 
decreasing in relationship to the other disciplines involved in the 
effort.
    In this same vein, last month Dr. Arden Bement, Director of the 
National Science Foundation, remarked that, ``Evolving in concert with 
the new [scientific] tools are different ways of working within 
science, such as collaboration across large, multi-disciplinary, often 
international teams. These new modes of working are essential to 
meeting the grand scientific challenges of our era--those overarching 
goals that require a concerted, large-scale effort.'' \3\
---------------------------------------------------------------------------
    \3\ Dr. Arden L. Bement, Jr., ``The Shifting Plate Tectonics of 
Science,'' American Ceramic Society, Frontiers of Science and Society 
Rustum Roy Lecture, Baltimore, MD, April 10, 2005
---------------------------------------------------------------------------
    Multi-disciplinary research is the foundation for creating the 
innovations of the future.
    I agree.
    In fact, DARPA has been leading that trend for almost 50 years. And 
we are continuing that tradition.
    Let me give you some examples:
    Material Science: In the early 1960s, universities had departments 
in metallurgy, chemistry, physics, mining, and engineering, but there 
was no ``material science'' discipline to solve the burgeoning problems 
of space vehicles, ballistic missile nose cones, and hypervelocity 
impact.
    We needed advanced materials like plastics, composites, 
thermoelectrics, semiconductors, ceramic windows for high power 
microwave devices, lightweight armor, and other materials for space 
applications. All this required multi-disciplinary laboratories to 
provide the science, technology, and the cadre of ``material 
scientists'' to develop the materials the Nation would need for its 
Defense technologies. DARPA funded the formation and growth of the 
Interdisciplinary Materials Laboratories through the 1960s. By 1989, 
there were about 100 materials science departments in U.S. 
universities--much of this stemming from DARPA's funding of multi-
disciplinary university activities.
    Computer Science: In the 1960s, there was no ``computer science'' 
discipline per se. DARPA funded electrical engineering and mathematics 
ideas, along with ideas from other areas, combined them, and began to 
focus on the problems and opportunities of human-machine interface and 
networks. This effort led to the personal computer and the Internet. 
Today, the multi-disciplinary outcome is what we call ``computer 
science.'' A recent survey of 335,000 computer science publications\4\ 
shows that DARPA is second only to the National Science Foundation in 
funding this multi-disciplinary group of researchers.
---------------------------------------------------------------------------
    \4\ Giles, L. and Councill, I., ``Who gets acknowledged: Measuring 
scientific contributions through automatic acknowledgement indexing,'' 
Proceedings of the National Academy of Sciences 101, 51 (2004)
---------------------------------------------------------------------------
    More recently, DARPA's High Performance Computing Systems (HPCS) 
program is aimed at filling the gap between today's late-80s high 
performance computing technology and the quantum/bio-computing systems 
of the future. HPCS involves new materials, new microelectronics 
architectures, and revolutionary software engineering-it is a 
quintessential multi-disciplinary computer program.
    Stealth: In the 1970s, DARPA wanted to make an aircraft invisible 
to radar. To achieve stealthy aircraft such as today's F-117 and B2, 
DARPA assembled research teams in radar absorbent materials, infrared 
shielding, heat dissipation, reduced visual signature technology, low-
probability-of-intercept radar, active signature cancellation, inlet 
shielding, exhaust cooling and shaping, and windshield coatings. 
Physicists, aeronautical engineers, material scientists, and 
electrical, thermal and structural engineers were brought together to 
solve the problem. To achieve this, DARPA did not post specific 
requirements for academic disciplines to be gathered to solve stealth. 
Instead, we focused on the problem of how to build an airplane not only 
according to the Navier-Stokes equation, but also according to 
Maxwell's equations, and then brought together the necessary 
disciplines to solve the tough technical challenges.
    Analog, Optical, and Radio Frequency Electronics: In the 1980s and 
1990s, DARPA pioneered advances in digital silicon microelectronics and 
analog gallium arsenide microwave circuits critical to military 
information superiority. Since 2000, DARPA has opened a new range of 
capabilities by leading the development of Integrated Microsystems-
complete ``platforms on a chip'' with the ability to sense, process, 
and act on data. DARPA programs have driven combinations of 
electronics, photonics, microelectromechanical systems (MEMS), 
algorithms, and architectures to give the DOD an unparalleled ability 
to sense, process, and act on data.
    Bio:Info:Micro: A few years ago, we saw opportunity in the 
convergence of biology, information technology, and microsystems. That 
led to our current work to combine neuroscience, biology, computers, 
actuators, sensors, and power systems in a multi-disciplinary program 
to revolutionize prosthetics. Our goal is to dramatically improve the 
quality of life for amputees and allow them to return to a normal life 
with no limits whatsoever by developing limb prostheses that are fully 
functional, neurologically controlled limb replacements that have 
normal sensory abilities.
    As I mentioned earlier, Appendix D shows a sample of more than 75 
DARPA programs we're working on today. If you look over that list, you 
can't help but see the tremendous amount of multi-disciplinary work 
being done to solve Defense technology problems.
    Developing completely new multi-disciplinary research is at the 
heart of many DARPA success stories that are reported often in the 
press.
    DARPA's focus on national security problems and opportunities 
naturally leads to multi-disciplinary research because most problems or 
opportunities do not come neatly packaged in disciplines.
    We do not emphasize advancing progress in established disciplines. 
Instead, we bring together teams from diverse institutions and 
disciplines to solve a particular problem.
    This does lead to significant changes in the disciplines and 
institutions that are involved with DARPA at any given time, but it 
also results in a great deal of progress.
    It is also highly likely that the funding varies considerably for 
specific established academic disciplines--but these funding 
variations, like in computer science, are hard to track since DARPA 
does not specifically fund disciplines, as explained earlier.
    Thus, our funding of people, disciplines, universities, and 
institutions increases and decreases as a result of the constantly 
changing mix of problems that DARPA is working to solve. The mix does 
change, but the overall effort is robust.
    This change, while occasionally discomforting, is very healthy. It 
is exactly how problems are solved and ensures DARPA remains open to 
entirely new ideas. Many, perhaps most, of our solutions are multi-
disciplinary and, as you saw above, we even occasionally foster 
entirely new disciplines this way.
    More often than not, revolutionary technological progress--which is 
distinct from scientific progress--is not a product of continuing, 
secure funding of established disciplines. Crucial steady progress is 
made within disciplines, but many would agree that truly major 
technical revolutions often occur outside or in between disciplines. 
Real technology breakthroughs come from the multi-disciplinary problem-
solving approach that DARPA has been relying on for decades.
    DARPA's focus is to agilely pursue national security problems and 
opportunities.

Funding for the Future

    As I think about the issues this committee is dealing with, I have 
an observation to make.
    First, the major complaints about decreased funding seem to be 
coming from one specific discipline--computer science.
    The complaints, I also note, never clearly identify the specific 
research that is not being done, the problems that are not being 
solved, or the progress that is impeded as a result of decreased 
funding in the discipline. The message of the complaints seems to be 
that the computer science community did good work in the past and, 
therefore, is entitled to be funded at the levels to which it has 
become accustomed.
    I want to strongly emphasize that I do believe individual research 
disciplines are important. They provide the scientific foundation for 
multi-disciplinary research, and they need to be funded at healthy 
levels to keep the pipeline full and allow for multi-disciplinary work 
to occur.
    However, it may be appropriate to have funding for specific 
established disciplines such as computer science, and this committee 
may reach that decision. However once such funding is started, it would 
be reasonable to expect that other disciplines such as chemistry, 
physics, and math would expect similar consideration.
    But rigidly funding specific, established disciplines would 
severely limit the flexibility DARPA needs to be successful. DARPA 
needs the ability to promote multi-disciplinary work to solve important 
national security problems, to include forming completely new 
disciplines.
    We at DARPA are always interested in hearing about good ideas that 
we can accelerate into use for our national security no matter where 
they come from. This is inherently multi-disciplinary work, just as the 
universities are emphasizing, and we believe it is to the great benefit 
of our military and nation.

Appendix A

    Q and A's Asked by New York Times Reporter Regarding University 
                        Interactions with DARPA

1.  Is it true that there has been a shift in DARPA funding away from 
universities during the past two to three years? How significant has 
the shift been?

A: The claim that DARPA funding has shifted away from universities is 
incorrect.
    However, University funding requires an understanding of how the 
DOD budgets. There are several Budget Activities ranging from 6.1 to 
6.7. Science and Technology (S&T) funding is defined as the 6.1 through 
6.3 Budget Activities.
    The 6.1 Budget Activity is termed Basic Research and is defined as 
systematic study directed toward greater knowledge or understanding of 
the fundamental aspects of phenomena and of observable facts without 
specific applications in mind. The activity in this account is almost 
always unclassified and ITAR (International Traffic in Arms 
Regulations, i.e., export control) restrictions do not apply since 
specific applications are not in mind. Hence these funds are ideally 
suited to the operations of universities.
    The 6.2 Budget Activity is termed Applied Research and is defined 
as systematic study to understand the means to meet a recognized and 
specific need. The activity in this account tends to require 
classification and/or be subject to ITAR restrictions far more often 
than 6.1 research. Hence, not all the programs under this account are 
suitable for universities, or even possible for universities that 
refuse to do classified research. However universities do submit 
proposals for programs funded from this account, and receive the 
largest absolute value of their funding from DARPA from this account. 
That said, as programs in this account progress, they may require 
classification and/or have ITAR restrictions, meaning that normal 
university operating practices make participation in the program less 
desirable and feasible.
    The 6.3 Budget Activity is termed Advanced Technology Development 
and includes development of subsystems and components and efforts to 
integrate them into system prototypes for field experiments and/or 
tests in a simulated environment. This type of work is rarely a good 
fit with universities. Universities do propose to efforts in this 
account but the efforts are typically incidental, specific 
investigations and do not last the duration of the effort.
    There has NOT been a shift away from universities. The DARPA 6.1 
Basic Research account has increased since 1999 both in absolute terms 
and as a percentage of the DARPA budget. And, since 1999, the 
percentage of that 6.1 funding going to universities has also 
increased.
    DARPA 6.1 funding has averaged 8.7 percent of DOD's total 6.1 
investment over the last 10 years. DARPA's share of the total 6.1 
funding increased noticeably over the past several years. Our 6.1 
program was 13.4 percent of the DOD 6.1 program in 2004 and 11.2 
percent of the 6.1 total in FY 2005--well above the 10-year average.
    Within DARPA's budget, the percentage devoted to 6.1 averaged 
approximately 4.4 percent over the past 10 years. In this area too, the 
percentage has been on the rise over this timeframe, and the 6.1 
percentage has increased to 5.8 percent of the overall DARPA budget.
    In absolute terms, the 6.1 budget has more than tripled, from $54.9 
million in FY 1999 to $169.9 million in FY 2005.
    The percentage of the DARPA university 6.1 budget in FY 1996-2000 
was 52 percent, while the FY 2001-2004 percentage was 59 percent (where 
FY 2004 stands today). This is in line with the findings of the 
National Academy of Sciences' Assessment of Department of Defense Basic 
Research study published in 2005 that 60 percent of DOD's overall 6.1 
program went to universities.

2.  What is the reason for the shift? What are the DARPA priorities and 
have they changed significantly?

A: The only shift since 1999 in our basic research has been towards 
MORE funding and MORE funding at universities.
    DARPA currently has eight strategic thrusts (see list below) chosen 
based on a strategic assessment of national security threats and 
technological opportunities facing the U.S.:

          Detection, precision identification, tracking, and 
        destruction of elusive targets

          Location and characterization of underground 
        structures

          Networked manned and unmanned systems

          Robust, secure self-forming tactical networks

          Cognitive computing

          Assured use of space

          Bio-revolution

          Urban area operations

    In addition to these eight strategic thrusts, DARPA's research also 
emphasizes core technology areas that are independent of current 
strategic circumstances, but important to future technical 
opportunities and successes.
    These core technology foundations are the investments in 
fundamentally new technologies, particularly at the component level, 
that historically have been the technological feedstock enabling 
quantum leaps in U.S. military capabilities. Core investment areas 
include: materials, microsystems, information technology and other 
technologies and sciences, including in recent years biology and 
mathematics.
    Many of DARPA's university performers are funded to develop 
breakthroughs in the core technology investment areas. However, many 
universities are also funded to achieve technological breakthroughs in 
the eight strategic thrust areas.
    Details on these thrusts are provided in the DARPA document 
``Bridging the Gap'' which can be downloaded from our website 
www.darpa.mil.

3.  Does DARPA publicly break out the university component of its 
funding?

A: Yes, the following provides average funding for the past three 
fiscal years:




    Universities receive a significant percentage of dollars from 
DARPA. In fact, the table shows that universities receive nearly four 
times more of their dollars from DARPA's 6.2 and 6.3 accounts, even 
though the research funded in these accounts is less suited to 
universities' operational practices.

4.  A number of university researchers have told me that the DARPA 
Network Embedded Systems Technology (NEST) research has largely been 
removed from universities and classified. Is that true? Is that because 
there is an operational need for the technology?

A: Yes, there is an operational need for the technology and this is a 
specific case where the original 6.2 effort was successful to the point 
that further efforts became classified.
    DARPA's NEST program started in 2001, and was scheduled to end in 
FY05 (this year). DARPA is extending the program for an additional year 
to focus on military applications of the technology. In order to 
protect the U.S. advantage in this technology, it is necessary to 
classify and protect aspects of the technology.
    Previous NEST university performer work is all unclassified, and 
university researchers can publish information on their concept, 
findings, algorithms, and other basic research academic material. Under 
the terms of their NEST contracts, university researchers provide their 
source code to the Government as a deliverable. DoD does plan to 
protect the source code and military applications of the technology 
appropriately.
    DARPA expects to involve the defense contractor community in the 
next phase of the NEST program. It is also expected that many of the 
university researchers will become subcontractors to the defense 
contractors.
    In addition, all of the current NEST university efforts are 
continuing. Some individual university NEST activities were reduced, 
but other university NEST activities were increased. Overall, there was 
increased funding for universities in NEST over what was originally 
planned.

5.  There was a specific effort to remove the NEST Tiny OS research at 
the University of California at Berkeley. Do you know why DARPA 
attempted to classify that research? Is it true that there was a prior 
contract that stipulated that the research results would be available 
as open source?

A: TinyOS research is not classified. In fact, all basic level 
fundamental research in sensor network systems is unclassified. The 
DARPA NEST program is funding University of California at Berkeley to 
continue their research work through FY05. However, DOD does plan to 
protect the source code and military applications of the technology by 
taking the deliverable software from all such researchers to further 
develop it with other defense contractors.

6.  Was research being done by Jack Stankovic at the University of 
Virginia on sensor networks classified?

A: All university research on the NEST program, including that of 
Professor Stankovic, was unclassified. University researchers, 
including Professor Stankovic, will continue to be funded for 
unclassified basic research in FY 2005 as well. In addition, the 
program plans to support classified work to be done by defense 
contractors.

7.  A November 2004 report by the President's Information Technology 
Advisory Committee states that DARPA has departed from its historical 
support of longer-term research. Is this accurate?

A: This is not accurate, DARPA has always supported a mix of longer- 
and shorter-term research.
    DARPA mines fundamental discoveries and accelerates their 
development and lowers their risks until they prove their promise and 
can be adopted by the Services. The key is a focus on high-risk, high-
payoff research.
    DARPA has two fundamental types of technical offices. Technology 
offices focus on new knowledge and component technologies that might 
have significant national security applications, which often involved 
longer-term research. System offices focus on technology development 
programs leading to products that more closely resemble a specific 
military end-product.
    During periods of active conflict, DARPA adds an additional type of 
activity--quick reaction projects that take the fruits of previous 
science and technology investment and very quickly move the technology 
into a prototype, fieldable system and into the hands of deployed 
forces. There have been many published articles on some of these 
technologies.
    Quick reaction projects are done in addition to DARPA's usual 
activities, not instead of.
    The PITAC report addresses specifically cyber security research for 
commercial applications and seems to think that if research is 
classified, it is by definition short-term.
    DARPA expects that its information assurance research will have a 
broad, beneficial impact on the commercial world, as commercial 
networks move toward the mobile, ad hoc, peer-to-peer features common 
to today's military networks.
    Recall that the Internet, which came from DARPA research, 
progressed in the 1970s for DOD reasons, not commercial reasons. There 
are many other commercial products available today to protect the 
Nation's computer networks that are the result of DARPA research on 
information assurance for military networks having a fixed 
infrastructure similar to those encountered in the civilian community.
    Network centric warfare involves networks that must assemble and 
reassemble on-the-fly on an ad hoc basis without having a fixed or set 
infrastructure in-place. The military must achieve what has been called 
``critical infrastructure protection'' without infrastructure. In the 
most advanced cases, these are peer-to-peer or ``infrastructureless'' 
networks. There is no fixed, in-place network equipment--the whole 
network architecture is fluid and reassembles dynamically.
    In the long-term, commercial networks will acquire some of these 
features. Why? Because the cost of these networks will be considerably 
less than today's networks, in which fixed assets such as towers, etc., 
have to be built and maintained.

8.  The report also states that DARPA programs are increasingly 
classified, thereby excluding most academic institutions. Is that 
accurate?

A: DARPA follows Executive Branch guidelines when classifying its 
programs--classification is only used to protect information that, if 
subjected to unauthorized disclosure, could reasonably be expected to 
cause damage to the national security.
    It is true that some universities are not able to perform 
classified or ITAR research. But many DARPA programs are not classified 
and university researchers are often involved in them. 6.1 programs are 
defined as programs without a specific application in mind and are very 
seldom classified or have ITAR restrictions.
    DARPA's programs are developing technologies to benefit the 
warfighter. DOD has an ongoing effort to streamline and shorten the 
amount of time necessary for advanced technology to be incorporated 
into new weapons systems and become operational. DARPA's role is to 
transition technology into military applications and demonstrations.
    It should not be a surprise that, as the programs mature, they move 
from research that is unclassified to research that is either 
classified and/or ITAR restricted. In addition, as technology 
development moves along this continuum, it tends to increasingly 
involve industry performers who can actually produce the product.
    This progression, which results in either classification as the 
application becomes focused, or ITAR restrictions at the component 
level, or the increasing involvement of industry, seems to account for 
the decrease in university performers in DARPA's 6.2 and 6.3 research. 
However as the answer to an earlier question showed, Universities 
receive nearly four times more resources from the 6.2 and 6.3 accounts 
as they do from 6.1

9.  The report also asserts that DARPA's new mission is to incorporate 
pre-existing technology into products for the military rather than 
funding basic research. Is that accurate?

A: This is not true, there has been NO change in DARPA's core mission.
    Our mission, established in 1958 in response to Sputnik, is to 
prevent technological surprise for the U.S. and create technological 
surprise for our adversaries. Our focus is and has always been solely 
on research and development for national security, and therefore 
portions of DARPA's research have always been classified or subject to 
ITAR restrictions.
    Please read the answers to the previous questions and download 
``Bridging the Gap'' from our website to find out what we are doing.

10.  Reporter would like an interview w/Dr. Tether or other DARPA 
official to discuss these questions.

A: DARPA will provide written answers in lieu of an interview.

Appendix B

 Senate Armed Services Committee Staff Request for DARPA Investment in 
    Computer Science and Opportunities for University Participation

Introduction:

    DARPA was requested by the SASC staff to provide an historical 
estimate of DARPA funding for Computer Science (CS), and the amount of 
that funding given to Universities.
    The following material provides data to answer the questions.
    For the purposes of this discussion, Computer Science (CS) is 
defined as:

         The systematic study of computing systems and computation. The 
        body of knowledge resulting from this discipline contains 
        theories for understanding computing systems and methods; 
        design methodology, algorithms, and tools; methods for the 
        testing of concepts; methods of analysis and verification; and, 
        knowledge representation and implementation.

    However it is doubtful that any accurate assessment whether or not 
DARPA interest in Computer Science has increased or decreased can be 
made.
    Why is this true?
    First of all, DARPA does not directly seek efforts in Computer 
Science; that is, DARPA does not publish Broad Agency Announcements 
(BAA's) requesting ideas to advance the field of Computer Science as a 
discipline.
    Instead, DARPA publishes BAA's to solicit ideas for obtaining a 
particular capability, such as achieving 24 by 7 situational awareness, 
or developing a new High-Performance computer based upon productivity 
as a goal rather than raw speed as measured by instructions per second.
    Whether or not Computer Science was needed to achieve these 
capabilities is a consequence of the effort and not a prime reason in 
its own right.
    Because of this, it required significant effort to compile the 
numbers in this report. Each of DARPA's 400-plus efforts had to be 
examined individually to determine whether or not Computer Science was 
an ingredient.
    In order to avoid having almost every effort classified as such, 
only those where Computer Science as defined above was a significant 
ingredient were included.
    Hence the following funding data should be considered as a low 
estimate of the actual funding.
    In addition, due to database constraints, the university 
participation funding data is limited to those instances where the 
university is identified as the prime (or sole) performer on the 
contract or grant. The database records the amounts obligated and 
disbursed to the performer of record on each contracting vehicle; 
subsequent funding distributions made by the prime contractor to 
subcontractors, which could include Universities, is not captured in 
the database.

Overall Computer Science Funding trends:

    DARPA conducted a review of FY 1994-2004 funding for computer 
science research. The following table summarizes CS research funding 
for those years ($, Millions).



    These funds support a vast array of information research including 
basic (6.1) research, traditional software and high performance 
computing programs, information assurance and security, and 
applications of the technology for warfighter requirements in such 
areas as language translation, advanced networking, robotic systems 
control, and command and control systems.
    Increasingly, DARPA funding is being applied to long-term research 
that is exploring cognitive computing, which is the quest for computers 
that are interactive with the user and capable of learning as opposed 
to the current generation of machine tools; the use of advanced quantum 
theory and biological based computer science; and, Defense applications 
of computer science research. Universities are not excluded from any of 
these research areas and are welcome to participate to the extent they 
are willing to comply with basic DoD oversight and security 
requirements and ITAR restrictions.
    The years following the FY 1995 budget ($546 million) reflected 
completion of a number of software (architectures, persistent object 
bases), hardware programs (completion of the first high-performance 
computing initiative) and applications (global grid communications, 
defense simulation Internet, transition of the advanced simulation 
program to the Defense Simulation Systems Office).
    As a consequence, funding declined in FY 1996-98 in comparison to 
the FY 1995 level.
    The decline in computer science funding in the late 1990s would 
have been far more severe had it not been for the significant funding 
increases for information assurance programs (all of which had computer 
science as a significant part), and DARPA's participation in the Next 
Generation Internet program, a multi-agency, term limited (five-year) 
effort to explore network bandwidth expansion and quality of service 
initiatives.
    Information assurance programs increased five fold between FY 1995 
and FY 1999. In FY 1995, Information Assurance programs were only $10 
million or less than two percent of computer science funding. By FY 
1999, Information Assurance funding had increased to $55 million or 10 
percent of the computer science total.
    After a temporary lull in FY 2000, increases in middleware research 
and expanded emphasis on information tools for Asymmetric Threat 
prediction and prevention fueled the major expansion of IT funding in 
FY 2001-2003.
    From FY 2000 to FY 2003 computer science funding rose $88 million 
or 17 percent. Yet even as the budget was increasing, the portfolio mix 
was changing. Agent based software, Quality of Service programs, and 
high performance computing architectures transitioned into DOD 
applications programs, and the Software Engineering Institute was 
transferred from DARPA's accounts to OSD.
    Between FY 2003 and FY 2004, overall funding for computer science 
research declined slightly, by $30 million or five percent, from $613 
million to $583 million. A number of ongoing embedded software programs 
transitioned to major applications efforts such as the Future Combat 
Systems. Like FY 2000, the FY 2004 decrease is more an anomaly than a 
significant trend.
    All computer science research activities associated with Asymmetric 
Threats programs were eliminated by congressional decree in FY 2004, 
thus further reducing the FY 2004 computer science budget by nearly $80 
million, and also reduced outyear outlays. Funding increases in 
cognitive computing, language translation efforts, and classified 
applications partially offset the congressional action.
    The FY 2005-06 budgets have held computer science funding constant 
at the FY 2004 level. The following table displays the budgets for FY 
2004-2006 as reflected in the FY 2006 President's budget.




    Another way to look at the computer science trends, without the 
masking effect of inflation, is to covert and display the data in 
constant dollars. The following graph does just that.




    When expressed in constant dollars, it becomes clear that the trend 
in DARPA computer science funding was downward from FY 1995 to FY 2000. 
The downward trend stopped in FY 2000 and has been increasing since 
then.
    University Involvement in DARPA Computer Science Research: Data 
constraints limited the evaluation of university research funding to 
the FY 2001-2004 period. The following table shows university funding 
for those years.




    There are factors for the decline, some of which were beyond 
DARPA's control. They are:

        1.  High Performance Computing (HPC): In FY 2001, over 50 
        percent of HPC funding ($67 million) went to universities. 
        However, the program focus shifted from pure research to super 
        computer construction. This change in emphasis resulted in the 
        major CS vendors--Sun, IBM, Cray, etc.--receiving the bulk of 
        the funding and as a result, universities received only 14 
        percent of the HPC funding in FY 2004 ($14 million). But, they 
        are included in the program through sub-contract relationships

        2.  Information Assurance (IA): University research comprised 
        $20 million of the $70 million applied to IA efforts in FY 
        2001. During the subsequent years, the IA program 
        classification increased. By FY 2004, the unclassified budget 
        for IA was less than half of the FY 2001 program, and the 
        amount issued to universities had dropped to $4 million.

        3.  Asymmetric Threats: Universities received a consistent $11-
        12 million per year for asymmetric threat program research. 
        This ended with congressional cancellation of the program in FY 
        2004.

        4.  Intelligent Software: Much of the intelligent software 
        research in FY 2001 was oriented towards proving and refining 
        the use of software agents and control architectures. As the 
        research matured, many of the tools developed were integrated 
        into network command and control application programs. While 
        the universities continued involvement with these efforts after 
        transition to applications, the amount they received 
        (approximately $8 million in FY 2004) was only about one third 
        the amount they received in FY 2001 (approximately $28 million) 
        when the programs were still in the early stages of research.

        5.  Classified programs: Classified funding for computer 
        science-related programs increased markedly between FY 2001 and 
        FY 2004. Universities received none of this funding.

Appendix C

                             Reprinted from

                           The New York Times

April 2, 2005

Pentagon Redirects Its Research Dollars; University Scientists 
        Concerned by Cuts in Computer Projects

By JOHN MARKOFF

SAN FRANCISCO, April 1

    The Defense Advanced Research Projects Agency at the Pentagon--
which has long underwritten open-ended ``blue sky'' research by the 
Nation's best computer scientists--is sharply cutting such spending at 
universities, researchers say, in favor of financing more classified 
work and narrowly defined projects that promise a more immediate 
payoff.
    Hundreds of research projects supported by the agency, known as 
DARPA, have paid off handsomely in recent decades, leading not only to 
new weapons, but to commercial technologies from the personal computer 
to the Internet. The agency has devoted hundreds of millions of dollars 
to basic software research, too, including work that led to such recent 
advances as the Web search technologies that Google and others have 
introduced.
    The shift away from basic research is alarming many leading 
computer scientists and electrical engineers, who warn that there will 
be long-term consequences for the Nation's economy. They are accusing 
the Pentagon of reining in an agency that has played a crucial role in 
fostering America's lead in computer and communications technologies.
    ``I'm worried and depressed,'' said David Patterson, a computer 
scientist at the University of California, Berkeley who is President of 
the Association of Computing Machinery, an industry and academic trade 
group. ``I think there will be great technologies that won't be there 
down the road when we need them.''
    University researchers, usually reluctant to speak out, have 
started quietly challenging the agency's new approach. They assert that 
DARPA has shifted a lot more work in recent years to military 
contractors, adopted a focus on short-term projects while cutting 
support for basic research, classified formerly open projects as secret 
and placed new restrictions on sharing information.
    This week, in responding to a query from the staff of the Senate 
Armed Services Committee, DARPA officials acknowledged for the first 
time a shift in focus. They revealed that within a relatively steady 
budget for computer science research that rose slightly from $546 
million in 2001 to $583 million last year, the portion going to 
university researchers has fallen from $214 million to $123 million.
    The agency cited a number of reasons for the decline: increased 
reliance on corporate research; a need for more classified projects 
since 9/11; Congress's decision to end controversial projects like 
Total Information Awareness because of privacy fears; and the shift of 
some basic research to advanced weapons systems development.
    In Silicon Valley, executives are also starting to worry about the 
consequences of DARPA's stinting on basic research in computer science.
    ``This has been a phenomenal system for harnessing intellectual 
horsepower for the country,'' said David L. Tennenhouse, a former DARPA 
official who is now Director of Research for Intel. ``We should be 
careful how we tinker with it.''
    University scientists assert that the changes go even further than 
what DARPA has disclosed. As financing has dipped, the remaining 
research grants come with yet more restrictions, they say, often 
tightly linked to specific ``deliverables'' that discourage exploration 
and serendipitous discoveries.
    Many grants also limit the use of graduate students to those who 
hold American citizenship, a rule that hits hard in computer science, 
where many researchers are foreign.
    The shift at DARPA has been noted not just by those researchers 
directly involved in computing technologies, but by those in other 
fields supported by the agency.
    ``I can see they are after deliverables, but the unfortunate thing 
is that basic research gets squeezed out in the process,'' said 
Wolfgang Porod, director of the Center for Nano Science and Technology 
at the University of Notre Dame.
    The concerns are highlighted in a report on the state of the 
Nation's cyber security that was released with little fanfare in March 
by the President's Information Technology Advisory Committee. DARPA has 
long focused on long-term basic research projects with time horizons 
that exceed five years, the report notes, but by last year, very little 
of DARPA's financing was being directed toward fundamental research in 
the field.
    ``Virtually every aspect of information technology upon which we 
rely today bears the stamp of federally sponsored university 
research,'' said Ed Lazowska, a computer scientist at the University of 
Washington and co-chairman of the advisory panel. ``The Federal 
Government is walking away from this role, killing the goose that laid 
the golden egg.''
    As a result of the new restrictions, a number of computer 
scientists said they had chosen not to work with DARPA any longer. Last 
year, the agency offered to support research by Leonard Kleinrock, a 
computer scientist at the University of California, Los Angeles who was 
one of the small group of researchers who developed the Arpanet, the 
1960's predecessor to today's Internet.
    Dr. Kleinrock said that he decided that he was not interested in 
the project when he learned that the agency was insisting that he 
employ only graduate assistants with American citizenship.
    DARPA officials, who declined repeated requests for interviews, 
disputed the university researchers. The agency, which responded only 
in writing to questions, contended that the criticisms leveled by the 
advisory committee and other researchers were not accurate and that it 
had always supported a mix of longer- and shorter-term research.
    ``The key is a focus on high-risk, high-payoff research,'' Jan 
Walker, a DARPA spokeswoman, stated in an e-mail message. Given the 
threat from terrorism and the demands on troops in Iraq, she wrote, 
DARPA is rightly devoting more attention to ``quick reaction'' projects 
that draw on the fruits of earlier science and technology to produce 
useful prototypes as soon as possible.
    The Pentagon shift has put added pressure on the other federal 
agencies that support basic information technology research.
    At the Directorate for Computer and Information Science and 
Engineering of the National Science Foundation, the number of research 
proposals has soared from 2,000 in 1999 to 6,500 last year. Peter A. 
Freeman, its director, said that the sharp rise was partly attributable 
to declines in Pentagon support.
    ``DARPA has moved away from direct funding to universities,'' Mr. 
Freeman said. ``Even when they do directly fund, some of the conditions 
and constraints seem to be pretty onerous. There is no question that 
the community doesn't like what the head of DARPA has been doing, but 
he has his reasons and his prerogatives.''
    The transformation of DARPA has been led by Anthony J. Tether, a 
Stanford-educated electrical engineer who has had a long career moving 
between executive positions at military contractors and the Pentagon.
    Last year, Dr. Tether's new approach led to a series of cutbacks at 
a number of computer science departments. Program financing for a DARPA 
project known as Network Embedded Sensor Technology--intended to 
develop networks of sensors that could potentially be deployed on 
battlefields to locate and track enemy tanks and soldiers--has been cut 
back or ended on as many as five university campuses and shifted 
instead to traditional military contractors.
    ``The network has now become as vital as the weapons themselves,'' 
Dr. Tether said in an appearance before the advisory committee last 
year, testifying that secrecy had become--more essential for a 
significant part of the agency's work.
    That has created problems for university researchers. Several 
scientists have been instructed, for example, to remove previously 
published results from Web sites. And at U.C.L.A. and Berkeley, DARPA 
officials tried to classify software research done under a contract 
that specified that the results would be distributed under so-called 
open-source licensing terms.
    ``We were requested to remove all publicly accessible pointers to 
software developed under the program,'' said Deborah Estrin, Director 
of Embedded Network Sensing at U.C.L.A. ``This is the first time in 15 
years that I have no DARPA funding.''
    At Berkeley, Edward A. Lee, who was recently named Chairman of the 
Computer Science Department, agreed not to publish a final report at 
DARPA's request, even though he told officials the data had already 
become widely available.
    Despite the complaints, some pioneering researchers support the 
changes being driven by Dr. Tether and say they are necessary to 
prepare the Nation for a long battle against elusive enemies.
    ``There are pressures and demands on DARPA to be relevant,'' said 
Robert Kahn, a former DARPA administrator who is now President of the 
Corporation for National Research Initiatives in Reston, Va. ``People 
think it should stay the same, but times have changed.''
    Still, a number of top scientists argue that the Pentagon's shift 
in priorities could not have come at a worse time. Most American 
companies have largely ended basic research and have begun to outsource 
product research and development extensively even as investments in 
Asia and Europe are rising quickly.
    And many computer scientists dispute DARPA's reasoning that 
fighting wars demands a shift away from basic research. During the 
Vietnam War, they say, DARPA kept its commitment to open-ended computer 
research, supporting things like a laboratory in the hills behind 
Stanford University dedicated to the far-out idea of building computing 
machines to mimic human capabilities.
    John McCarthy founded the Stanford artificial research lab in 1964, 
helping to turn it into a wellspring for some of Silicon Valley's most 
important companies, from Xerox Parc to Apple to Intel.
    ``American leadership in computer science and in applications has 
benefited more from the longer-term work,'' Mr. McCarthy said, ``than 
from the deliverables.''

Copyright  2005 by The New York Times Co. Reprinted with permission.

Appendix D

                     Typical DARPA Research Efforts

 1.  3-Dimensional Integrated Circuits: Three dimensional stacked 
integrated circuits to achieve ``human brain-like'' complexity in 
digital circuits.

 2.  Adaptive Focal Plane Array: Tunable microelectromechanical (MEMS) 
etalons at each pixel of an infrared focal plane array for chip-scale 
hyperspectral imaging.

 3.  Advanced Soldier Sensor Information System and Technology: Methods 
that will allow machines to automatically parse multimodal sensory 
input into meaningful ``experiences'' and support intelligent indexing 
and retrieval of useful episodes.

 4.  Architectures for Cognitive Information Processing: Radically new 
computer architectures that are a better match to cognitive information 
processing algorithms than conventional Von Neumann machines.

 5.  Biological Sensory Structure Emulation: Fundamental understanding 
of biological sensory structures, and emulating this knowledge to 
create superior synthetic sensors.

 6.  Biologically-Inspired Cognitive Architectures: Relatively complete 
models of the brain's functioning mapped to brain structures; models 
for cognition, as well as understanding memory models used by people 
for everyday reasoning.

 7.  Bio-Magnetic Interfacing Concepts: Novel capabilities for 
integrating nanomagnetics with biology as a powerful new tool for 
manipulation and functional control of large numbers of cells and 
biomolecules, including magnetically actuated, on/off control of 
cellular functions, and magnetic filtration of pathogens.

 8.  Canard Rotor Wing: Aircraft capable of transforming from a 
helicopter into a jet-and retaining all the advantages of either.

 9.  Chip Scale Atomic Clock: Atomic time precision in devices smaller 
than a dime that will revolutionize modern networking and 
communications.

10.  Close Combat Lethal Reconnaissance: A new weapon approach that 
allows long-range indirect fire to occur at the individual soldier 
level.

11.  Computational Fluid Dynamics: Incorporation of underlying physics 
will enable advances in CFD for building ships with greatly reduced 
friction drag, and building extraordinarily quiet helicopter blades.

12.  Coordination Decision-Support Assistants: Personalized machine-
based cognitive coordination agents to assist commanders in adapting 
complex plans in real time to changing situations.

13.  Cormorant: Unmanned aircraft that can be launched from a submarine 
and retrieved at the end of a mission.

14.  Data in Optical Domain--Network: All-optical communications with 
optical coding, storage, multiplexing, and routing.

15.  Defense Against Cyber Attacks on Mobile Ad Hoc Network Systems: 
Cognitive, autonomous, information assurance tools for next-generation, 
yet-to-be-deployed, tactical military networks.

16.  Disruption Tolerant Networking: Replacing the connection oriented 
philosophy of today's Internet with protocols that guarantee message 
delivery, even when connections are disrupted.

17.  Dynamic Quarantine of Computer-Based Worms: Computer defenses that 
operate ``faster-than-worm-speed'' against zero-day worms.

18.  Electronic and Photonic Integrated Circuits: Ubiquitous photonics 
produced on the same wafer as silicon microelectronics.

19.  Engineered Bio-Molecular Nano-Devices/Systems: Engineered bio-
molecular nanoscale devices that emulate the behavior of membrane ion 
channels to enable real-time observation and analysis of bio-molecular 
signals, enabling single-molecule sensitivity.

20.  Exploitation of 3D Data: New methods to describe and analyze shape 
signatures from advanced 3D sensors that can recognize specific targets 
from a vast array of alternatives; e.g., finding a specific terrorist 
vehicle in urban clutter.

21.  Focus Areas in Theoretical Mathematics: New mathematical 
foundations for conformal field theory in physics.

22.  Global Autonomous Language Exploitation: Ultimately replace human 
language translators and human analysts with machine language 
processing that leads directly from source natural language (speech or 
text) to actionable intelligence.

23.  Global Reach With Global Endurance: Novel aircraft and propulsion 
concepts to enable aircraft to launch from the United States and reach 
anywhere in the world--and stay aloft for weeks at a time.

24.  Heterogeneous Urban Reconnaissance Teams: System to provide real-
time reconnaissance, surveillance, targeting, and acquisition services 
directly to warfighters in complex urban environments.

25.  High-Productivity Computing Systems: Viable peta-scale processor 
to be available (in small numbers) by 2010.

26.  Handheld Isothermal Silver Standard Sensor: Develop a handheld 
sensor for biological warfare agents that brings laboratory-quality 
assays into the field.

27.  Human Assisted Neural Devices: Fundamental research to enable the 
understanding and use of brain activity to control external prosthetic 
devices, using sensory feedback and memory.

28.  Hypersonic Aircraft and Missiles: Controlled flight at higher 
speeds than ever before, exploring the uncharted territory of flight at 
six to 20 times the speed of sound.

29.  Immune Buildings: Buildings to actively defend against chemical 
and biological warfare agent releases inside or near them.

30.  Improving Warfighter Information Intake Under Stress: A machine 
that recognizes a human's cognitive state (especially under stress) and 
adapts its mode of information presentation based on the state.

31.  Indoor and Underground Navigation: GPS-like capability to 
navigation inside and underground.

32.  Innovative Space-Based Radar Antenna Technology: Components, 
deployment technologies, and active calibration methods to enable 
affordable, tactical-grade targeting from space, thereby enabling true 
persistent surveillance of all moving ground vehicles.

33.  Integrated Sensor Is Structure: Integrate the world's largest 
radar into a station keeping airship, to enable uninterrupted, 
persistent surveillance of all air and ground targets, including 
dismounted troops.

34.  Intelligence, Surveillance, and Reconnaissance (ISR) for Building 
Internals: Extend the range of our ISR capabilities to include 
determining building layout and occupancy from outside, prior to entry.

35.  Laser Weapons: Tactical and practical laser weapons that can be 
carried in a HMMWV or fighter jet and are capable of shooting any 
tactical threat out of the air-from missiles to mortars.

36.  Low Power Micro Cryogenic Coolers: Local refrigerators machined 
into regions of highly sensitive circuits to increase the performance 
of the electronics without appreciable increases in the direct current 
power.

37.  Machines That Mimic Nature: Nano-flapping winged vehicles, 
vehicles that flare to land like birds, and snake-like robots.

38.  Mission-Adaptable Chemical Spectrometer: A man-portable, chemical 
identification system with a sensitivity of 10 parts per trillion.

39.  Mobile Integrated Sustainable Energy Recovery: Novel mechanical 
and chemical approaches to allow the processing of military waste into 
logistics fuels.

40.  Negative Index Materials: Novel microwave materials that have a 
negative refractive index (``left handed'') behavior, and extending 
this behavior to the optical regime.

41.  New Concepts for Logistics: Novel, heavy lift aircraft concepts 
capable of moving an entire army brigade from fort to fight-eliminating 
any need for bases outside the United States.

42.  Novel Satellite Communications: Jam-proof communications 
satellites.

43.  Ocean Wave Energy Harvesting: High efficiency harvesting of 
electrical energy from wave motion.

44.  Opto-Electronics for Coherent Optical Transmission And Signal 
Processing: Exploit phase control of photons to realize coherent 
optical free-space communications.

45.  Persistent Operational Surface Surveillance and Engagement: 
Persistent surveillance system that can respond rapidly to a rapidly 
evolving insurgent threat.

46.  Personalized Assistant That Learns: Integrated, enduring 
personalized cognitive assistant that perceives, reasons, and learns.

47.  Protein Design Processes: Approaches to radically transform the 
protein design process by developing new mathematical and biochemical 
approaches to the in silico design of proteins.

48.  Quantum Information Science and Technology: Fundamental technology 
and ideas that could ultimately lead to a quantum computer.

49.  Rad Decontamination: First methods to decontaminate buildings 
after release of radiological dispersal device; provides a clean-up 
option other than rubble-ization.

50.  Radiation Hard By Design: Putting Moore's Law into space by 
exploiting commercial integrated circuit fabrication of military-
critical circuits for satellites.

51.  Rapid Vaccine Assessment: Interactive and functional in vitro 
human immune system that will replicate the in vivo human immune 
response.

52.  Real-time Adversarial Intelligence and Decision-making: Methods 
that model an adversary's likely course of action in different urban 
combat scenarios.

53.  Real-World Reasoning: Fundamental research in machine reasoning, 
trying to drastically improve the scale at which certain types of 
reasoning can be done.

54.  Restorative Injury Repair: Fundamental understanding of the 
behavior of cells as they recover from injury, and learning how to 
control their regeneration in order to regrow the original structure 
(skin, muscle, etc.), rather than scar.

55.  Robotic Ground Vehicles: Ground vehicles that can sense and react 
to complex terrain-negotiating obstacles, discovering paths, avoiding 
detection, and conducting military missions.

56.  Robotic Space Assembly Concepts: Revolutionary space capabilities 
on orbit--systems too complex and fragile to be constructed anywhere 
but in zero-G.

57.  Robotic Spacecraft: Autonomously repairing, upgrading, and 
refueling other satellites-completely changing the paradigm and 
economics of ``disposable'' military spacecraft.

58.  Satellite Navigation: Using pulsing neutron stars as GPS-like 
sources.

59.  Self Forming Constellations of Tiny Intelligent Spacecraft: 
Spacecraft that are cheap, easy to launch, and swarm together to 
provide entirely new capabilities beyond current space systems.

60.  Self-Regenerative Systems: Revolutionary capabilities for computer 
systems under cyberattack to heal themselves, create immunity to future 
attack, and recognize and stop insider threats.

61.  Semiconductor Ultra Violet Optical Sources: New region of the 
photon spectrum with wide bandgap semiconductor lasers and light 
emitting diodes.

62.  Slow Light: Fundamental physics and new solid-state materials that 
slow, store, and process light pulses, i.e., optical information, in 
optical components.

63.  Standoff Precision Identification in Three Dimensions: New long-
range ladar that can acquire entire scenes in a single frame, rather 
than by scanning.

64.  Statistical and Perturbation Methods in Partial Differential 
Equation (PDE) Systems: Stochastic treatment of fundamental PDEs 
modeling physical systems; e.g., Maxwell, Navier-Stokes, Helmholtz, 
Poisson, and Laplace.

65.  Surviving Blood Loss: Fundamental understanding of the mechanisms 
of oxygen use in cells and the mechanisms of hibernation in order to 
increase the time before onset of hemorrhagic shock.

66.  Sustained Littoral Presence: Using the chemistry of the undersea 
environment to generate electrical power.

67.  Swarming Robotic Flyers for Urban Reconnaissance: Controlling 
every intersection and rooftop and reporting directly back to the 
soldier on the ground.

68.  Technology for Frequency Agile Digitally Synthesized Transmitters: 
500 GHz transistors with large dynamic range to support circuits for 
direct digital generation of microwave waveforms.

69.  Terahertz Imaging Focal Plane Array Technology: Bridging the 
terahertz gap with sources and detectors in the 300 to 3,000 GHz (3 
THz) frequency range.

70.  Triangulation Identification for Genetic Evaluation of Biological 
Risk: The first, truly broadband sensor for detecting biological 
warfare agents, as well as diagnosing human disease, including agents/
diseases never before seen or sequenced.

71.  Tiny Bullets and Grenades: Munitions capable of steering 
themselves in flight to hit the hardest targets at the farthest ranges.

72.  Topological Data Analysis: Mathematical concepts and techniques 
necessary to determine the fundamental geometric structures underlying 
massive data sets.

73.  Traction Control: Nonlethal force multiplier to develop capability 
to adjust traction on surfaces to allow traction by U.S. forces, but 
deny it to the enemy.

74.  Transfer Learning: New methods for learning that ultimately will 
allow the transfer of knowledge learned on one problem to many others 
not anticipated when the initial learning was done.

75.  Untouchable Aircraft: Giving aircraft the capability to shoot down 
modern missile threats with high power beam weapons.

76.  Very High Efficiency Solar Collectors: Engineered biomolecules to 
guide the assembly of inorganic molecules to create solar cells that 
are 50 percent efficient.

77.  Wide Bandgap Semiconductors for RF Applications: High power, high 
frequency transistors based on wide bandgap semiconductors for future 
radar, electronic warfare, and communications systems.

                    Biography for Anthony J. Tether

    Dr. Anthony J. Tether was appointed as Director of the Defense 
Advanced Research Projects Agency (DARPA) on June 18, 2001. DARPA is 
the principal Agency within the Department of Defense for research, 
development, and demonstration of concepts, devices, and systems that 
provide highly advanced military capabilities. As Director, Dr. Tether 
is responsible for management of the Agency's projects for high-payoff, 
innovative research and development.
    Until his appointment as Director, DARPA, Dr. Tether held the 
position of Chief Executive Officer and President of The Sequoia Group, 
which he founded in 1996. The Sequoia Group provided program management 
and strategy development services to government and industry. From 1994 
to 1996, Dr. Tether served as Chief Executive Officer for Dynamics 
Technology Inc. From 1992 to 1994, he was Vice President of Science 
Applications International Corporation's (SAIC) Advanced Technology 
Sector, and then Vice President and General Manager for Range Systems 
at SAIC. Prior to this, he spent six years as Vice President for 
Technology and Advanced Development at Ford Aerospace Corp., which was 
acquired by Loral Corporation during that period. He has also held 
positions in the Department of Defense, serving as Director of DARPA's 
Strategic Technology Office in 1982 through 1986, and as Director of 
the National Intelligence Office in the Office of the Secretary of 
Defense from 1978 to 1982. Prior to entering government service, he 
served as Executive Vice President of Systems Control Inc. from 1969 to 
1978, where he applied estimation and control theory to military and 
commercial problems with particular concentration on development and 
specification of algorithms to perform real-time resource allocation 
and control.
    Dr. Tether has served on Army and Defense Science Boards and on the 
Office of National Drug Control Policy Research and Development 
Committee. He is a member of the Institute of Electrical and 
Electronics Engineers (IEEE) and is listed in several Who's Who 
publications. In 1986, he was honored with both the National 
Intelligence Medal and the Department of Defense Civilian Meritorious 
Service Medal.
    Dr. Tether received his Bachelor's of Electrical Engineering from 
Rensselaer Polytechnic Institute in 1964, and his Master of Science 
(1965) and Ph.D. (1969) in Electrical Engineering from Stanford 
University.

    Chairman Boehlert. Dr. Wulf.

 STATEMENT OF DR. WILLIAM A. WULF, PRESIDENT, NATIONAL ACADEMY 
                         OF ENGINEERING

    Dr. Wulf. Good morning, Mr. Chairman and Members of the 
Committee. I am Bill Wulf. I am President of the National 
Academy of Engineering. I am on leave from the University of 
Virginia, Computer Science Department where, among other 
things, I did research on cyber security. I really appreciate 
the opportunity to testify to the Committee today, because I 
think this is a really important issue.
    I come at this from the, I think, fortunate perspective of 
an academic who has received federal support from both DARPA 
and NSF, being the founder of a software company and thus a 
personal witness to how that federal support translates into 
commercial product, as someone who had the responsibility of 
dispensing those research funds as Assistant Director of the 
National Science Foundation, and now, at the Academies, as a 
participant in a broad range of technology-related public 
policy discussions.
    Before I respond to the specifics of the questions that 
were in the letter inviting me here, I would like to touch on 
three points having to do with how I think about these issues.
    First, in ``Science the Endless Frontier,'' the report that 
established the system of federal funding of basic research 
that we now have, Vannevar Bush advocated a system in which the 
government funds research, but the research to be done is 
selected on its merit by the researchers themselves. He said 
that such a system would pay dividends to the Nation in 
national security, prosperity, and health. Frankly, I think it 
is hard to think of a better ``poster child'' for the truth of 
this assertion than computer science.
    From smart bombs for defense, to a three percent 
productivity growth due to information technology, to cochlear 
implants, the Nation has benefited tremendously from the 
federal investment in long-term basic research at universities. 
Note I said ``investment'' in long-term research. I think it is 
a mistake to think of such funding as an expense. It is an 
investment that demonstratively has had a huge return.
    Second, computing and computer science is in the unusual 
position of being both a challenging intellectual discipline in 
itself and providing an infrastructure for other fields of 
science, engineering, and commerce. While many benefits to 
society can be directly attributed to computer science, there 
are many more that have resulted from the use of computing in 
everything from cosmology, to weather prediction, to health 
care, to Wal-Mart's ``just in time'' delivery system. Across 
this broad spectrum, computer science has been an investment 
with an enormous multiplier, because advances in computing and 
information technology have immediate, direct, and tangible 
benefits on virtually all human activities.
    Third, it is about people, stupid! It is worth reminding 
ourselves that Bush's ``Science the Endless Frontier'' was 
written in response to President Roosevelt's question about how 
we would ensure, how the country would ensure, that if there 
were another world war we would have the people able to do what 
the scientists and engineers did to help win World War II. For 
all of the bounties that we can point to as coming from 
computing research, the most important output has been the 
cadre of educated women and men that can take us to the next 
level.
    So with that context, let me touch now on some of the 
questions in your invitation letter to me. I hope I have 
answered them all and answered them more fully in my written 
testimony.
    I must say that although this hearing is about the state of 
computer science, I am more generally concerned about what I 
perceive as a shift to more risk-adverse funding of research in 
all of the physical sciences and engineering. But with respect 
to computer science, within the context of this general drift 
toward conservatism, I would make several points.
    First, the NSF budget for computer and information science 
and engineering has grown nicely from when I ran that 
directorate in the '80s, and I think the CISE Directorate is to 
be congratulated for using that growth to increase the average 
grant size rather than taking the politically easier route of 
funding more proposals.
    This has, however, led it to a potentially serious decline 
in the success rate; that is, the number of proposals that are 
funded as a fraction of those that are submitted, although I 
must say that the success rate is determined by a number of 
factors, not just the amount of funds. I don't have access to 
the data that would let me analyze how serious the problem is 
in specific areas. What I can say, from discussions with my 
colleagues, however, is that the computer science community 
believes that it is a serious problem and has adapted its 
behavior accordingly. More time is spent writing proposals 
rather than doing research, more failed proposals are recycled, 
more incremental and less bold ideas are advanced.
    NSF has, by the way, and with thanks to this committee, 
focused more resources on cyber security research. It is, in 
fact, now the major supporter of university-based research in 
this area. This is, however, also an example of the success 
rate problem. Only slightly more than eight percent of the 
proposals in response to its Cyber Trust Initiative were 
funded.
    Second, I am deeply concerned about what I believe is 
happening at DARPA. On top of what I perceive to have been a 
many-year drift toward the less ambitious and more incremental, 
the Iraq War has been described as a reason to dramatically 
accelerate this to focus on reaping the successes of the past, 
to focus on rapid deployment, to focus on industrial 
development over university research, and to shift the balance 
strongly toward near-term topics.
    While I can certainly agree that reaping, developing, and 
focusing on the near-term are needed, so is long-term 
investing. Without current investment, there won't be anything 
to reap in the future. Moreover, there are many DOD 
organizations that can reap and develop. There was only one old 
style DARPA, and it is gone.
    The problem with trying to assess the consequences of the 
kind of shift we have seen at DARPA is that they are 
opportunity costs. They are measured in ``might have beens,'' 
and at best, are evident only years after the fact. By 
comparison with tangible, immediate results of reaping and 
developing, such costs may appear ephemeral and perhaps even 
wasteful. Yet one can only wonder at what the world would be 
like today if the immediacy of the Vietnam and Cold Wars had 
diverted ARPA--intentionally ARPA, not DARPA--from funding 
crazy ideas like networking, timesharing, VLSI, graphics, RISC 
architectures, RAID disk systems, parallel computing. These and 
any number of other technologies are central to today's 
computer industry and the results pay off daily to industry, 
government, consumers, and the military.
    It is well known that it takes about 15 years, plus or 
minus a few, for ideas to make their way from laboratory to 
product. One way to look at that is that there is normally a 
15-year pipeline of ideas and technologies. In fact, only a few 
of the ideas in that pipeline will, in fact, become commercial, 
and we have no good way to predict which of them will be the 
most important. Thus, if one stops filling the pipeline, the 
effect on industry will not be immediately visible as it 
``drains'' the pipe, nor will the exact nature of the future 
impact be predictable. But that there will be an impact is an 
inescapable lesson of history.
    As was noted in the recent Defense Science Board Task 
Force, this was from February of 2005, on High Performance 
Microchips, I quote: ``University and independent laboratory 
work has played an important role in microelectronic history in 
that it has sown the seeds for major technological shifts. At a 
time when the effectiveness of conventional approaches to the 
extension of Moore's Law are nearing their end, new ideas are 
essential to continue the progress on which the industry and 
future military systems depend.''
    Although this DSB report is focused on microelectronics, 
much the same can be said for all aspects of information 
technology. At a time of growing global competition, DARPA's 
disinvestment in university-based, long-term research is, in my 
view, a risky game for the country.
    You also asked me about the government's priorities for 
research. I suspect that the answer to that question, by a set 
of randomly-chosen computer scientists would very enormously 
and probably correlate pretty well with whether their 
individual research interests are on today's ``in list.'' 
Frankly, my concern is less with what is on that ``in list'' 
than with the frequency with which the list changes.
    As I tried to say in my previous testimony to this 
committee on the issue of cyber security, stability of funding 
is as important as its magnitude. Academic careers are built on 
a reputation for work done over decades. If the perception is 
that the area is a ``fad,'' it may attract a few weaker 
researchers, but the best researchers will migrate to where 
multi-decade support is probable.
    Given that I have already run over my time, Mr. Chairman, I 
will end there and thank you very much for the opportunity.
    [The prepared statement of Dr. Wulf follows:]

                 Prepared Statement of William A. Wulf

The State of Computer Science Research in the U.S. and the Evolution of 
                         Federal Support for It

    Good morning, Mr. Chairman and Members of the Committee. I am Wm. 
A. Wulf, President of the National Academy of Engineering, and on leave 
from being the AT&T Professor of Engineering and Applied Science in the 
Department of Computer Science at University of Virginia. I appreciate 
the opportunity to testify today on the state of Computer Science 
research in the U.S.
    A few words about my background will provide a context for my 
remarks. I was a professor at Carnegie Mellon University (CMU) for 13 
years (from 1968 to 1980); and during that time I did research in a 
number of subfields of Computer Science--specifically computer 
security, computer architecture, operating systems, programming 
languages, and optimizing compilers. I left CMU in 1980 to found and 
run a software company and subsequently served as an Assistant Director 
of the National Science Foundation (NSF). In 1991, I returned to 
academia at the University of Virginia, where I resumed my research in 
Computer Science. In 1997 I became President of the National Academy of 
Engineering which, together with the National Academy of Sciences, is 
chartered by the Congress to provide advice to the government on issues 
of science, engineering and health. Thus I have the fortunate 
perspective of being a recipient of federal research support, a witness 
to how that support translates into commercial product, someone with 
the responsibility of dispensing that research support, and a 
participant in a broad range of technology related public policy 
deliberations.
    Before responding to the specifics of the questions in your letter 
inviting me here today, I would like to make four points concerning how 
I think about these issues.
    First, in Science The Endless Frontier, the report that established 
our system of federal funding of basic research, Vannever Bush 
advocated a system in which the government funds research, but the 
research to be done is selected on its merit by the researchers 
themselves. He said that such a system would pay dividends to the 
Nation in national security, prosperity, and health. It is hard to 
think of a better ``poster child'' for the truth of this assertion than 
Computer Science. Consider the abbreviated list:

National Security: smart bombs, GPS, unprecedented ``information 
        awareness'' for the war-fighter, unmanned robotic vehicles for 
        surveillance, enormously enhanced training through use of 
        virtual reality, etc.

Prosperity: a three percent national productivity growth fueled by 
        information technology, dozens of multi-billion dollar per year 
        industries (see Figure 1), Internet-enabled business models, a 
        40-fold reduction in the cost of telephony, a global wireless 
        phone system, etc.

Health: Medical imagery (CAT scans, etc.), cochlear implants, bio-
        sensors, smart prosthetics, smart defibrillating pacemakers, 
        etc.

    All of these were made possible by the federal investment in long-
term, basic computing research. It is a mistake to think of such 
funding as an ``expense;'' it is an investment that demonstrably has 
had a huge return! Technology such as that listed above is the return 
on the investments made a decade or more ago. Investments made today in 
research will have equally large returns for our children and 
grandchildren; conversely, it is our children and grandchildren that 
will pay if we do not make them now.
    Second, computing and computer science is in the unusual position 
of being both a challenging intellectual discipline in itself, and 
providing an infrastructure for other fields of science, engineering, 
and commerce. While the benefits to society listed above can be 
directly attributed to computer science, there are also many more 
benefits that have resulted from the use of computing in everything 
from cosmology, to weather prediction, to health care, to Walmart's 
``just in time'' inventory. Across this broad spectrum, computer 
science has enabled a better quality of life for us all. For me this 
simply reinforces the notion that funds expended on computing research 
are demonstrably investment, not expense. They are, in fact, an 
investment with an enormous multiplier because advances in computing 
and information technology have immediate, direct and tangible benefits 
on virtually all human activities.
    Third, I do not believe the ``linear model'' of technology 
development! In my experience, the idea that basic research begets 
applied research begets development begets benefits to society is both 
wrong and counter-productive when applied to public policy decisions! 
Instead, there is a marvelously rich and productive interplay between 
basic scientific discovery and application, between universities and 
industry, between societal need and technology. We refer to Figure 1 as 
the ``tire tracks chart;'' it shows the relation between industry and 
universities in the development of about twenty information 
technologies, each of which produces more than a billion dollars of 
revenue per year. As you can see, progress does not always start with 
basic research, and it often involves iteratively exchanging roles 
between university and industry. The bottom line, however, is that if 
federally-funded, university-based basic research weren't ``in the 
loop,'' these enormously beneficial technologies would not exist. Basic 
research may not be the original source for all the benefits we enjoy 
from technology, but it is a vital and irreplaceable component of the 
rich system that produces them.




    Fourth and finally, it's about people, stupid! It is worth 
reminding ourselves that Bush's Science The Endless Frontier was 
written in response to President Roosevelt's question about how we can 
ensure that, if there were another world war, we would have the people 
able to do what scientists and engineers did to help win WWII. For all 
the bounties that we can point to as coming from computing research, 
the most important output has been the cadre of educated women and men 
that can take us to the next level. From personal experience, I firmly 
believe that the U.S. early dominance in electronics and software was 
because of the students educated by the enlightened policies of DARPA 
and NSF beginning in the 1960's! If computing research has a large 
multiplier because of its broad application, then the people capable of 
doing that research are yet another multiplier on top of that! 
Disinvestment in university-based research is a disinvestment in the 
production of the next generation of people, with far greater negative 
impact than simply the loss of the research.
    With that context, let me now turn to the three questions in your 
invitation to me:

        1.  What effects are shifts in federal support for computer 
        science--e.g., shifts in the balance between short- and long-
        term research, shifts in roles of different agencies--having on 
        academic and industrial computer science research? What effects 
        are changes in the research likely to have on the future of the 
        U.S. information technology industry and on innovation in the 
        field?

        2.  Are the Federal Government's current priorities related to 
        computer science research appropriate? If not, how should they 
        be changed?

        3.  What are [my] views on the recent President's Information 
        Technology Advisory Committee (PITAC) report on cyber security? 
        What should the Federal Government be doing to implement the 
        recommendations of this report? Should PITAC be renewed when 
        its current term expires on June 1?

    Although this hearing is about the state of computer science, I am 
concerned about what I perceive as a shift to more risk averse funding 
of research in all of the physical sciences and engineering, and in all 
of the agencies that have traditionally funded such research. At a 
macro-level, I am concerned that while this committee has authorized a 
doubling of the NSF budget, the funds have not been appropriated. I am 
equally concerned about the proposed decrease of DOD 6.1 funding. It is 
easy to make, and even to understand, the argument that in the current 
budget situation increases are not likely in either of these accounts; 
nonetheless, I find it deeply troubling that there seems to be little 
recognition of the long term consequences of a decision not to make 
these investments.
    As I have testified to this committee before, it is not just that 
there is an increasingly short-term focus in some agencies, it is that 
even in those agencies with a longer-term focus, when resources are 
tight, researchers themselves propose more incremental, less risky 
projects. Where bold new ideas are needed, as in cyber security, we see 
conservatism and temerity instead. There are exceptions of course, but 
perversely, when resources are tight we generally get less out of what 
we do spend. Someone once said that great research does not come from 
moments of great insight, but from moments of great courage! When the 
existence of one's research program is on the line, courage becomes 
even rarer than usual. There is a cascading effect of this--more timid 
PI's educate students to be more timid, provoking a long-term decline 
in the quality of research.
    With respect to computer science within this general drift towards 
conservatism, I would make several points:
    First, at NSF the budget for Computer and Information Science and 
Engineering (CISE) has grown nicely from when I ran it in the late 
80's, and CISE is to be congratulated for using that growth to increase 
the average grant size rather than taking the politically easier route 
of funding more proposals. In addition, it has added center-scale 
projects through its Information Technology Research (ITR) program. 
Together, however, this has led to a potentially serious decline in the 
``success rate'' in some areas--although the success rate is determined 
by a number of factors and I do not have access to the data to let me 
analyze just how serious this is in specific areas. What I can say from 
discussions with my colleagues is that the computer science community 
believes that it is serious and has adapted its behavior accordingly: 
more time is spent writing proposals, more failed proposals are 
``recycled,'' more incremental and less bold ideas are advanced, etc. I 
suspect that the decline in success rates is serious, but I know that 
even if it is not, it is having a significant negative impact.
    NSF has, by the way, and with thanks to this committee, focused 
more resources on cyber security research. NSF is, in fact, now the 
major supporter of university-based research in this area. It is, 
however, also an example of the success rate problem mentioned above--
only slightly more than eight percent of the proposals in response to 
its Cyber Trust initiative were funded!
    Having been the Assistant Director in charge of CISE, I can't help 
also remarking that there is often a misunderstanding of the CISE 
budget. About half of it is leverage for other fields, not computer 
science. CISE manages the Foundation's investment in cyber-
infrastructure that is devoted to supporting those other fields. When 
at the Foundation I felt simultaneously proud to have the opportunity 
to leverage the success of those other fields, and frustrated at the 
misunderstanding by many of how little of our budget was actually 
devoted to the basic underpinning that created that leverage.
    Second, I am deeply concerned about what has happened at DARPA. On 
top of a many year drift toward the less ambitious and more 
incremental, the Iraq war has been described as a reason to 
dramatically accelerate this--to focus on reaping the successes of the 
past, to focus on rapid development, to industrial development over 
university research, and to shift the balance strongly toward near-term 
topics. While I can agree that reaping, developing and focusing on the 
near-term are needed, so is long-term investing. Without current 
investment there won't be anything to reap next time. Moreover, while 
there are many DOD organizations that can reap and develop, and that 
collectively have the bulk of DOD's Science and Technology budget, 
there was only one old-style DARPA, and it is gone.
    The problem with trying to assess the consequences of the kind of 
shift we have seen at DARPA is that they are opportunity costs, 
measured in ``might have beens,'' and at best evident only years after 
the fact. By comparison with the tangible, immediate results of reaping 
and developing, such costs may appear ephemeral and perhaps even 
wasteful. Yet one can only wonder at what the world would be like today 
if the immediacy of the Vietnam War had diverted ARPA from funding 
crazy ideas like networking, timesharing, VLSI, graphics, RISC 
architectures, RAID disk systems, parallel computing--or any number of 
other technologies that are essential to today's computer industry and 
whose results pay off daily to industry, government and the consumer as 
well as the military.
    Any number of studies have shown that it takes about fifteen years, 
plus or minus a few, for ideas to make their way from laboratory to 
product. One way to look at that is that there is a fifteen year 
pipeline of ideas and technology. Only a few of these ideas will, in 
fact, become commercial, and we have no good way to predict which of 
them will be the most important. Thus, if one stops filling the 
pipeline, the effect on industry will not be immediately visible as it 
``drains'' the pipeline, nor will the exact nature of the future impact 
be predictable. But that there will be an impact is an inescapable 
lesson of history.
    As was noted in the recent (February 2005) Defense Science Board 
(DSB) Task Force on High Performance Microchip Supply:

         ``University and independent laboratory work has played and 
        important role in micro-electronic history in that it has sown 
        the seeds for major technological shifts.. . . At a time when 
        the effectiveness of conventional approaches to the extension 
        of Moore's Law are nearing their end, new ideas are essential 
        to continue the progress on which the industry and future 
        military systems depend.''

    Although this DSB report is focused on micro-electronics, much the 
same can be said for all aspects of information technology. At a time 
of growing global competition, DARPA's disinvestment in university-
based, long-term research is, in my view, a risky game for the country.
    Third, please permit me to vent an old annoyance. Information 
technology has become critical to virtually every agency of the Federal 
Government, and specifically to those that fund research--NASA, DOE, 
NIH, EPA, NOAA, etc. I believe it is fair to say that these agencies 
could not fulfill their primary mission without the information 
technology developed in the last 50 years. Yet none of these agencies 
has contributed significantly to the development of the basics 
underlying that technology. As concerned and unhappy as I am with the 
trends at the traditional funders of computer science, I am at least as 
much so with the complete absence of those other agencies that benefit 
enormously from computer science research!
    Now let me turn to the question about the government's priorities. 
I suspect that the answer to this question by a set of randomly chosen 
computer scientists would vary enormously and correlate well with 
whether an individual researcher's interest was on today's ``in list.'' 
My concern is less with what is on today's ``in list'' than with the 
frequency with which the list changes. As I tried to say in my previous 
testimony to this committee on the issue of cyber security, stability 
of funding is as important as its magnitude. Academic careers are built 
on a reputation for work done over decades. If the perception is that 
an area is a ``fad,'' it may attract a few weaker researchers, but the 
best researchers will migrate to where multi-decade support is 
probable.
    I understand the desire for program officers and agency heads to 
``make their mark,'' but I think the most effective and profound change 
the government could make would be to ensure that any new programs last 
long enough to have an effect--to attract people, let them find their 
footing, have a real chance to succeed or fail, and produce real 
benefit to society! Such a move would both raise the bar on evaluation 
of new programs and create the stability that will ensure that the best 
researchers become involved.
    To answer your third question--as you might expect from my previous 
testimony to this committee,\1\ I am strongly in agreement with the 
recent PITAC report on Cyber Security.\2\ I am particularly pleased 
that they strongly identified the need for a better funded and stable 
program of long-term basic research; as you will recall, that was what 
I also recommended. In my view, the dominant model of cyber security, 
namely a perimeter defense, is flawed and incremental patches to it 
will never result in the level of security we need for today's systems, 
much less the increased dependence we should expect for future ones. 
This is an excellent example where boldness and courage are needed, and 
hence where the perception of excessively low proposal success rates 
can have severe consequences! Their one recommendation that was not in 
my previous testimony concerns the need for coordination among the 
various agencies that fund cyber security research, and I concur that 
such coordination is needed. It is too soon to know what will happen as 
a result of the report, but I hope it will be aggressively implemented.
---------------------------------------------------------------------------
    \1\ Testimony to the House Science Committee, CYBER SECURITY: 
BEYOND THE MAGINOT LINE, 10 Oct. 2001
    \2\ President's Information Technology Advisory Committee (PITAC), 
Cyber Security: A Crisis of Prioritization, February 2005.
---------------------------------------------------------------------------
    Concerning PITAC--I believe it fulfills a unique and important 
role. Its reports on Health Care Information Technology and Cyber 
Security have been extremely valuable, and I expect their forthcoming 
report on Computational Science will be as well. So, from my 
perspective it is important for PITAC to be re-chartered, but that 
clearly hinges on the Administration's perception of its utility, not 
mine. If it is re-chartered, I would like to see PITAC tackle the 
broader issues that are the subject of this hearing, namely whether the 
Nation's overall information technology R&D investment appropriate for 
us to maintain our lead in this critical field.
    Thank you for the opportunity to testify on this important matter.

                     Biography for William A. Wulf

Education:

B.S.  Engineering Physics  University of Illinois, 1961

M.S.  Electrical Engineering  University of Illinois, 1963

Ph.D.  Computer Science  University of Virginia, 1968

Positions:

President, National Academy of Engineering, 1996 to present.

AT&T Prof. of Engr., University of Virginia, 1988 to present.

Assistant Director, National Science Foundation, 1988 to 1990.

Chairman & CEO, Tartan Laboratories Inc., 1981 to 1987.

Professor, Carnegie-Mellon University, 1975 to 1981.

Associate Professor, Carnegie-Mellon University, 1973 to 1975.

Assistant Professor, Carnegie-Mellon University, 1968 to 1973.

Instructor, University of Virginia, 1963 to 1968.

Descriptive Biography:

    Dr. Wulf was elected President of the National Academy of 
Engineering (NAE) in April 1997; he had previously served as Interim 
President beginning in July 1996. Together with the National Academy of 
Sciences, the NAE operates under a congressional charter and 
presidential executive orders that call on it to provide advice to the 
government on issues of science and engineering.
    Dr. Wulf is on leave from the University of Virginia, where he is a 
University Professor and the AT&T Professor of Engineering and Applied 
Science. Among his activities at the University were a complete 
revision of the undergraduate Computer Science curriculum, research on 
computer architecture and computer security, and an effort to assist 
humanities scholars exploit information technology.
    In 1988-90 Dr. Wulf was on leave from the University to be 
Assistant Director of the National Science Foundation (NSF) where he 
headed the Directorate for Computer and Information Science and 
Engineering (CISE). CISE is responsible for computer science and 
engineering research as well as for operating the National 
Supercomputer Centers and NSFNET. While at NSF, Dr. Wulf was deeply 
involved in the development of the High Performance Computing and 
Communication Initiative and in the formative discussions of the 
National Information Infrastructure.
    Prior to joining Virginia, Dr. Wulf founded Tartan Laboratories and 
served as its Chairman and Chief Executive Officer. Before returning to 
academe, Dr. Wulf grew the company to about a hundred employees. Tartan 
developed and marketed optimizing compilers, notably for Ada. Tartan 
was sold to Texas Instruments in 1995.
    The technical basis for Tartan was research by Dr. Wulf while he 
was a Professor of Computer Science at Carnegie-Mellon University, 
where he was Acting Head of the Department from 1978-1979. At Carnegie-
Mellon Dr. Wulf's research spanned programming systems and computer 
architecture; specific research activities included: the design and 
implementation of a systems-implementation language (Bliss), 
architectural design of the DEC PDP-11, the design and construction of 
a 16 processor multiprocessor and its operating system, a new approach 
to computer security, and development of a technology for the 
construction of high quality optimizing compilers. Dr. Wulf also 
actively participated in the development of Ada, the common DOD 
programming language for embedded computer applications.
    While at Carnegie-Mellon and Tartan, Dr. Wulf was active in the 
``high tech'' community in Pittsburgh. He helped found the Pittsburgh 
High Technology Council and served as Vice President and Director from 
its creation. He also helped found the CEO Network, the CEO Venture 
Fund, and served as an advisor to the Western Pennsylvania Advanced 
Technology Center. In 1983 he was awarded the Enterprise ``Man of the 
Year'' Award for these and other activities.
    Dr. Wulf is a member of the National Academy of Engineering, a 
Fellow of the American Academy of Arts and Sciences, a Corresponding 
Member of the Academia Espanola De Ingeniera, a Member of the Academy 
Bibliotheca Alexandrina (Library of Alexandria), and a Foreign Member 
of the Russian Academy of Sciences. He is also a Fellow of five 
professional societies: the ACM, the IEEE, the AAAS, IEC, and AWIS. He 
is the author of over 100 papers and technical reports, has written 
three books, holds two U.S. Patents, and has supervised over 25 Ph.D.s 
in Computer Science.



    Chairman Boehlert. Thank you very much, Dr. Wulf.
    Dr. Leighton.

 STATEMENT OF DR. F. THOMSON LEIGHTON, CHIEF SCIENTIST AND CO-
                  FOUNDER, AKAMAI TECHNOLOGIES

    Dr. Leighton. Sorry. I will start over.
    Mr. Chairman and Members of the Committee, my testimony 
today is based on my experience as the co-founder and Chief 
Scientist of Akamai Technologies. I am also a professor of 
Applied Mathematics at MIT and Chair of the PITAC Subcommittee 
on Cyber Security.
    Akamai is the leading provider of content-delivery services 
on the Internet. Using sophisticated algorithms to coordinate 
computers in thousands of locations spanning 70 countries, 
Akamai distributes content and applications for thousands of 
websites to hundreds of millions of consumers worldwide. We 
serve each of you every day. One out of every five Global 500 
companies and many government agencies, including the House of 
Representatives, rely on Akamai's services.
    Akamai also provides the primary means of defense against 
cyber attacks for many key websites. When the FBI website was 
brought down on September 11, they turned to Akamai to help 
them restore service. On behalf of our customers, we fight a 
non-stop battle against cyber attacks that are increasing in 
sophistication and scale every day.
    Like the Internet itself, Akamai evolved from an academic 
research project sponsored by DARPA. DARPA has a long and very 
successful history of funding basic research by the Nation's 
best computer scientists. But recently, DARPA has shifted IT 
funding away from basic research at universities in favor of 
classified work and/or more development-related projects.
    If DARPA's current practices had been in effect in the mid-
1990s, it is unlikely that the development of Akamai's 
technology would have taken place. That is because no other 
agency has stepped in to fill the gap created by the shift at 
DARPA. This is particularly evident in the area of cyber 
security.
    Although DHS is tasked with providing security for the 
homeland, they spend less than two percent of their S&T budget 
on cyber security. And of that amount, less than one-tenth, a 
mere $2 million, is spent on fundamental research for cyber 
security.
    Today, NSF has the only substantial civilian program for 
cyber security research, and it is seriously underfunded. In 
2004, NSF funded just eight percent of the qualified research 
proposals in the area of cyber security. This is a factor of 
three less than the overall agency average. In IT overall, the 
funding rate is only 16 percent, an amount that has dropped by 
a factor of two over the last four years.
    As a result of the decline in government funding for basic 
research in IT, we are now facing a serious lag in our nation's 
ability to continue to innovate, and at a time when innovation 
is most needed.
    The need for innovation is especially urgent in the area of 
cyber security. Today, it is possible for a malicious agent to 
penetrate millions of computers around the world in a matter of 
minutes and then exploit those machines to attack the Nation's 
critical infrastructure, penetrate its sensitive systems, or 
steal valuable data.
    As we have documented in a recent PITAC report, cyber 
attacks are growing at an alarming rate, and they now cost the 
Nation billions of dollars annually. The financial sector is 
being particularly hard hit. New forms of electronic crime, 
such as phishing, pharming, and cyber extortion, unheard of 
only a few years ago, are now commonplace. Eighty-three percent 
of financial institutions reported compromised systems in 2003, 
a rate that doubled in just two years. And at least one percent 
of U.S. households fell victim to electronic identity theft at 
a cost of over $400 million in the first half of 2004.
    Everyone is vulnerable. Today, a criminal can steal most 
any password that is used for access over the Internet. Beyond 
the economic repercussions, there are serious risks to our 
national security.
    Today, virtually every sector of the Nation's 
infrastructure, including communications, utilities, finance, 
transportation, law enforcement, and defense, is critically 
reliant on networked IT systems, and these systems have very 
little, if any, defense against cyber attack. All elements of 
the Nation's infrastructure are insecure if the IT is insecure. 
And today, our IT is insecure.
    Our national defense systems are also at risk, because the 
military increasingly relies on many of the same vulnerable IT 
systems as the civilian sector. This is one reason why it is 
vital that DARPA not ignore the civilian sector when allocating 
funds for cyber security research.
    We are now just beginning to see the effects of a decades-
long failure to develop the security protocols and practices 
needed to protect the Nation's IT infrastructure. Although the 
short-term patches and fixes that are the norm today can be 
useful in response to isolated vulnerabilities, they do not 
adequately address the core problems.
    In order to make true progress against the core problems 
that plague our IT infrastructure, PITAC believes that 
fundamental research is required to develop entirely new 
approaches to cyber security. We recommend that the NSF budget 
for cyber security be increased by $90 million annually and 
that DARPA restore its historical role of funding basic, 
unclassified research in cyber security. We also recommend that 
DHS significantly expand its funding for cyber security 
research.
    It is imperative that the Federal Government take action 
before the situation worsens and the cost of inaction becomes 
even greater.
    Thank you.
    [The prepared statement of Dr. Leighton follows:]

               Prepared Statement of F. Thomson Leighton

    Chairman Boehlert, Ranking Member Gordon, and Members of the 
Committee, I appreciate the opportunity to testify this morning about 
The Future of Computer Science Research in the United States.
    I am appearing today in my role as the Co-founder and Chief 
Scientist of Akamai Technologies. I am also a Professor of Applied 
Mathematics at MIT, a member of the President's Information Technology 
Advisory Committee (PITAC), and Chair of the PITAC Subcommittee on 
Cyber Security.
    Although I will focus my remarks on the crisis this nation faces in 
the area of cyber security, the challenges we face with cyber security 
research are very similar to those we face with IT at large. Namely, 
there is much research that urgently needs to be done, little of which 
will be funded by industry. And, the current under-investment in 
fundamental research by the government could lead to dire consequences 
for the Nation.
    Akamai is the leading supplier of content delivery services on the 
Internet. Using sophisticated algorithms to coordinate the operation of 
15,000 web servers in 70 countries, Akamai distributes content and 
applications from thousands of web sites to hundreds of millions of 
consumers worldwide. We serve each of you every day. One out of every 
five Global 500 companies and many government agencies (including the 
House of Representatives) utilize the Akamai platform to distribute 
their content and applications over the Internet.
    As part of our business, we provide the primary means of defense 
against cyber attacks for many web sites. When the FBI web site was 
brought down on September 11, 2001, they turned to Akamai to help them 
restore service. On behalf of our customers, we fight a nonstop battle 
against cyber attacks that are increasing in sophistication and scale 
every day.
    Like the Internet itself, Akamai evolved from what was originally 
an academic research project sponsored by the Defense Advanced Research 
Projects Agency (DARPA). DARPA has a long and very successful history 
of funding research by the Nation's best computer scientists. But 
recently, DARPA has shifted funding away from fundamental research at 
universities in favor of financing classified work and/or more 
development-related projects.
    If DARPA's current practices had been in effect in the mid-1990s, 
it is unlikely that the development of Akamai's technology, to improve 
the distribution of content and applications over the Internet, would 
have taken place. That is because no other agency has stepped in to 
fill the gap created by the shift at DARPA. This is particularly 
evident in the area of cyber security.
    Although the Department of Homeland Security (DHS) is tasked with 
providing security for the homeland, including cyber security, they 
spend less than two percent of their Science and Technology budget on 
cyber security, and, of that amount, less than 1/10 (a mere $2 million) 
is spent on fundamental research for cyber security.
    Although many agencies are concerned with cyber security, the 
National Science Foundation (NSF) has the only substantial program for 
funding fundamental research on cyber security, and it is seriously 
under funded. In 2004, NSF funded just eight percent of qualified 
research proposals in the area of cyber security. This is a factor of 
three less than the overall agency average. In the related area of 
computer science and engineering, the funding rate is only 16 percent, 
and decreasing. In fact, the success rate for NSF's Computer and 
Information Science and Engineering (CISE) Directorate proposals has 
dropped by a factor of two over the last four years.
    As a result of the changes in government funding for basic 
research, we are now facing a serious lag in our nation's ability to 
continue to innovate, and at a time when innovation is most needed.
    The need for innovation is especially urgent in the area of cyber 
security. Because of the great improvements in functionality and 
efficiency afforded by Internet technology, it has been incorporated 
into most every aspect of our society. Today, virtually every sector of 
the Nation's infrastructure--including communications, utilities, 
finance, transportation, law enforcement, and defense--is now 
critically reliant on networking technology.
    Unfortunately, the revolution in connectivity afforded by the 
Internet has also dramatically increased the capabilities of those who 
would do harm. Today, it is possible for a malicious agent to penetrate 
millions of computers around the world in a matter of minutes, 
exploiting those machines to attack the Nation's critical 
infrastructure, penetrate sensitive systems, or steal valuable data. 
The growth in the number of attacks matches the tremendous growth in 
connectivity, and dealing with these attacks now costs the Nation 
billions of dollars annually.
    We have included numerous statistics that document the rapidly 
escalating nature of the cyber security problem in the PITAC report, 
titled ``Cyber Security: A Crisis in Prioritization.'' I will mention 
just a few here.
    In the last half of 2004, over 7,000 different viruses and worms 
were released across the Internet. This is a 64 percent increase over 
the first six months of 2004.\1\ Because of such viruses and worms, the 
percentage of computers that became infected each month grew from one 
percent in 1996 to over 10 percent per month in 2003.\2\
---------------------------------------------------------------------------
    \1\ Symantec, Internet Security Threat Report, March 21, 2005.
    \2\ ICSA Labs Virus Alerts; PITAC--February 2005 Report, ``Cyber 
Security: A Crisis of Prioritization,'' p. 10.
---------------------------------------------------------------------------
    These infected computers reside in our homes, offices, and schools. 
No computer is immune. Indeed, the networks of 40 percent of the 
Fortune 100 companies were so severely compromised in 2003 that they 
became the source of a spreading virus.\3\
---------------------------------------------------------------------------
    \3\ Symantec Internet Security Threat Report, March 21, 2005.
---------------------------------------------------------------------------
    Once infected, a computer can be reprogrammed so as to reveal 
confidential information to attackers, destroy or alter important data, 
and/or to carry out attacks against others. When infected computers are 
incorporated into so-called ``bot armies,'' they can be used as 
platforms for launching unwanted spam or, even worse, denial of service 
attacks against critical infrastructure. In the first half of 2004, the 
rate at which newly-infected computers were incorporated into bot 
armies rose from 2,000 per day to over 30,000 per day.\4\
---------------------------------------------------------------------------
    \4\ PITAC--February 2005 Report, ``Cyber Security: A Crisis of 
Prioritization,''p. 10.
---------------------------------------------------------------------------
    The use of bot armies to attack web sites has given rise to a new 
form of crime known as cyber extortion, in which the criminal will 
demand payment in return for not attacking a businesses' web presence. 
Although cyber extortion was unheard of just a few years ago, 17 out of 
100 companies surveyed in a recent poll reported being the target of 
cyber extortion in 2004.\5\
---------------------------------------------------------------------------
    \5\ 2004 poll by Carnegie-Mellon University--InformationWeek; 
PITAC--February 2005 Report ``Cyber Security: A Crisis of 
Prioritization,'' p. 8.
---------------------------------------------------------------------------
    The financial sector is one of many key industry segments that are 
being particularly hard hit by cyber crime. 83 percent of financial 
institutions reported compromised systems in 2003, more than double the 
rate in 2001. The use of phishing scams to direct unwitting citizens to 
fake web sites, whereupon they are tricked into revealing their 
passwords and other sensitive information is now rampant.\6\
---------------------------------------------------------------------------
    \6\ Anti-Phishing Working Group (www.antiphishing.org).
---------------------------------------------------------------------------
    In the last two months, a new and even more pernicious kind of 
attack known as pharming has become widespread.\7\ Pharming is 
different from phishing in that it makes use of fundamental 
vulnerabilities in the basic protocols that are used to run the 
Internet. As a result, the attack is virtually undetectable, even by an 
experienced professional.
---------------------------------------------------------------------------
    \7\ Anti-Phishing Working Group (www.antiphishing.org).
---------------------------------------------------------------------------
    It is estimated that over one percent of U.S. households fell 
victim to electronic identity theft at a cost of over $400M in the 
first six months of 2004.\8\ Everyone is vulnerable. Today, a criminal 
can steal most any password that is used for access over the Internet.
---------------------------------------------------------------------------
    \8\ Consumers Union (www.consumersunion.org); PITAC--February 2005 
Report ``Cyber Security: A Crisis of Prioritization,'' p. 9.
---------------------------------------------------------------------------
    Beyond the economic repercussions, there are serious risks to our 
national security. Today, virtually every sector of the Nation's 
infrastructure--including communications, utilities, finance, 
transportation, law enforcement, and defense--is critically reliant on 
networked IT systems, and these systems have very little, if any, 
defense against cyber attack.
    All elements of the Nation's infrastructure are insecure if IT is 
insecure, and, today, our IT is insecure.
    Our national defense systems are also at risk, because the military 
increasingly relies on many of the same vulnerable IT systems as the 
civilian sector. This is one reason why it is vital that DARPA not 
ignore the civilian sector when allocating funds for cyber security 
research.
    In response to the growing crisis, some have stated that if only 
the citizens at home and in small business would keep their firewalls 
and software patches up to date, we would be OK. While such safeguards 
are clearly necessary, they are far from sufficient. After all, if the 
most sophisticated and IT-savvy companies in the world are routinely 
falling victim to cyber attacks, how can we expect our citizens at home 
and in small business to fare any better?
    Moreover, the problem is not just about ubiquitous software that is 
vulnerable to viruses and worms. The core protocols that form the 
underpinnings of the Internet were simply not designed with security in 
mind.
    We are now just beginning to see the effects of a decades-long 
failure to develop the security protocols and practices needed to 
protect the Nation's IT infrastructure, and to adequately train and 
grow the numbers of experts needed to employ those mechanisms 
effectively. The short-term patches and fixes that are deployed today 
can be useful in response to isolated vulnerabilities, but they do not 
adequately address the core problems.
    In order to make true progress against the core problems that 
plague our IT infrastructure, PITAC believes that fundamental research 
is required to develop entirely new approaches to cyber security. We 
recommend that the NSF budget for cyber security be increased by $90M 
annually and that DARPA restore its historical role of funding basic, 
unclassified research in cyber security. We also recommend that DHS 
significantly expand its funding for cyber security research.
    The report goes on to describe ten specific research areas that are 
in the greatest need of support as well as specific recommendations to 
improve coordination of research efforts, to facilitate technology 
transfer, and to increase the pool of experienced researchers in the 
area of cyber security.
    In summary, the PITAC finds that the IT infrastructure of the 
United States--and thus all other elements of our infrastructure that 
rely on IT, such as the electric power system, the government, and the 
military--is highly vulnerable to terrorist and criminal attacks. 
Fundamental research is urgently required to improve our defenses. It 
is imperative that the Federal Government take action before the 
situation worsens and the cost of inaction becomes even greater.
    Thank you.

Appendix A

             The Threat from ``Phishing'' and ``Pharming''

    (excerpts from: The Arizona Republic--`Pharmers' hit online bank 
users with fraud scam, April 22, 2005, by Jane Larson)

    A new malicious cyber security crime is emerging that has serious 
ramifications for consumers, business, and even government agencies. 
The criminal act is called pharming--a play on ``phishing,'' and 
another type of Internet fraud--that involves highly skilled hackers 
who secretly redirect users' computers from financial sites to the 
scammers' fake ones, where they steal passwords and other personal 
information. Even the Web address looks the same.
    Unlike phishing, where users click on links in e-mails and are 
taken to fake sites, pharming intercepts a user on his or her way to 
the bank or credit-card firm. And it potentially can affect thousands 
of users at a time. Hackers are targeting small sections of the 
Internet and rerouting traffic to fake bank sites to capture users' 
passwords. The legitimate sites don't notice the drop in Web traffic 
because it is just a fraction of the total.
    Criminals can `pharm' data online with little or no knowledge by 
consumers. Even experienced Internet users can become victims and not 
know it. It is just a matter of time before the scam becomes 
widespread.
    An anti-phishing bill introduced in Congress last month would also 
apply to pharming. It calls for prison time and fines for those caught 
either phishing or pharming.
    Consider the following facts:

        --  Over 7,300 new Windows-based virus and worm variants 
        emerged over the last six months of 2004. This is a 64 percent 
        increase over the first six months of 2004. (Symantec)

        --  Over 2,600 active phishing sites were reported in February 
        of 2005. (Anti-Phishing Working Group)

        --  64 brand name businesses were targeted by phishing scams in 
        January 2005. (Anti-Phishing Working Group)

        --  The United States ranks first among countries hosting the 
        most phishing Web sites. (Anti-Phishing Working Group)

    Pharmers have four main ways of operating: attacking a user's 
computer, attacking the large servers that find web sites for users, 
compromising the routing infrastructure, or by intercepting wireless 
communications.
    The first way is to send virus-laden e-mails that install small 
software programs on users' computers. When a user tries to go to his 
bank's web site, the program redirects the browser to the pharmers' 
fake site. It then asks a user to update information such as log-ons, 
PIN codes or driver's license numbers. Scammers use the information to 
steal identities.
    Other viruses, called key loggers, track a user's key strokes on 
legitimate sites and can be used to steal passwords.
    The pharmers' second method takes advantage of the fact that Web 
sites have verbal names but reside at numeric addresses on the 
Internet. When users type a Web site's name into their browsers, Domain 
Name System (DNS) servers read the name and look up its numeric address 
so that users can get to the site.
    Pharmers interfere with that process by changing the real site's 
numeric address to the fake site's numeric address.
    The servers can belong to financial institutions, Web-hosting 
companies or Internet service providers. This tactic, called DNS 
poisoning, has been around for years, but it is only in the past six 
months that techies have seen it used for identity theft and dubbed it 
pharming.
    The third way is by sending incorrect data to an Internet router, 
exploiting the fact that the Border Gateway Protocol (BGP) has no 
security. A hacker can then induce the router to send traffic to the 
wrong place.
    The fourth method is to intercept wireless traffic. If a user is, 
for example, in a cyber/wireless cafe, a hacker can bring his own 
Dynamic Host Configuration Protocol (DHCP) server, intercept a wireless 
signal, and reply to an end user's Internet request prior to the 
response from the actual origin page. The hacker then takes over the 
session, and is controlling all communications.
    What is alarming is that pharming can re-route many thousands of 
Internet users at a time, making the impact potentially huge. With 
phishing, you're scamming one person at a time; pharming allows you to 
scam a large group at once.
    Pharming can also easily be evolved to impact businesses and 
military personnel, essentially collecting confidential data, and 
jeopardizing national infrastructure.

Appendix B

   PITAC Letter to the President to Accompany PITAC Report on Cyber 
                                Security

    [Note: The Executive Summary of this Report is included in the 
hearing charter.]

February 28, 2005
The Honorable George W. Bush
President of the United States
The White House
Washington, D.C. 20500

Dear Mr. President:

    We submit to you the enclosed report entitled Cyber Security: A 
Crisis of Prioritization. For nearly a year, the President's 
Information Technology Advisory Committee (PITAC) has studied the 
security of the information technology (IT) infrastructure of the 
United States, which is essential to national and homeland security as 
well as everyday life.
    The IT infrastructure is highly vulnerable to premeditated attacks 
with potentially catastrophic effects. Thus, it is a prime target for 
cyber terrorism as well as criminal acts. The IT infrastructure 
encompasses not only the best-known uses of the public Internet--e-
commerce, communication, and Web services--but also the less visible 
systems and connections of the Nation's critical infrastructures such 
as power grids, air traffic control systems, financial systems, and 
military and intelligence systems. The growing dependence of these 
critical infrastructures on the IT infrastructure means that the former 
cannot be secure if the latter is not.
    Although current technical approaches address some of our immediate 
needs, they do not provide adequate computer and network security. 
Fundamentally different architectures and technologies are needed so 
that the IT infrastructure as a whole can become secure.
    Historically, the Federal Government has played a vital, 
irreplaceable role in providing support for fundamental, long-term IT 
R&D, generating technologies that gave rise to the multi-billion-dollar 
IT industry. The PITAC's review of current federally supported R&D in 
cyber security finds an imbalance, however, in the current cyber 
security R&D portfolio: most support is for short-term, defense-
oriented research; there is relatively little support for fundamental 
research to address the larger security vulnerabilities of the civilian 
IT infrastructure, which supports defense systems as well. Therefore, 
PITAC urges changes in the Federal Government's cyber security R&D 
portfolio to:

          Increase federal support for fundamental research in 
        civilian cyber security by $90 million annually at NSF and by 
        substantial amounts at agencies such as DARPA and DHS to 
        support work in 10 high-priority areas identified by PITAC.

          Intensify federal efforts to promote recruitment and 
        retention of cyber security researchers and students at 
        research universities, with an aim of doubling this 
        profession's numbers by the end of the decade.

          Provide increased support for the rapid transfer of 
        federally developed cutting-edge cyber security technologies to 
        the private sector.

          Strengthen the coordination of the Interagency 
        Working Group on Critical Information Infrastructure Protection 
        and integrate it under the Networking and Information 
        Technology Research and Development (NITRD) Program.

    These actions will lead the way toward improving the Nation's cyber 
security, thereby promoting the security and prosperity of our 
citizens. We would be pleased to discuss this report with you and 
members of your Administration.

    Sincerely,

Marc R. Benioff
PITAC Co-Chair

    Edward D. Lazowska
PITAC Co-Chair

Appendix C

                        PITAC Executive Summary

(from February 2005 Report: Cyber Security: A Crisis of Prioritization)
    The information technology (IT) infrastructure of the United 
States, which is now vital for communication, commerce, and control of 
our physical infrastructure, is highly vulnerable to terrorist and 
criminal attacks. The private sector has an important role in securing 
the Nation's IT infrastructure by deploying sound security products and 
adopting good security practices. But the Federal Government also has a 
key role to play by supporting the discovery and development of cyber 
security technologies that underpin these products and practices. The 
PITAC finds that the Federal Government needs to fundamentally improve 
its approach to cyber security to fulfill its responsibilities in this 
regard.

Background

    The Nation's IT infrastructure has undergone a dramatic 
transformation over the last decade. Explosive growth in the use of 
networks to connect various IT systems has made it relatively easy to 
obtain information, to communicate, and to control these systems across 
great distances. Because of the tremendous productivity gains and new 
capabilities enabled by these networked systems, they have been 
incorporated into a vast number of civilian applications, including 
education, commerce, science and engineering, and entertainment. They 
have also been incorporated into virtually every sector of the Nation's 
critical infrastructure--including communications, utilities, finance, 
transportation, law enforcement, and defense. Indeed, these sectors are 
now critically reliant on the underlying IT infrastructure.
    At the same time, this revolution in connectivity has also 
increased the potential of those who would do harm, giving them the 
capability to do so from afar while armed with only a computer and the 
knowledge needed to identify and exploit vulnerabilities. Today, it is 
possible for a malicious agent to penetrate millions of computers 
around the world in a matter of minutes, exploiting those machines to 
attack the Nation's critical infrastructure, penetrate sensitive 
systems, or steal valuable data. The growth in the number of attacks 
matches the tremendous growth in connectivity, and dealing with these 
attacks now costs the Nation billions of dollars annually. Moreover, we 
are rapidly losing ground to those who do harm, as is indicated by the 
steadily mounting numbers of compromised networks and resulting 
financial losses.
    Beyond economic repercussions, the risks to our nation's security 
are clear. In addition to the potential for attacks on critical targets 
within our borders, our national defense systems are at risk as well, 
because the military increasingly relies on ubiquitous communication 
and the networks that support it. The Global Information Grid (GIG), 
which is projected to cost as much as $100 billion and is intended to 
improve military communications by linking weapons, intelligence, and 
military personnel to each other, represents one such critical network. 
Since military networks interconnect with those in the civilian sector 
or use similar hardware or software, they are susceptible to any 
vulnerability in these other networks or technologies. Thus cyber 
security in the civilian and military sectors is intrinsically linked.
    Although the large costs associated with cyber insecurity have only 
recently become manifest, the Nation's cyber security problems have 
been building for many years and will plague us for many years to come. 
They derive from a decades-long failure to develop the security 
protocols and practices needed to protect the Nation's IT 
infrastructure, and to adequately train and grow the numbers of experts 
needed to employ those mechanisms effectively. The short-term patches 
and fixes that are deployed today can be useful in response to isolated 
vulnerabilities, but they do not adequately address the core problems. 
Rather, fundamental, long-term research is required to develop entirely 
new approaches to cyber security. It is imperative that we take action 
before the situation worsens and the cost of inaction becomes even 
greater.

                   Biography for F. Thomson Leighton

    Tom Leighton co-founded Akamai Technologies in September 1998. 
Serving as Chief Scientist, Dr. Leighton is Akamai's technology 
visionary as well as a key member of the Executive Committee setting 
the company's direction.
    As one of the world's preeminent authorities on algorithms for 
network applications, Dr. Leighton's work behind establishing Akamai 
was based on recognizing that a solution to freeing up Web congestion 
could be found in applied mathematics and algorithms. Akamai has 
demonstrated this through the creation of the world's largest 
distributed computing platform that dynamically routes content and 
applications across a network of over 15,000 servers. Dr. Leighton's 
technology achievements at Akamai earned him recognition as one of the 
Top 10 Technology Innovators in U.S. News & World Report.
    A Professor of Applied Mathematics at MIT, he has served as the 
Head of the Algorithms Group in MIT's Laboratory for Computer Science 
since its inception in 1996.
    Dr. Leighton holds numerous patents involving cryptography, digital 
rights management, and algorithms for networks. During the course of 
his career, he has served on dozens of government, industrial, and 
academic review committees; program committees; and editorial boards. 
He is a former two-term chair of the 2,000-member Association of 
Computing Machinery Special Interest Group on Algorithms and Complexity 
Theory, and a former two-term Editor-in-Chief of the Journal of the 
ACM, the Nation's premier journal for computer science research. Dr. 
Leighton is a Fellow for the American Academy of Arts and Sciences, and 
is currently serving as Chair of the President's Information Technology 
Advisory Committee (PITAC) Subcommittee on Cyber Security. In 2004 he 
was elected into the National Academy of Engineering for contributions 
to the design of networks and circuits and for technology for Web 
content delivery.
    Dr. Leighton has published more than 100 research papers, and his 
leading text on parallel algorithms and architectures has been 
translated into several languages. In 2002, Dr. Leighton was recognized 
by his alma mater as Princeton University's seventh Gordon Wu 
Distinguished Lecturer. He graduated summa cum laude from Princeton 
with a B.S. in Engineering. He received his Ph.D. in Mathematics from 
MIT.

                               Discussion

    Chairman Boehlert. Thank you very much, Dr. Leighton, and 
thank all of you.
    Let me just clarify a couple of points, for openers.
    We are not suggesting that DARPA is anti-university or 
against computer science, nor are we suggesting, Dr. Tether, 
that somehow the agency is going in the wrong direction that 
has been dragged into the ground. What we are suggesting rather 
emphatically--and there is more than one way to analyze the 
data--what we are suggesting is that there has been a trend at 
DARPA over the last five or six years away from certain kinds 
of research, and your charts verify that. And Dr. Wulf and Dr. 
Leighton pointed that out in their testimony. We need to have a 
discussion about the impact of that shift and what should be 
done about it across the Federal Government. What this is all 
about, what we hope to do, is come reasonably together about 
forging an overall policy, not about singling out a particular 
agency which has a long and distinguished record and sort of 
call the agency on the carpet.
    But I am concerned, we are concerned collectively about the 
trends short-term versus long-term. Well, we will go beyond 
that.
    Dr. Tether, let me get back to some of the data you showed 
in your slides.
    I think we can have a good debate about whether DARPA has 
struck the right balance in its research. There really are two 
sides to that issue, and it is a question of balance to begin 
with. And I think you have acknowledged that. But we ought to 
be able to agree on the facts about what you are funding.
    According to the information that DARPA itself provided the 
Senate, that other body, as we refer to it here in the House, 
DARPA's computer science funding to universities dropped by 50 
percent from fiscal year 2001 to fiscal year 2004. The charts 
you showed us talked about overall university funding, not just 
for computer science, and overall computer science funding, not 
just for universities. One can argue that the decline in 
funding for universities might be good or bad or indifferent, 
but do you acknowledge that DARPA funding has shifted? And that 
is what we are talking about, the shift in emphasis.
    Dr. Tether. Well, the shift in computer science at DARPA 
has been towards the cognitive side, which, by the way, no one, 
I don't think, anywhere would say is a near-term vision. 
Cognitive means having a computer that basically learns your 
habits and supports you. And as I said, Bill Gates said in 
response to the kids asking why should we go into computer 
science and what other adventures are there, that if we can 
make a computer software that learns that it will have the 
value of more than 10 Microsofts. Now that is a big deal. So 
yes, we did shift. We shifted into that area. We shifted away.
    Now let me say one thing else that I would like with 
respect to what we are doing in cyber security.
    The incident that I believe Tom was talking about is what 
was called the ``slammer worm,'' which basically, in about, oh, 
I don't know, 10 minutes compromised over 90 percent of the 
computers on the Internet. Just two weeks ago, we built 
ourselves a computer test bed comprised of several hundreds of 
computers. And we use that to test out things. Just two weeks 
ago on that computer test bed, we let loose a worse-than-the-
slammer worm and stopped it cold. Now we also let it loose 
without having our new technique on there, and it devastated 
that computer network in seconds.
    Now this work, however, was classified. Now you might ask 
why on earth would we have that classified. Well, first of all, 
we took a worm that devastated the world and we mutated it into 
a bigger worm. I wouldn't want many people to know how to do 
that. Okay. We also came up with techniques to stop that worm, 
but we are still not done with those techniques, because if 
people knew what the technique was, they could design around 
it. So we are now in the process of basically that red team and 
blue team where now that we stopped that worm, the red team is 
now looking: we give them full knowledge of the technique. They 
are trying to come up with another worm that can destroy that 
technique, and so forth and so on.
    And that is why we are keeping it classified until we 
fully--we understand that we don't want a short-term fix like 
he talked about. We want to find the fix that we can then put 
out in code that no one can reverse-engineer and protect the 
commercial market.
    Now by the way, just as an aside, all of that was done 
through your Rome labs. That was the executor of that----
    Chairman Boehlert. They are our Rome labs. I want you to 
have partial ownership, too.
    Dr. Tether. I am sorry. I forgot. I am sorry. Our Rome 
labs.
    Chairman Boehlert. All right. Let me just add, look, that 
is a good story. And we all understand the need for 
classification. Good gosh. Every----
    Dr. Tether. Well, apparently some people believe that if it 
is classified it is not long-term research.
    Chairman Boehlert. All right. I have got--let me ask Dr. 
Wulf and Dr. Leighton, if I may, to consume the rest of my 
time, and we will go to others for questions. Sort of comment 
on Dr. Tether's testimony. He is skilled. He is a master at 
this. And why don't I look about the rest of the story? And if 
you want to give a plug to our Rome lab, I would be glad to 
hear from you.
    Dr. Wulf. I have not had a lot of dealings with Rome in the 
last few years, but I had a lot before that. We had some joint 
research that we did with them, as a matter of fact.
    The problem with the kind of approach that Dr. Tether is 
pointing out is that at any given point in time, there are 
about a half a million bugs in the Windows operation system. 
You only need one--to exploit one--to be able to compromise a 
system. Simply reacting to the slammer or a mutated slammer, 
all you have done is you have reacted to one way of potentially 
compromising the system out of potentially a half a million 
others.
    As I testified before this committee before, we will not 
have secure computer systems based on the current models of 
security. They will not work. They will always have this 
problem. They are perimeter defense models, and they will 
always have the difficulty that there is a way to penetrate the 
perimeter.
    Chairman Boehlert. Dr. Leighton.
    Dr. Leighton. Yes. Slammer was released in early 2003. It 
is one virus. In the last half of 2004, there were over 7,000 
different viruses released into the Internet. The slammer 
virus, of course, is very interesting. It was not designed to 
attack, just to replicate itself. And when slammer was 
released, actually the Defense Department networks were the 
second most impacted network in terms of a failure to be able 
to route packets through the Internet. If the research on 
defending against viruses and worms is classified, that means 
that it won't be of use to the government, to the population, 
and to enterprises, and we will be defenseless if, indeed, they 
have discovered a way to defend networks against viruses and 
worms. And if they have, I would be very interested to see that 
technology. And I think our government would be very interested 
in having it deployed to protect ourselves. We are basically 
defenseless today against viruses and worms.
    Dr. Tether. I agree, and I would be very happy to actually 
show them what we are doing, but it does require classified 
information.
    The slammer worm that was a--what we did with the mutation, 
just to get technical, was that we made it into a single packet 
worm so a signature detection couldn't detect the worm. And it 
was not just replicating.
    We also did the hard test. We had an insider. In other 
words, this worm was released into the network pretending that 
there was somebody inside the network who let it go. So it 
wasn't coming through the perimeter. It was inside. And yeah, 
he is right that that is the harder problem, because they will 
always get through the perimeter.
    Chairman Boehlert. All right. Doctor, my time is up, and we 
could engage you in a very interesting discussion, but to draw 
upon my passion, baseball, for an analogy, you are looking at 
the box score, Dr. Tether, and you are talking about a home-
run, and boy, we all applaud that. It is very important. But 
what about the Minor League system? And what about the rest of 
the system? And if we are not investing in long-term research, 
if the trend continues, and Dr. Wulf and Dr. Leighton share our 
concern, then we are not going to win championships in the 
future.
    Dr. Tether. I absolutely agree, and that is why I believe 
that we really need to concentrate on the feedstock, on getting 
those kids into high school who want to go into science and 
engineering. And if we can't do that, we are going to lose the 
ball game, because there is going to be nobody in the minor 
leagues.
    Chairman Boehlert. You know, I have got a program up in 
Rome I want to talk to you about. The ACE program, Advanced 
Course in Engineering. If you haven't heard about it, then you 
should hear about it, and you should understand what we are 
doing with high school kids and college kids building that 
team.
    But my time long ago was expired. But I tried to follow 
your lead, Dr. Tether, so--Mr. Davis.
    Mr. Davis. Chairman Boehlert, thanks very much.
    DARPA, Defense Advanced Research Projects Agency. That is a 
pretty powerful name. Indications of a lot of good things, 
perhaps, to happen. It started in 1958. The hopes, the funding 
of university research, this is an area where they could reach 
out and find funding that could provide the dollars needed for 
the research that has been a great deal, I think, for 
Americans. Certainly it has helped our economy, and the 
technology today that we see occurring, partially, and perhaps 
in many cases, is wholly because of the dollars that we have 
given to our universities for the research.
    The question is for Dr. Marburger. It is really a two-fold 
question. Do you see the changing mode for federal support as a 
problem for maintaining a robust federal research investment in 
basic computer science research and since OSTP is charged with 
setting overall federal research priorities, are you taking any 
steps to try to offset the effects of the shift in funding 
behavior by DARPA by encouraging increased support by other 
civilian and federal R&D agencies, such as the Department of 
Energy and National Institutes of Health or the National 
Institute of Standards and Technology? Do I need to repeat 
those two questions?
    Dr. Marburger. I think I can remember the gist of them.
    Congressman, the fields of science are always shifting, and 
of course the shifting fields, where the work is done and the 
specific disciplines that are involved in moving ahead the 
frontiers of science require constant attention. That is why we 
have a new budget every year. We try to make budget requests 
that request funds for the agencies that we think are most 
appropriate for delivering on basic research and applied 
research in these shifting areas.
    We do have mechanisms to do this. We coordinate the efforts 
in the information technology area through a robust interagency 
working group and an office, a national office for the National 
Information Technology R&D program.
    I mention that we actually move to begin implementing a 
recommendation from the PITAC Subcommittee on Cyber Security 
even before the report came out, and it is precisely in the 
area of increased coordination among different agencies that we 
began to act. I mentioned that in my testimony.
    I think it is important for us to be responsive to the 
concerns that exist in the community, and I believe we have the 
apparatus there to do it. It is, as I mentioned before, it is a 
priority for the Administration, and we are acting to address 
that priority through our mechanisms.
    Mr. Davis. Are you satisfied with the current priorities 
for basic computer science research across different agencies?
    Dr. Marburger. That is a hard question to answer, because I 
am not completely aware of how those priorities get embedded in 
the specific programs at NSF, for example, in the Department of 
Energy and the Department of Defense, which are the major 
Departments that fund this kind of work. They are certainly 
concerned about it. I know that, because we talk with them all 
of the time, they have strategies for dealing with their 
mission needs in each of the areas in which we work closely 
with them. I am satisfied that there is adequate attention 
being paid in the agencies for this. Whether we are able to get 
the funds in the right places immediately as soon as people 
would like to have them there is another question. It is 
obviously in a rapidly-changing environment. We can't always 
move immediately to get the funds where we want them. I do 
believe that the requests that are made in the President's 
budget each year are appropriate for the levels of funding 
overall that are required to address this problem.
    Mr. Davis. My time is about to expire, but let me reiterate 
my belief that one of the reasons that we have the strongest 
economy in the world today with perhaps less than five percent 
of the entire population of the world, the reason that if 
someone gets in trouble, the 911 number they call is really 
USA, is that we have provided dollars for research and 
development and that much of that success that we have has come 
from some of the research universities that we have in this 
country. And it is my hope that we realize from the 
Administration, from DARPA, that coordinated effort and that 
cooperation and the funding needs to continue at a level to 
where the future generations will see the America that we see 
it today. And I have some real concerns about research and 
development dollars. With all of the dollars that we spend, $2 
trillion and some, that we are not doing enough research and 
development. And I think, excluding or using a part of the 
dollars in other areas, which appears to be what is happening 
with DARPA, and removing those dollars from our fine 
universities is probably not as wise a decision as I would like 
to see us be making.
    Thank you for your testimony.
    Chairman Boehlert. The Chair identifies with the remarks of 
the distinguished gentleman.
    Mr. Rohrabacher.
    Mr. Rohrabacher. Well, first of all, let me congratulate 
DARPA for highlighting high school road warriors. I believe 
they are in my district, so that was a great selection. Also, 
the selection of your site for your DARPA gathering in August 
happens to be very close to my district, and hopefully I will 
be able to join you there, so thank you very much.
    This is a little frustrating to me, because, to be quite 
frank, people can use pious words to discuss things, and it 
sort of does not lead to a better understanding of what the 
reality is. It seems to me what we have here is not a decline 
in money for research for computers. I mean, Dr. Tether was 
very clear, the amount of money being spent for research on 
computers is actually on the upward trend. The question is 
whether we should channel the amount of money that is being 
spent on research into esoteric projects in the universities 
that may or may not ever come to fruition and help anybody 
versus actually spending money in developing ways to make sure 
people's lives are changed and bettered within a lifetime at 
least.
    You know, when I first became the Chairman of the 
Subcommittee on Energy and Environment Research, we had to take 
a look at what was actually getting done with the amount of 
money that we were spending. And of course, nobody ever wants 
to try to prioritize around here and say what isn't working. 
They always want to say, ``Give more money to us and we will, 
you know, spend it wisely,'' I guess. And I found out that we 
have been spending all kinds of money in various areas, but one 
area really stood out, and there had never been anything 
demonstrated that the money had been actually put to use for 
our benefit yet. And that was in fusion research. It seemed to 
me, after looking at that program, that we were spending more 
and more and more money over the years in fusion research. We 
have spent, I think, billions of dollars, but we didn't have 
anything to show for it after 20 years. Now is it inaccurate 
then to say if the Administration or someone would say, ``Well, 
we should channel that money someplace else where it is 
actually being put to use that we are spending less money on 
energy research''? No. In fact, we weren't.
    And let me get to the specifics on this. What I see this 
as, and what, Mr. Chairman, what I have seen today, in terms of 
the central argument, is whether or not money should be spent 
on basic and fundamental research that may never come to 
fruition or should we actually start channeling a little bit 
more of that money into developing the research necessary to 
develop some of these ideas that have been discovered through 
research in the past so that it actually changes our life 
somewhat. And I have no argument whatsoever with the approach 
that this Administration and Dr. Tether are taking, and I would 
congratulate them. I am the father of triplets, and they are 
one year and two weeks old today, and I think what you are 
doing is long-term, because what you are doing is going to make 
their lives better. And just channeling money, more and more 
money, into esoteric research at the university is not 
necessarily going to make their lives better.
    And I thank you for that. And I can see that you are taking 
heat for it, Dr. Tether, today, and I want you to know that 
some of us understand that you are making very, very positive 
and, I would say, common sense decisions.
    With that said, let me ask you about this. You were talking 
about computers, and that is supposedly why we are here today. 
You were actually criticizing; I will have to tell you, 
fellows, you have sort of a critical tone to your voice when 
Dr. Tether is talking about the research that he is doing, 
because after all, there are so many other areas. Isn't it 
better for him to be doing this research to try to fight--if he 
can't fight it for everything, isn't it good for him to find 
some sort of shield against a limited number of worms, even 
though there might be 7,000 other worms that he isn't tackling?
    Dr. Wulf. No.
    Mr. Rohrabacher. It is not? It is better for us to spend 
the money on some guy who is doing research that may or may not 
ever be applied anywhere?
    Dr. Wulf. I would be happy to get you references. I don't 
have them on the top of my head, but there have been any number 
of economic studies of what the social rate of return on 
investment in long-term basic research is, and they tend to run 
in numbers like 80 percent per year compounded. Okay. Yes, it 
is absolutely true. Long-term basic research is risky. It, by 
definition, is risky. We don't know what we don't know. 
Nonetheless, we wouldn't have the Internet, and we wouldn't 
have a lot of other very practical things had we not invested 
in that kind of long-term basic research.
    Mr. Rohrabacher. Didn't DARPA have something to do with the 
Internet?
    Dr. Wulf. It absolutely did.
    Mr. Rohrabacher. Right.
    Dr. Wulf. That was back in the days when they invested in 
people rather than projects.
    Mr. Rohrabacher. Let me ask, Dr. Tether. You just heard 
that big challenge there. The Internet. These guys are taking 
credit for long-term research money that was spent probably, 
what, I don't know--there was a lot of other money that was 
spent at the universities that never saw the light of day, but 
can we say that it was the basic research and not DARPA's 
developmental dollars that can be given credit for the 
Internet?
    Dr. Tether. Actually, there is probably enough credit for 
everybody, but let me tell you----
    Mr. Rohrabacher. Okay.
    Dr. Tether. Let me tell you, the way I understood it is 
that really what brought around the Internet was that at that 
time computers were very small. I mean, they were not very 
powerful, and the idea was, ``Well, maybe we could net them 
together.'' And by netting them together, you get more out of 
them than just one computer. So a network was really created. 
This was a product. It was to put together computers, because 
we had problems to solve like air defense and so forth and so 
on.
    Along with putting those computers together, the 
researchers were around the country. And some of them said, 
``You know what, I will just leave a message for that fellow, 
because he is on the West Coast, and he will pick it up in the 
morning.'' And that really was the genesis of e-mail. It wasn't 
that somebody was being funded to create e-mail, it was a 
fallout out of a product, out of a program that was a 
development of making computers be netted together.
    The same thing goes on today. I will go back to what we are 
doing today in computer science, and we are doing the cognitive 
computing, which is really so far out, you know. It is amazing 
to have these people say that this is near-term. I mean, I----
    Mr. Rohrabacher. I would agree with that. I mean, I have--
Mr. Chairman, I want to emphasize that point. To suggest that 
the cognitive research and computers is short-term 
development----
    Dr. Tether. Well, they can have their opinion that maybe 
the money shouldn't go into cognitive research, that it ought 
to go someplace else, as you said, but to say that cognitive 
research is not short-term, and to say that if we can do it, it 
is not a major economic impact, I think is wrong.
    Mr. Rohrabacher. Okay. Thank you, Mr. Chairman.
    Chairman Boehlert. The gentleman's time has expired.
    Mr. Matheson.
    Mr. Matheson. Thank you, Mr. Chairman.
    And I want to thank the Committee. It has been a very 
interesting hearing.
    Dr. Wulf, I wanted to ask you a question. You testified 
before the Science Committee on cyber security issues in 
October of 2001. And at the time, you appeared to be worried 
about these issues. And you said that--and I am going to quote 
you. You said, ``Our research base in computer security and 
network security is minuscule.'' And you also said that there 
has never been a funding agency that believed that it was its 
responsibility to develop the community of scholars researching 
this area and that because the resources are so scarce, the 
community gets very conservative, leading to what you called 
the Maginot Line model for cyber security.
    Dr. Wulf. The Maginot Line, yes, sir.
    Mr. Matheson. Maginot. Sorry. Now approaching four years 
since you made that statement to this committee, how do you 
feel today? Are you more upbeat about the state of cyber 
security research at academic institutions? And have there been 
any positive changes in this regard? And what do you see as the 
remaining challenges in this area?
    Dr. Wulf. Let us see. Thanks to this committee, Chairman 
Boehlert, there has been an increased emphasis on computer 
security. Again, I am talking about long-term basic research, 
because I don't believe that the fundamental model that we are 
currently using will ever produce secure systems, so we do 
really need the disruptive idea, the rethinking of the basics. 
As a consequence, there has been more money at NSF. NSF, under 
its current Assistant Director, has taken on that 
responsibility. Sure, he could use more money and that sort of 
thing, but the fact that they have taken on that 
responsibility, I think, is a very positive step forward.
    It is still the case, unfortunately, that the research 
community, the collection of scholars, is still minuscule. When 
we testified here, what, three years ago now, four years ago, 
good heavens, we had an estimate that the number of Ph.D.s 
being produced per year was seven. We have done some counting 
since then. The estimates now are maybe 20. But it is still an 
incredibly small community. The largest conference in computer 
graphics attracts about 50,000 people. The largest conference 
in computer security attracts about 200. So it is still a very, 
very small community. And the argument I made then, and I would 
make again, is there ought to be more money, but actually the 
most important thing is predictability.
    As I said in my testimony today, academics make their 
reputation in a career over decades. And if there is not some 
reasonable assurance that money will be there over that period 
of time, they will run.
    Mr. Matheson. Let me ask you, what are your views on the 
recommendations of the President's Information Technology 
Advisory Committee report on cyber security?
    Dr. Wulf. I am very pleased with the recommendations that 
they made. In fact, I think there was only one that wasn't 
really directly in my testimony of 2001, and that was for more 
coordination among the agencies involved, and that is obviously 
a very good idea.
    Mr. Matheson. In terms of that coordination, how do you see 
that being improved, or who should be responsible for that?
    Dr. Wulf. You know, the only way that really ever works is 
if all of the agencies see something in it for themselves. When 
we structured the High Performance Computing and Communication 
Initiatives in the late '80s and early '90s, we crafted a way 
to find a special niche for each of the agencies involved and 
gave them a responsibility for that. I think a similar sort of 
thing would be really advantageous here.
    Mr. Matheson. I think this issue is not going away.
    Dr. Wulf. No. No.
    Mr. Matheson. I would like to think that this committee 
would continue to have great interest in what we can do to 
improve efforts for cyber security.
    With that, Mr. Chairman, I will yield back the balance of 
my time.
    Chairman Boehlert. I think it is difficult for Dr. 
Marburger, for example, to respond to the question from Mr. 
Davis, I mean because of his position and everything. But I 
have to believe, in his heart of hearts, I have to believe all 
of the people involved in the science enterprise within the 
federal establishment are not satisfied with our investment in 
the science enterprise within the government. I don't expect 
you to respond to that. And boy, I would be the most surprised 
guy in the world if you could find anybody employed by the U.S. 
Government in a position of responsibility who can, with a 
straight face, say, ``We are putting enough emphasis on the 
challenges in the area of cyber security.''
    And so Dr. Wulf, thank you so much. We have been talking 
about this for years. And seven to 20 is a big percentage 
increase, but boy oh boy, that is not nearly adequate to meet 
the challenge.
    With that, the Chair recognizes the very distinguished Vice 
Chairman of the Science Committee, Mr. Gutknecht.
    Mr. Gutknecht. Well, thank you very much, Mr. Chairman. I 
am not sure I deserve that, but I do want to thank the 
panelists for coming today. This has been a fascinating 
discussion. Especially, Dr. Tether, I loved your slide 
presentation. I only wish more Members of Congress could get a 
chance to see that. I have been an admirer of DARPA for a very 
long time, and I think part of the reason was expressed by my 
colleague from California, and that is that it is very much a 
results-oriented endeavor. And I suspect at some level that 
does cause conflict among various academicians. I mean, they 
all have their own points of view in areas that they would like 
to pursue, but ultimately, I think DARPA is very much results-
oriented. And I think that that is something that at least many 
of us on this committee appreciate.
    Let me just add a little bit of grist to the mill here in 
terms of this whole discussion. I wouldn't call it a debate or 
even an argument, but a discussion about computer sciences. I 
think an important element that could have been included in 
your presentation is how the cost of computing systems, 
particularly supercomputers, have come down just dramatically. 
Just last week, I toured the supercomputer center inside the 
Mayo research facility at the Mayo Clinic in Rochester, 
Minnesota. They already have one supercomputer, and they are in 
the process now of acquiring and building what they believe 
will be the 14th fastest computer in the world. And the cost, I 
don't want to quote it, but it seemed to me infinitesimally 
smaller than the supercomputers that I saw just eight years ago 
at the University of Minnesota.
    Another point I wanted to make, and as I say, I am not sure 
I have a good question here, but a couple of comments. One of 
the things that you had in your presentation, and I have been 
meeting with some scientists who have been working with the 
University of Minnesota on this whole issue of photonics. Now 
it is way over my head, but they put it in language good enough 
that I could understand most of what they were talking about. 
And I do hope it is something that DARPA will take very 
seriously, because I think there are enormous possibilities of 
this particular technology, assuming the physics is what they 
think it is, not only from a defense standpoint but I think 
from an economic standpoint. As I listened to their 
presentation, my eyes started to spin at all of the 
possibilities.
    Finally, though, and I think this is a comment for all of 
you, and perhaps you want to comment on this, I am particularly 
pleased with this thing we call the Grand Challenge. And I 
really want to encourage all agencies, all science agencies, 
and all universities to look for ways to encourage, 
principally, I would say, high school students and their 
science and math and physics teachers to get more involved in 
these kinds of endeavors, because I think if there is one thing 
we need more of in the United States today, it is to get young 
people actively engaged in science projects. And so I think the 
Grand Challenge is a very important first step, but I hope it 
is not the last step. I hope we look for other ways to bring 
young people into this and get them excited about using some of 
the things that they learn in their classes in science and 
physics and others.
    So not so much a question in any of that, but a comment. If 
you want to respond, you are more than welcome.
    Dr. Wulf. I would just say I couldn't agree more with your 
last point about the Grand Challenge. It just so happens that, 
I think, about five or six years ago DARPA asked the Academy of 
Engineering to do a study on these so-called ``inducement 
prizes.'' This was before they had received the authority to do 
that sort of thing. We did that study, and I became totally 
enamored of this as a way of provoking certain kinds of 
behavior. One of the things we learned, for example, that the 
typical winning team spends more money to win than they 
actually make with the prize. They are really after the 
bragging rights, not the money. And in fact, I liked it so much 
that I have, I think, talked a foundation into funding the 
Academy to do an inducement prize in the general area of 
sustainable development. And in fact, the first one we are 
doing is a contest like the contest that DARPA is doing on 
inexpensive removal of arsenic from drinking water, one of the 
real banes of existence of people around the world.
    Dr. Leighton. I would also like to, you know, second your 
recommendation.
    As a high school student, I was an active participant in 
science fairs and so forth and it made a big impact on my 
career.
    I would also like to mention that you mentioned the 
decreasing costs of the computing infrastructure, which has 
been vital to our economy. That is featured in the historic 
role of federally-supported R&D in creating billion-dollar 
segments of the IT industry. Programs like VLSI design, RISC 
processors, parallel computing and databases are critical to 
being able to lower the cost of computing. And university-
sponsored basic research played a vital role in actually making 
that possible.
    Chairman Boehlert. Thank you very much.
    The gentleman's time has expired.
    Mr. Sherman.
    Mr. Sherman. Thank you, Mr. Chairman. It won't surprise you 
if my questioning focuses on DARPA and other U.S. Government 
efforts that will lead, whether they are intended to or not, to 
self-aware computers equaling or exceeding human intelligence. 
We are funding here an all-out effort to develop all kinds of 
new and advanced computer technology. However, I think we are 
maybe a couple of decades away from computers that are self-
aware, independent, and deserving of a minimum wage. We are 
funding all of the technology to do more, and we refuse, as a 
Committee and as a Congress, to fund any research into do we 
want to develop a new independent intelligent lifeform on this 
planet. And secondly, we don't fund any research into how to 
prevent the computers that we are developing from self-
awareness, independent motivation, or desire to go on strike 
for an even higher wage.
    Now I have had a lot of correspondence with Dr. Tether, 
where he has assured me that all of this is just vague science 
fiction. But I would say that rare is it in science that our 
research exactly goes to where we were aiming. Often, we do 
less, we do more, and we do something different. And with 
science, it shouldn't surprise us at all if we hit something 
close to the target.
    So let us take a look at the target. Now I get these 
letters saying not to worry, we are not really trying to do 
this. And then 10 minutes ago, my staff looked at your web page 
saying that it is your mission to develop a computer that knows 
what it is doing, will be able to reason, will learn from their 
experience, be capable of explaining themselves and talking 
naturally, or taking naturally-expressed direction, and will be 
aware of themselves and able to reflect on their own behavior. 
In other words, you are talking about a computer considerably 
smarter than my last opponent.
    We are in the spin business. I know that the Administration 
and the science establishment doesn't want to fund research 
into whether we should create what I would refer to loosely as 
a silicon-based intelligent lifeform and does not even want to 
research the much more technical issue of how we develop higher 
and higher levels of computer capacity while deliberately 
engineering devices to make sure that we do not create self-
awareness. I would point out that many of those who have 
thought about the issue of when will we know that computers 
deserve the minimum wage have described it as when you can have 
an e-mail conversation with a computer and not know whether you 
are talking to a computer or a human being. And DARPA's mission 
statement says you are aiming for computers that will be 
capable of explaining themselves and taking naturally-expressed 
direction.
    So when you are dealing with Sherman with his concerns that 
you wish to allay, I get a letter saying not to worry. But when 
I look on your web page it is with the intention of developing 
a computer that will pass the test put forward by some as to 
when computers equal human intelligence, and that is to have a 
natural conversation, and as I say, able to reason, learn from 
their experiences, capable of explaining themselves, aware of 
themselves, and able to reflect on their own behavior. How many 
of us in this room could ask more of ourselves than to be self-
aware and reflective? Will DARPA fund research, at least into 
how to prevent a computer with enormous computational 
capacities from achieving self-awareness and self-direction?
    Dr. Tether. Well, that might be one of those good 
university programs.
    Mr. Sherman. How confident are you that if I support this 
effort that research with that as a goal will be funded?
    Dr. Tether. You know, when you sent your letter to me last 
year, I thought it was actually, quite frankly, a very 
thoughtful letter. I thought you brought up some good points. I 
didn't try to be flip in answering your letter. In the '50s, 
about 50 years ago, Turing came up with a test, and it was 
called the Turing Test, and that was if you could talk on the 
phone or whatever your mode of communication was and couldn't 
tell that it wasn't a machine, then it was alive, or artificial 
intelligence. That was the term. And in fact, that has been 
reached in a few cases, but when it has been reached, it has 
always been reached in a very narrow domain. You know, in fact, 
if you go on the phone company now and ask for information, you 
will most certainly be talking to a computer, and you can 
actually ask a lot of questions and get a lot of answers, as 
long as you can keep your conversation restricted to that 
domain.
    Will we ever get to the point that--and I believe that we 
are going to have computers that are going to be very good in 
specialized domains, you know--that we'll actually be able to, 
in a specialized domain, communicate with a person in a way 
where the person might not realize that he is really talking to 
a machine? But the difference between that and a human is that 
a human can learn something in an area and then be subjected to 
a whole new area that he has never been and be able to use that 
knowledge from that other area in a way that is mysterious. But 
that seems to be the difference between these computers that we 
are trying to build and a human being, that we can learn 
something and go to a brand new area, never having been there, 
and project somehow, that information.
    I guess that is why I said earlier that I couldn't believe 
that anybody would call cognitive processing near-term. It is 
most certainly not. But it is important for the Department of 
Defense, in fact, it is probably important for the U.S. 
economy, to be able to get that capability.
    For the Department of Defense, it is important for the 
following reasons. Let us go to network security.
    If you go to an area, you will find that the reason that 
networks are vulnerable are usually because people don't put 
them together correctly. When they set them up, they make an 
error. They make a mistake. And what you really want to have is 
a computer system that can do that for you.
    Mr. Sherman. Dr. Tether, I haven't even questioned whether 
cognitive reasoning and incredible computational capacity and 
all of the ability to reason in a computer would not be an 
incredibly valuable thing for our country, for our world, and 
for our Defense Department. What I have asked you, though, is 
two questions. Will you fund research into how to make sure 
that no matter--I will--make sure is too strong of a word, how 
to increase the likelihood that a computer with tremendous 
cognitive ability, if you want to use that term, a tremendous 
computational ability does not have self-awareness, self-
direction, and that is the one question?
    Dr. Tether. I will tell you what I will do. Quite frankly, 
I think it is an interesting question. I will, and I believe it 
actually is one of these questions that somewhere in the 
university we ought to have that done. Yes, I will.
    Mr. Sherman. Thank you.
    Dr. Tether. We will see what happens. It will be 
interesting to. I will try to formulate that question in a way 
that I--it is a little--I must admit, it is a little 
counterculture for us to say, ``Tell us how to not do this,'' 
but that is an interesting question. And I will try to--I will 
do that. I will----
    Mr. Sherman. The engineers that developed engines developed 
governors and developed brakes.
    Dr. Tether. They did. They did.
    Mr. Sherman. And you wouldn't want to be an automotive 
engineer without knowing how to----
    Dr. Tether. I promise you, I will do it. I will----
    Mr. Sherman. Thank you.
    Dr. tether. At least I will make an attempt to have 
somebody do it for us. Okay.
    Mr. Sherman. Thank you. I look forward to working with you.
    Chairman Boehlert. Thank you.
    The gentleman's time has expired.
    Ms. Biggert.
    Ms. Biggert. Thank you, Mr. Chairman.
    I think I will go back to computer science in general.
    But how can we determine if federal funding is adequate? 
Dr. Marburger, you mentioned a 33 percent drop in DARPA's 
funding in NITRD. Was there debate over whether that was 
appropriate? And do other agencies need to pick up the slack? 
And are they doing so?
    Dr. Marburger. The NITRD budget is a composite of budgets 
from each of the agencies, and we only get the information 
about these numbers after the budget is already out. We do 
produce a supplementary report associated with the budget 
request each year that has these numbers in it, but they are a 
composite of decisions that are made in the agencies.
    Now when we see the amounts that are actually out there, 
then we bring the agencies together, through the coordinating 
committees that we have, and discuss what the significance is 
of these numbers, and try to identify holes and strategies for 
making the requests in the following budget year. That is how 
it works.
    So that obviously leaves room for fluctuations in programs 
that are unexpected. But in general, we try to have 
communication among the agencies so that they are aware of 
impacts of decisions that one agency might take on the others.
    Ms. Biggert. Well, but then you see the numbers and see 
that DARPA has dropped their funding. Is that a problem, or do 
other agencies then up the amount of money that they are going 
to put into something?
    Dr. Marburger. We have conversations all of the time about 
how the agencies will fulfill their missions and the priorities 
that they establish for them. I am going to ask Dr. Tether to 
say a word about that at this point.
    Dr. Tether. Let me first say that Dr. Marburger does a 
great job. You know, he calls us into hearings, and sometimes 
we say, ``oh, we are busy,'' and he says, ``There is still 
going to be a hearing,'' and we do eventually go. And we talk. 
And we do do a lot of talking. He really does a great job.
    Now on the budget that he is talking about, unfortunately, 
it is not really fair to say that we dropped IT that much 
because it is an accounting problem. The way the crosscuts are, 
the money that we put into cyber security, for example, which 
are all IT, are not included in that cut, because it is 
included in another OMB cut. The amount of money that we put 
into microelectronics and things like spintronics, which is 
making the brand new memories for the future, which again you 
would think would be IT, are not included in that number he 
gave, because it is another OMB cut, and OMB did not want us to 
take the same dollar and have it show up three places. And so 
unfortunately, what you have is a decrease, which if I were to 
add all of the IT that I also provide to these other two 
organizations, they would not--it would not have shown that 
much of a drop.
    Ms. Biggert. But was that in the previous year? I mean, if 
you have a drop there, with the dollars that you have got in 
that funding, it still is a drop. Something has been cut out of 
it.
    Dr. Tether. Well, the problem is that the comparison is 
over years where these other programs are brand new programs, 
so they wouldn't have appeared in the first category. I really 
can't say. I am trying to actually, because of this controversy 
over this drop, do exactly what you are asking, try to get a 
true apples-to-apples comparison, forget what OMB tells us to 
do, God bless us, you know, but we will add up----
    Chairman Boehlert. I wish you had that luxury.
    Dr. Tether. We will add up IT apples to apples and see what 
it turns out to be. But, by the way, we have lots of 
conversations about this subject. And I wish we knew, I wish we 
had an algorithm out of which would spit out exactly how much 
funding should go into a particular discipline. I mean, I 
really wish we had that.
    Ms. Biggert. Will you make that available to us, then?
    Dr. Tether. Yes, I will.
    Ms. Biggert. Thank you.
    Thank you, Mr. Chairman.
    Chairman Boehlert. Thank you.
    Ms. Jackson Lee.
    Ms. Jackson Lee. Thank you very much, Mr. Chairman. This is 
an important hearing, as a number of our hearings have been, as 
we have focused on some of the deficiencies in the oversight 
responsibilities that we have.
    I would like to focus my remarks, and I would ask unanimous 
consent, Mr. Chairman, to put my total opening statement into 
the record.
    Chairman Boehlert. Without objection, so ordered.
    Ms. Jackson Lee. Thank you.
    I would like to just focus my remarks on the perception 
that I have, and that is that we are in trouble, frankly, and I 
am not sure if we are going to dig ourselves out of the hole. I 
think we are in trouble because we are not creating a legion, 
an army of new technocrats. I recall some years ago when every 
graduating senior was talking about being a computer scientist. 
Unfortunately, the thrust of that computer scientist or doing 
computer work was working on computers. It really had nothing 
to do with creating new technologies. It certainly had nothing 
to do with software technology, which at that time we were very 
proud to have focused in the Silicon Valley. Even now, we are 
draining the resources out of that particular region, and much 
of our work is finding itself offshore in places like China.
    I happen to be holistically concerned about the world's 
upliftment, but I would also argue that it has always been the 
United States' ability to survive to be at the cutting-edge.
    I cite as a premise, or one of my premises, the work of 
Vinton Cerf and Robert Kahn that was noted in ``An Endless 
Frontier Postponed,'' in Science, Volume 308, May 6, 2005. It 
specifically notes that in June, these scientists will receive 
the A.M. Turing Award from the Association for Computing 
Machinery based upon their creation in 1973 of the language of 
the Internet. Where would we be if we did not have the language 
of the Internet? Twenty years later, the Mosaic web browser 
gave the Internet its public face. This, of course, had some 
basis in our public funding. And of course, DARPA was 
organized--it funded TCP, but the Soviet satellite Sputnik in 
1957 led to the creation of DARPA, a very important agency, and 
it has been on the cutting-edge. U.S. IT research grew largely 
under DARPA and the National Science Foundation.
    So if we are underfunding our university research, and I 
cite for you the numbers that may have already been cited, but 
I want them in the record. Between fiscal year 2001 to fiscal 
year 2004, DARPA support for university-based, non-classified 
research dropped by order of 40 percent from $214 million to 
$123 million. The Internet research that these two gentlemen 
will be honored for, as I understand, was not military-
classified research, and therefore, here lies my angst.
    If you look at the number of potential scientists in this 
area or in the area of physics, chemistry, and other areas, we 
know that our numbers are going drastically down. We also know 
that we are suffering because of a lack of technology. I will 
give you one example. In talking about securing America and 
cargo screening, simple screening of cargo in airplanes, right 
now we screen every single suitcase of a traveling passenger on 
an airplane. We do not screen cargo. That raises a great 
outcry, and of course, the easy response is, ``Go screen 
cargo.'' It makes sense. But in fact, we don't have the 
technology to be able to screen cargo. A sad state of affairs.
    In fact, I think the very infrastructure and underpinnings 
of Homeland Security is technology. One, when we speak about 
improving our security at the borders, we talk about 
technology, the new types of screening technology. When we talk 
about securing, if you will, various documents, we talk about 
cyber security and the vulnerability of that.
    So my general question would be aren't we in a mess. And 
how do we get out of that mess? Where are the advocacy groups 
to demand? You know, the National Science Foundation has its 
public underpinnings, fearful of any misstatements to go 
contrary to Administration policies, no matter what the 
Administration might be. It might be Democrat or Republican or 
otherwise. Where are the voices to suggest that we are not 
training a whole battalion of scientists to come forward, and 
computer science happens to be uniquely situated? You don't 
have the high school students taking physics. And I have heard 
some questions about we should--or some comments of what we 
should be doing, but it is going to take money.
    So maybe I could just get one response from that. My time 
is out, but I think we are in a mess, and it is hard to dig out 
of it, and I really don't hear any voices being provocative and 
thinking out of the box.
    I yield back. If there is someone who wants----
    Chairman Boehlert. Well, the gentlelady's time is expired 
with her initial summary of events, but we will ask the 
witnesses. She has restated something that we are all vitally 
concerned about and all working, hopefully, to address.
    Who wants to respond?
    Dr. Marburger.
    Dr. Marburger. Let me say a few words about this. There is 
no question that the world is changing rapidly, and nations 
that formerly did not have the capacity to participate in a 
technology-based economy are acquiring that capacity very 
rapidly. And the rates of change are very impressive, and they 
are to be taken quite seriously, which is why we really have to 
tune up our own priorities as a Nation. And certainly computer 
science and cyber security are among those priorities.
    The situation is not as gloomy as it seems, and some of 
these dramatic rates of change have to be put in perspective. 
The absolute numbers of scientists in these developing 
countries are much smaller than in the United States, for 
example. We should welcome the emergence of new economies that 
can participate in our own trade and help us to resolve 
problems of society.
    But there are some good stories here, and as a result of 
efforts that Administrations have made, the number of high 
school graduates that take a physics course is, in fact, going 
up. It has not been going down. In a decade, it has increased 
from about one-fourth of all high school graduates to about--to 
more than one-third of all high school graduates. So the 
numbers of scientists are going up. It fluctuates with the 
kinds of programs that we have or the prospects for jobs in 
these areas, but the indicators are, by no means, as 
universally bleak as we hear. That does not mean that we should 
not take these issues lightly. We must continue to support the 
areas that we know our economy in the future depends upon.
    Thank you.
    Chairman Boehlert. Thank you very much, Dr. Marburger, but 
Ms. Jackson Lee is absolutely right with the general thrust of 
her comments. I mean, this glass is not half full. And when the 
NSF education directorate, for example, is being asked to 
absorb a rather substantial cut, we sort of think that some 
people have priorities wrong. And so we are trying to address a 
wide range of subjects.
    And in response to Mr. Rohrabacher's earlier comments, I 
would point out that one of the long-range investments we need 
to make as a Nation is do a hell of a lot better than we are 
doing in K-12 science and math education, because all of you 
are not going to get what you need in the future to do what we 
demand of you and expect of you unless we start at the 
beginning. So the whole science enterprise, as I refer to it, 
requires more investment. And we are not just throwing money at 
things. And it is naive to suggest that any investment in long-
term research--the investors have every right to expect that 
every dollar invested is going to produce immediate significant 
results. I mean, that just defies basic logic when you are 
dealing with research matters.
    But let me ask just----
    Ms. Jackson Lee. Mr. Chairman, would you yield for just one 
moment?
    Chairman Boehlert. I will for one moment.
    Ms. Jackson Lee. All right.
    I appreciate Dr. Marburger's comments, and when I say 
bigger and better, I don't suggest, Mr. Chairman or panelists, 
that we should be arrogantly bigger and better. But one physics 
course is good, but it is not cutting-edge technology. That is 
what I am fearful of is that we are losing that, and I hope 
that we can be working toward that effort collectively.
    Chairman Boehlert. Thank you.
    Ms. Jackson Lee. I yield back.
    Chairman Boehlert. Thank you very much.
    What I would like to do to wrap up is say, Dr. Tether, you 
feel we have sort of backed you into a corner. That is not our 
goal at all. But let me ask Dr. Wulf and Dr. Leighton, what 
isn't DARPA doing now that you think they should be doing? Give 
us some guidance.
    Dr. Leighton. Well, I would like to start in the area of 
cyber security. DARPA has, by and large, withdrawn the bulk of 
their funding for university research in the area of cyber 
security. And I think you can see the explanation of that in 
page 16 of Dr. Tether's written testimony where it is 
documented in the various areas in computer science, at large, 
what has happened there. And part of that is through 
classification. And I think, you know, a great example is the 
work that Dr. Tether quoted from Rome labs in trying to contain 
a virus that was released two and a half years ago.
    If, indeed, DARPA can discover a way to stop the spread of 
viruses, that is vital technology for the government to be able 
to use just to defend itself and for enterprises and our 
companies and our schools and the people at home to defend 
themselves. If it is classified and not going to be released to 
the general public to be able to defend themselves, then one 
can question the value of the research. And if the concern is 
that by releasing it the bad guys are going to find a way 
around it, then one questions the value of the research in the 
first place, because if you can't actually use it to defend 
yourself because you are worried the bad guys are going to get 
around it, then it wasn't a very good thing to do. And it is 
vital, I think, to have the university researchers who are, in 
some ways, in the best position to develop entirely new 
approaches to cyber security, which our Internet and our IT 
network systems need.
    And I would also like to say, it is not just viruses and 
worms. The fundamental protocols that make up the Internet, the 
domain name system, which is the equivalent of the 411 service, 
BGP, which routes your packets in the Internet, they have no 
security at all. I could pretend to be a bank. I can steal your 
banking passwords today without you having a clue that I have 
done it. It is called pharming. And there are many different 
ways to do pharming today. And you will see, I think, an 
increasing number of articles in the paper of just more and 
more people that have their identity stolen. And so I think 
university research plays a critical role in the long-range 
thinking about how do we start over again with the Internet in 
the same way that you see university research having an impact 
on lowering the cost of computing or developing the Internet. 
And in the past, these efforts were funded by DARPA as part of 
a basic research program at universities in computer science, 
and that is what is changing. And that is what is causing the 
problem.
    Chairman Boehlert. Dr. Wulf.
    Dr. Wulf. I have two points, just one very briefly on 
classification.
    In the computer security, cyber security research domain, 
there is a phrase that you will hear a lot. That phrase is: 
``There is no security in obscurity.'' That is, if you are 
depending upon something not being known, that is itself a 
vulnerability, which can be a very, very serious one.
    So, for example, in all of the work on cryptographic 
algorithms, the method of cryptography is published broadly. It 
is only the key that you have to depend on. So if it is 
necessary to classify some of this material, I can see 
classification, by the way, for offensive techniques. But if it 
is necessary to classify defensive techniques, they are 
probably not very strong techniques.
    Chairman Boehlert. Look, let me just ask you something 
else, and Dr. Tether, I will give him a chance, but is it just 
a question of more funding? Because I can guarantee you what 
Dr. Tether requested as it worked its way out was a hell of a 
lot more than he got, and justifiably so. He can justify and 
make a good case for a number of items that he had requested 
money for that were stricken from the request. So that is the 
reality of dealing in this town in the whole budget process.
    So is it just getting more money, or is it--do you suggest 
that maybe some investments are made in areas that you would 
assign a lower priority to and take those resources and put 
them in areas that you think are deserving of a higher 
priority?
    Dr. Wulf. That is, in fact, exactly the second point that I 
wanted to get to.
    It is not just more money. It also has to do with the style 
of funding. Now this may sound nostalgic or something like 
that, but when I was being funded by DARPA--ARPA, actually, 
back in the '70s and early '80s, DARPA made very long-term 
agreements. Certainly they monitored what we were doing, but 
they understood that results might not occur for five years, 10 
years. The style that ARPA has--DARPA has gone to more recently 
are very short-term contracts and require demonstrable 
deliverables every 12 months. That, no matter what the amount 
of money, builds in a short-term focus that--well, I just think 
we are missing about----
    Chairman Boehlert. Thank you.
    And in all fairness, and I don't mean to get in point/
counterpoint, but Dr. Tether, who we value very highly as a 
resource to this committee, we want to give you a chance to 
comment on that observation.
    And then I will wrap it up with a final question to Dr. 
Marburger about the future of PITAC.
    Dr. Tether.
    Dr. Tether. Okay. Let me--I have two comments.
    One is on these so-called deliverables. They are really not 
deliverables. What we do in our programs, they are really long-
range programs. What we do, what our program managers do, is we 
ask them to say okay, what is the first thing that has to be 
true in order for this, whatever you are doing, to happen? And 
then what is the second thing? Because there is no sense 
spending money on the second thing if the first thing is not 
going to be true. And we have them lay out a program over many 
years that has these gates that have to be passed. We call them 
go/no-gos, which I think frightens some people. But it is a 
little bit to me like what is happening at universities is that 
you go in as a freshman and you spend four years, give them 
your money, and you get a degree and never had to take an exam. 
You never had to show that you had the knowledge to pass 
Physics 1, and that is a go/no-go. That is all we are really 
talking about here is a way to measure progress. And that 
progress is being put together.
    Now we have our 6.1 program, which is what he is nostalgic 
about, which is the basic research, which is just really done 
with grants. And with these grants, you typically give somebody 
a couple years, two or three years of money. You don't say, 
``Write if you get work,'' but it really is somewhat unfettered 
research. And that money is a small amount of the DARPA budget, 
and always has been a small amount of the DARPA budget. You saw 
what I have, about $150 million in 6.1, and $90 million of that 
goes to universities. And it goes in the form of grants.
    The rest of the money, the other $450 million going to 
universities is really in creating products. And when you get 
into the creating products business, or the demonstration 
business, it is not unreasonable to have somebody tell you, 
``What is your plan? How are you going--what are your metrics? 
How are you going to measure yourself to know that you are 
making progress?'' And that is what these so-called 
deliverables are about. These are negotiated between us and the 
person doing the work. Now if they don't want to do that, then 
they shouldn't try to get into the 6.2 or 6.3 arena, because 
that is a different arena than the normal universities.
    Now the second thing. You know, I don't get any actionable 
information from these guys. I get a wringing of hands that the 
money is going down, but not one person has ever clearly 
defined, and you asked for it, the specific research that is 
not being done, the problems that are not being solved, or the 
progress that is impeded. Not one of them is saying, ``Look, 
you are not funding me, and I was on the verge of creating the 
unifying theory of computer science.'' All of the people that 
you hear complaining are only complaining because they are not 
being funded, but they are never telling you what it is that 
they want to do, other than get the money.
    Chairman Boehlert. Well, we could be engaged all afternoon 
in this subject, but we will ask specifically from Dr. Wulf and 
Dr. Leighton, for the record, and we would ask for a timely 
submission, in response to the challenge that Dr. Tether has 
rightfully advanced.
    Dr. Tether. And not say that it is classification that is 
the problem. I want to know the problem that they want to work 
on that if they got the money, and the only thing stopping them 
is getting the money, to work on a specific problem that they 
can do it, it would be fantastic. And it could be something 
that could take 20 years. We are used to that, because I will 
tell you, Mr. Sherman, you know, I don't know what he is 
worrying about, but he doesn't have to worry about the 
cognitive research that we are doing achieving what he is 
worried about in a long time.
    Chairman Boehlert. Well, I think Dr. Wulf and Dr. Leighton 
are up to the challenge, and so you will respond to the 
challenge offered by Dr. Tether, to him and a copy to the 
Committee, please.
    And Dr. Marburger, what about PITAC? Are you going to renew 
it?
    Dr. Marburger. The PITAC charter is up shortly, and there 
is a process for examining all Presidentially-appointed 
Advisory Committees that has begun, and it is in process, and 
that is about all I can say at this point.
    Chairman Boehlert. What about your gut feeling right now?
    Dr. Marburger. Well, Mr. Chairman, as the President's 
Science Advisor, I don't have just gut feelings. I try to speak 
from best knowledge, and I would prefer not to second-guess the 
President on any Presidentially-appointed committee.
    Chairman Boehlert. I see. But what about--what--it is in 
statute, counsel points out. PITAC is in statute.
    Dr. Marburger. Yes.
    Chairman Boehlert. So you are saying your authority, 
statutory authority expires on a date certain, and then what? 
You are going to have a recommendation from the Administration 
whether----
    Dr. Marburger. Right.
    Chairman Boehlert.--to renew, and that will require a new 
statute?
    Dr. Marburger. I am not sure about the legal status. I am 
aware that there are usually long delays and times associated 
with reconstituting Presidential Advisory Committees. And in 
response to legislation and to statute, the President usually 
does this through a series of Executive Orders, and the 
Executive Order under which the current PITAC has operated is 
due to expire, and a new Executive Order is required. And that 
process of generating a new Executive Order, deciding what the 
content of it will be and so forth, it is taking place.
    Chairman Boehlert. We are confident that you will give the 
President the benefit of your best judgment.
    Dr. Marburger. Thank you.
    Chairman Boehlert. And with that, let me say thank you to 
all of you for appearing here today. Pretty darn important 
subject matter. The room should be filled to capacity, and the 
press corps should be here, you know, weighing every word you 
are say, because what we are talking about is very, very 
important, and so thank you for what you do so well. And 
continue the good work. And we will continue the relationship 
we have. We are partners in this venture.
    This hearing is adjourned.
    [Whereupon, at 12:15 p.m., the Committee was adjourned.]


                              Appendix 1:

                              ----------                              


                   Answers to Post-Hearing Questions


Responses by John H. Marburger, III, Director, Office of Science and 
        Technology Policy, The White House

Questions submitted by Chairman Sherwood L. Boehlert

Q1.  You said at the hearing that the NITRD budget is a ``composite of 
budgets from each of the agencies, and we only get the information 
about these numbers after the budget is already out.'' This statement 
implies that there is no active planning process that considers overall 
NITRD goals in determining individual agency budget allocations. Is 
this the case? If not, was there debate over whether DARPA's 33 percent 
drop in NITRD funding (over the last five years) was appropriate? Do 
other agencies need to pick up this slack, and are they doing so?

A1. Agencies determine their budget requests for R&D in NITRD Program 
areas after close interagency coordination through a series of formal 
and informal meetings of Coordinating Groups, Interagency Working 
Groups, and the NITRD Subcommittee itself, many of which OSTP oversees 
or participates in. This process involves setting federal priorities 
for IT R&D, determining agency priorities within these, and 
coordinating federal spending to ensure that the priorities are met. 
However, as I stated, the specific agency spending levels reflected in 
the President's Budget are not finalized until just prior to its 
release, and therefore the complete, final details of the budget for 
the NITRD Program are not available until then.
    The level of DARPA funding that falls within the NITRD Program 
reflects the evolution of DARPA's priorities, and an increasing 
emphasis on interdisciplinary R&D. This emphasis on interdisciplinary 
R&D for tackling important defense-related technological challenges 
evolved over the last five years while being shaped by the NITRD 
interagency planning and coordination process. The growth in the 
overall NITRD program budget during that period demonstrates that the 
NITRD Program agencies continue to address the Federal Government's 
priorities for information technology R&D.

Q2.  What impact is DARPA's reduced support for computer science 
research having on the Federal Government's ability to meet its overall 
objectives in information technology?

A2. The overall NITRD Program budget grew from $1,928 million in 2001 
to the budget request of $2,155 million in 2006. That this happened 
during a tight budget climate demonstrates that information technology 
R&D continues to be a priority for the Administration. The Federal 
Government continues to invest in the R&D needed to meet its overall 
objectives in information technology. However, at the same time, DARPA 
has been investigating new R&D topics, including some that are not 
necessarily central to the NITRD focus areas and that may lead to 
future discoveries that could unlock unexpected areas of future 
computer science investigations. The IT R&D investments at DARPA and 
the other NITRD agencies provide a healthy mixture of types and topics 
of research that will contribute to broad advances across a wide range 
of science and technology.

Q3. What criteria should we be using to determine if federal support 
for fundamental research in computer science in general and cyber 
security in particular is adequate?

A3. The determination of what is ``adequate'' depends on one's 
perspective. Federal agencies generate their budgets in the context of 
their overall mission and develop priorities that are consistent with 
that mission. Adequacy is thus judged in light of meeting mission 
needs. From the standpoint of the broader S&T portfolio, we must 
balance new and emerging research areas with currently productive ones, 
which can result in different trade-offs.
    While we don't have specific criteria we can use to set funding 
levels for our research investments, in general we ask if overall S&T 
funding levels are reasonable and balanced, if a large share of 
research proposals are proposed competitively and are awarded in a 
merit-reviewed process by technically qualified reviewers, if agency 
missions determine the funded projects and levels, and if agency 
management and oversight processes lead to the performance of high-
quality research. These standards have been used in the formulation of 
the President's Budget Request.
    More specific to computer science and cyber security, we consider 
many factors including protecting infrastructure, safeguarding 
commerce, and preserving privacy, but what is ``adequate'' remains a 
fundamental question, particularly with such a dynamic system, where 
the threats constantly evolve and adapt.

Question submitted by Representative Dave G. Reichert

Q1.  The Advanced Scientific Computing Research (ASCR) program provides 
the Department of Energy (DOE) with world class scientific computation 
capabilities and high-throughput networking research. The ASCR program 
is a multidisciplinary effort involving teams of mathematicians, 
computer scientists, and application area scientists working to develop 
new scientific simulation codes, technologies, and the networking 
capacity required to fully exploit the next generation of Leadership 
Class Computing resources.

     One rapidly emerging mission need is cyber security. Cyber threats 
are becoming increasingly malicious, and regularly outpace the 
protections that can be put in place using the current ``border-based'' 
cyber security model. There is an urgent need for aggressive design and 
implementation of novel integrated cyber security systems that would 
coordinate both protective and response measures. Development of such 
architecture will require close cooperation between researchers and 
operational cyber security personnel to build an effective, layered 
approach that is tested and vetted in an operational environment. DOE's 
national laboratories provide an ideal environment to conduct such a 
cyber security program to develop solutions for both the classified and 
the open science communities, but current funding may be insufficient 
to initiate a cyber security effort adequate to this challenge.

     Dr. Marburger, do you agree that the DOE's Office of Advanced 
Scientific Computing Research should create cyber security research 
testbeds at its national laboratories? Pacific Northwest National 
Laboratory (PNNL), in my home State of Washington, is an ideal site for 
such an undertaking.

A1. While cyber security research testbeds are an important component 
of the overall cyber security R&D activities for the Federal 
Government, there is already a significant investment across federal 
agencies in such testbeds, including DETER (Defense Technology 
Experimental Research) and EMIST (Evaluation Methods for Internet 
Security Technology), both jointly funded by DHS and NSF; ISEAGE 
(Internet-Simulation Event and Attack Generation Environment), funded 
by the Department of Justice; and another cyber security testbed for 
emulating current and legacy industry environments at the Idaho 
National Laboratory. This Department of Energy testbed has synergies 
with other testbed activities at the Laboratory, including a wireless 
testbed, a SCADA testbed, and the Critical Infrastructure Test Range. 
Additional investments in cyber security testbeds must be weighed 
against other important cyber security priorities.

Questions submitted by Representative Bart Gordon

Q1.  The President's Information Technology Advisory Committee (PITAC) 
report on cyber security finds the current federal effort unfocused and 
inefficient because of inadequate coordination and oversight. The 
PITAC's upcoming report on computational science, according to 
preliminary reports from the committee, faults the federal interagency 
Networking and Information Technology R&D program for placing too much 
focus on incremental and tactical planning rather than on strategic 
planning.

     What is your response to these findings, and do you see a need for 
changes to refocus and improve the interagency planning process for 
information technology research and development?

A1. The current interagency coordinating body for cyber security R&D is 
the Critical Information Infrastructure Protection Interagency Working 
Group (CIIP IWG), which reports to the Infrastructure Subcommittee of 
the NSTC. The PITAC report concluded that the federal coordination of 
cyber security R&D would be more focused and more efficient if a 
coordinating group were formed under the Networking and Information 
Technology R&D (NITRD) Subcommittee. To implement the recommendation of 
the PITAC for improving coordination, the charter for the CIIP IWG is 
being changed so that the IWG reports to both the Infrastructure and 
NITRD Subcommittees, where it will now be known as the Cyber Security 
and Information Assurance (CSIA) IWG, a name that more accurately 
reflects its activities. Reporting to both Subcommittees has several 
advantages. First, it maintains the vital connection between the 
security of our cyber and physical infrastructures through the 
Infrastructure Subcommittee. Second, it strengthens the integration of 
cyber security with the rest of the Federal IT research portfolio. 
Finally, it provides the IWG with technical and administrative support 
through the National Coordination Office for IT R&D. Completion of this 
reorganization is imminent.
    The PITAC report on computational science recommends the 
development of a multi-decade roadmap for R&D investments in 
computational science, and a restructuring of computational science 
activities within universities and federal agencies that better mirrors 
their interdisciplinary nature. Specifically, it recommends tasking the 
National Academies to launch studies and convene task forces that seek 
to address each of these goals. Based in part upon early input from the 
PITAC, the Analytical Perspectives of the 2006 Budget directs the 
National Coordination Office to commission an NRC study of scientific 
questions ``for which an extraordinary advancement in our understanding 
is difficult or impossible without leading-edge scientific simulation 
capabilities.'' Additional studies to facilitate the development of a 
strategic roadmap for computational science are also being considered.
    While several of the recommendations of the PITAC for both cyber 
security and computational science are already being implemented, they 
contribute to an already strong and effective interagency planning 
process for the NITRD Program. Interagency coordination, including 
budget planning, is active and vigorous. In 2005, the Supplement to the 
Budget for the NITRD Program was delivered to Congress in mid-February. 
Both the content and the timing of the Budget Supplement are evidence 
of the strength of interagency coordination.

Q2.  What efforts are now being made and what mechanisms exist to 
transition the results of federally funded cyber security research to 
commercial products and methods, and do you have recommendations for 
additional federal efforts in this area?

A2. There are several existing agency programs aimed at cyber security 
technology transfer. These include the Computer Security Resource 
Center and the Cryptographic Module Validation Program, both at the 
National Institute of Standards and Technology, and several pilot 
projects and deployments of cyber security technology funded by the 
Department of Homeland Security. The PITAC report on cyber security 
makes some constructive suggestions regarding ways to increase 
technology transfer, including the suggestion of an annual cyber 
security interagency workshop with industry participation.

Questions submitted by Representative Sheila Jackson Lee

Q1.  While I am unsatisfied by the status of computer science research 
being conducted on the federal level, I am also disturbed by the lack 
of female and minority representation in the field of computer science. 
The statistics show that women and minorities are not being 
proportionally represented in academia when it comes to computer 
science. In 2003, women represented barely over 20 percent of the 
computer science doctoral degrees granted. The same statistics show 
that in 2003 the White population made up about 70 percent of the 
doctoral degrees granted to U.S. citizens and permanent residents. At 
the same time, Asian/Pacific Islanders made up about 20 percent of the 
doctoral degrees granted, but Blacks, Hispanics and American Indian/
Native Alaskans made up less than five percent of the doctoral degrees 
granted. These statistics are very discouraging and show that we are 
not reaching out to our entire population. Indeed, the problem starts 
in the classroom, where many under-privileged youth do not have nearly 
the same access to computers and the Internet. If they don't have this 
background at an early age, its not surprising that they don't pursue 
the field in higher education and later in life. What are we doing to 
reach women, minorities and the under-privileged in our society?

A1. Access to educational opportunities is an important prerequisite 
for a career in scientific research, but even more important is 
continuity of preparation; that is, adequate education at every grade 
level. At the heart of President Bush's signature education initiative, 
the No Child Left Behind (NCLB) Act, is a commitment to eliminate the 
achievement gap between minority and white students by insisting on 
greater accountability and ensuring that all students have access to a 
quality education. This kind of strong academic foundation can lay the 
groundwork for more students to pursue careers in science and 
engineering. Continued implementation of NCLB is an important step 
towards the goal of representative participation by women and 
minorities in all S&T fields.
    To improve educational outreach specifically with minority 
populations, President Bush has issued 1) an Executive Order in October 
2001 establishing a President's Advisory Commission on Educational 
Excellence for Hispanic Americans in the Department of Education to 
provide advice on closing the achievement gap for Hispanic American 
children in reaching the goals outlined in NCLB; 2) an Executive Order 
in February 2002 establishing the President's Board of Advisors on 
Historically Black Colleges and Universities in the Department of 
Education to provide advice on ways to strengthen the capacity of 
historically black colleges and universities to provide the highest 
quality education; and 3) in May 2004 an Executive Order establishing 
an Interagency Working Group on American Indian and Alaska Native 
Education to provide assistance in meeting the goals of the NCLB with 
Native populations in a manner that is consistent with tribal 
traditions, languages and cultures. Additionally, Mrs. Bush in June 
2004 accepted the position of Honorary Chair of the Advisory Committee 
for the Extraordinary Women Engineers Project, an awareness and 
outreach program designed to encourage young women to choose 
engineering as a career and to develop a new generation of role models 
for those already in the field.
    Many federal agencies have on-going programs that target women, 
minorities and the under-privileged directly. For example: at the 
National Science Foundation (NSF), the Louis Stokes Alliances for 
Minority Participation Program is aimed at increasing the quality and 
quantity of students successfully completing science, technology, 
engineering and mathematics (STEM) baccalaureate degree programs and 
increasing the number of students interested in, academically qualified 
for, and matriculated into programs of graduate study. NSF's ADVANCE 
program focuses on increasing the participation and advancement of 
women in academic science and engineering careers. Additionally, from 
an institutional perspective, NSF's Centers of Research Excellence in 
Science and Technology (CREST) program makes resources available to 
significantly enhance the research capabilities of minority-serving 
institutions through the establishment of centers that effectively 
integrate education and research. CREST promotes the development of new 
knowledge, enhancements of the research productivity of individual 
faculty, and an expanded diverse student presence in STEM disciplines. 
NSF currently provides support for 14 CREST Centers.
    There are also other programs at other agencies. The Department of 
Education's Minority Science and Engineering Improvement Program 
supports grants to institutions of higher education that are designed 
to effect long-range improvement in science and engineering education 
at predominantly minority institutions and to increase the 
participation of under-represented ethnic and racial minorities in 
scientific and technological careers. The National Aeronautics and 
Space Administration's Minority University Research and Education 
Program focuses on collaborative efforts with minority serving 
institutions to support the advancement of under-represented students 
in the fields of math, science, engineering, and technology.
    Recently, in an effort to coordinate on and maximize the impact of 
such agency programs, the National Science and Technology Council's 
Subcommittee on Education and Workforce Development has overseen the 
establishment of a Science Education Resource Virtual Diversity Center 
which will serve as a the major STEM education content portal for 
federal programs that target increased participation from women, under-
represented minorities, and persons with disabilities, and will be a 
tool for sharing information on all strategies designed to address the 
Nation's STEM workforce needs.

Q2.  The PITAC cyber security report makes specific recommendations for 
increased cyber security research funding for NSF, DARPA and DHS.

Q2a.  What is your reaction to this recommendation; will future 
Administration budget requests respond to this recommendation?

A2a. Funding for cyber security R&D must be considered in the context 
of agency missions, agency budgets, the overall R&D budget, and the 
total federal budget, for which there are many competing priorities. A 
recommendation calling for a substantial increase in funding for a 
particular R&D area, given the current severely constrained fiscal 
environment, implies a re-prioritization of existing research areas. 
Any such re-prioritization must be based on an in-depth understanding 
of areas where specific gaps in our knowledge exist. Agencies are 
currently involved in developing this understanding to inform future 
budget development activities.

Q2b.  Why does DHS now spend only 1/10 of two percent of their Science 
and Technology budget on fundamental research for cyber security? Is 
this an appropriate funding level?

A2b. The Science and Technology budget for the Department of Homeland 
Security funds a wide range of activities that include R&D to address 
radiological, nuclear, chemical and biological threats to the homeland, 
as well as cyber security research to address threats to our nation's 
information infrastructure. The S&T directorate must balance the 
funding for cyber security R&D against these other priorities. 
Moreover, many of the activities funded through the DHS S&T directorate 
are short-term development investments to quickly generate the tools 
necessary for the detection and prevention of catastrophic physical 
attacks, essential to protect our nation from weapons of mass 
destruction. Such short-term tool development activities are inherently 
more expensive than research, which tends to skew any comparisons to 
research funding.
                   Answers to Post-Hearing Questions
Responses by Anthony J. Tether, Director, Defense Advanced Research 
        Projects Agency

Questions submitted by Chairman Sherwood L. Boehlert

Q1.  During a discussion with Representative Biggert at the hearing, 
you said that the 33 percent drop in DARPA's NITRD budget between 
fiscal year 2002 (FY02) and FY06 was inaccurate because of an OMB 
accounting problem, and you agreed to provide the Committee with an 
``apples-to-apples'' comparison that would better explain DARPA IT 
support over the last five years. With that in mind:

Q1a.  Please provide the correct budget numbers for FY02 to FY06 for 
DARPA's overall spending on information technology R&D. Include 
information about how much of those funds went to universities each 
year.

A1a. 



Q1b.  Please explain any discrepancies with the published NITRD 
numbers.

A1b. Line 1 reflects DARPA's NITRD submissions published in the ``Blue 
Book'' for FY02 to FY06, which are based on the President's Budget 
Request. Line 2 reflects actual funding after appropriations. Lines 3 
and 4 include additional Nanotechnology and Information Assurance 
programs that fit the NITRD categories but were previously excluded to 
avoid double counting on other OMB crosscuts. Line 5 reflects the total 
of these additions.

Q1c.  Please explain DARPA's interaction in the NITRD budget process, 
including how you interact with OMB and OSTP in planning activities and 
in finalizing the numbers that are included in the annual ``blue 
book.''

A1c. Initial estimates for the annual NITRD submission are requested by 
the Office of the Secretary of Defense (OSD) Comptroller in the 
November/December timeframe as the Department is finalizing budget 
controls for the upcoming President's budget submission. The OSD 
Comptroller's office then forwards these estimates to the Office of 
Management and Budget (OMB) Analyst responsible for OMB Max C Data 
reporting. Often these numbers are requested prior to the final budget 
lock for the President's budget which usually occurs in the first week 
of January. A staff member from the National Coordination Office for 
Information Technology R&D contacts DARPA in the February to May 
timeframe to verify the NITRD final amounts for printing of the ``blue 
book.'' At that time, if required, DARPA updates the numbers to reflect 
the final President's budget.

Q2.  At the hearing you described DARPA's research in cognitive 
computing as an example of long-term IT research.

Q2a.  What is the funding for this program, and how much of this 
funding is going to universities, and to computer science faculty? 
Please provide data for FY00 to FY05. Also, what funding is planned in 
this area for FY06 and beyond?

A2a. Funding for the Cognitive Computing Systems program is shown below 
with associated university funding. DARPA research in this area started 
in FY 2002.



Q2b.  What other long-term research is DARPA currently supporting in 
computer science? How much funding in those programs is going to 
universities? How much is classified?

A2b. As previously reported in my testimony, the total DARPA Computer 
Science Research funding is below and covers the areas of High 
Performance and Global Scale Systems, Information Assurance and 
Survivability, Language Translation, Cognitive Systems, Nanotechnology 
and the applications of these efforts in the Networking, Logistics, 
Communications and Classified areas. More details on individual 
programs can be found in DARPA's detailed budget request.



Q3.  What is DARPA's response to the recommendations in the recent 
President's Information Technology Advisory Committee (PITAC) report on 
cyber security?

A3. While recognizing the budget restraints that all federal agencies 
must operate under, DARPA wholeheartedly agrees with the idea that both 
the National Science Foundation (NSF) and the Department of Homeland 
Security (DHS) should increase their support for commercial cyber 
security research to build our commercial cyber security research base 
and protect our civilian computer networks, respectively. In fact, the 
PITAC was told as much when we met with them while they were preparing 
their report. Such increases at NSF and DHS would be completely in line 
with the mission of those agencies and the cyber security challenges we 
face.
    As far as DARPA goes, our work in cyber security, what we called 
``information assurance,'' is aimed at making sure that the networks at 
the heart of DOD's transformation to network centric warfare are secure 
and robust, because the first thing a determined, sophisticated 
adversary will do is try to take down our networks. Moreover, the 
nature of our military networks will be different. These will be 
networks that must assemble on the fly without a fixed infrastructure, 
including pure peer to peer networks. We must achieve what has been 
called ``critical infrastructure protection'' without infrastructure. 
No one else, including the commercial sector or even civilian agencies, 
can or will do it for us. So, given our mission, DARPA's emphasis must 
be on those DOD problems.

Q4.  You noted in your testimony that DARPA does not directly seek 
efforts in computer science, but rather solicits ideas for achieving 
particular capabilities. Without regard to funding constraints, what 
capabilities that demand a significant focus on computer science 
research merit further pursuit by DARPA? Or, put another way: If 
DARPA's budget were to receive a significant budget increase beyond the 
President's request, what capabilities with a significant computer 
science focus would you pursue?

A4. As I mentioned during the hearing, DARPA is perhaps the only agency 
actually doing something major to maintain our edge in high-performance 
computing--a subject that is of great interest to this committee and 
rightly so. Our High Productivity Computing Systems program is 
designing and will build prototypes of the next generation 
supercomputer. In Fiscal Year (FY) 06 we will down-select to one team 
to build the prototypes. If we had additional money, it would be better 
to have two teams. Two teams would allow us to compare different 
approaches, have a more diverse industrial base and maintain 
competitive pressure. An extra team would cost about $70M in FY07.
    More broadly, it might be helpful to have somewhat more money for 
our work in cognitive computing, but the exact amount is hard to say. 
Our research in cognitive computing is very challenging and long-term 
and, to the extent it succeeds, will have an enormous impact. But, as 
path breaking research, adding large amounts of money to it quickly is 
not likely to get you much faster results. You would get more activity 
with more money, but since a limited number of people have path 
breaking ideas, you may not get more results. So, there might be some 
leeway for more funding in cognitive computing now, but not large 
amounts more.

Question submitted by Representative Sheila Jackson Lee

Q1.  While I am unsatisfied by the status of computer science research 
being conducted on the federal level, I am also disturbed by the lack 
of female and minority representation in the field of computer science. 
The statistics show that women and minorities are not being 
proportionally represented in academia when it comes to computer 
science. In 2003, women represented barely over 20 percent of the 
computer science doctoral degrees granted. The same statistics show 
that in 2003 the White population made up about 70 percent of the 
doctoral degrees granted to U.S. citizens and permanent residents. At 
the same time, Asian/Pacific Islanders made up about 20 percent of the 
doctoral degrees granted, but Blacks, Hispanics and American Indian/
Native Alaskans made up less than five percent of the doctoral degrees 
granted. These statistics are very discouraging and show that we are 
not reaching out to our entire population. Indeed, the problem starts 
in the classroom, where many under-privileged youth do not have nearly 
the same access to computers and the Internet. If they don't have this 
background at an early age, its not surprising that they don't pursue 
the field in higher education and later in life. What are we doing to 
reach women, minorities and the under-privileged in our society?

A1. DARPA agrees wholeheartedly that we need to get more Americans, and 
wider set of Americans, interested in computer science and science and 
engineering. The lifeblood of a place like DARPA is its program 
mangers, and it takes many years and many educational hurdles before 
someone can be hired by us. One of our biggest challenges is constantly 
finding the new people we need, people with great ideas and a passion 
to make a difference, who typically also have a doctorate and deep 
experience in demanding technical positions. You cannot just conjure up 
that kind of person when you need them.
    So, if only from a self-interested point of view, DARPA needs more 
Americans entering the educational pipeline for technical careers. In 
this context, I should mention our Grand Challenge. The whole idea 
behind the Grand Challenge is to reach out to people who ordinarily do 
not work on problems for the Department of Defense by offering a large 
prize to whomever meets the challenge first. 118 teams applied this 
year. Of the 40 teams remaining, 14 of them are from universities and 
one from a high school. Young people from across the Nation have been 
excited by the Grand Challenge (and probably the recent privately 
funded X-Prize) because that's the nature of prize competitions. The 
goals are clear and the competition is exciting, so they are like a 
high tech sporting event. Now, education is not DARPA's area of 
expertise, but maybe if various educational organizations held prize 
competitions tailored to various levels of the educational process--
university, high school, even elementary schools--such competitions 
could help lure people into technical careers by showing them how much 
fun they can have.

                   Answers to Post-Hearing Questions

Responses by William A. Wulf, President, National Academy of 
        Engineering

Questions submitted by Chairman Sherwood L. Boehlert

Q1.  What kind of computer science research isn't DARPA supporting that 
you think it should? Is it a matter of more funding or are there 
programs that are of lower priority that should be cut?

A1. There are two dimensions to the answer of this question--(1) the 
topics of research, and (2) the ``style'' of the support for that 
research, by which I mean the level of funding, the duration of that 
funding, the degree of control exercised by the funder, etc. The 
current DARPA management is, I believe, failing the country on both 
dimensions.
    Along both dimensions, there are many organizations that support 
essential incremental improvements--the service laboratories and 
service R&D support organizations, for example. There is now no DOD 
organization like the ``old DARPA,'' however, that fills the role of 
discovery of breakthrough technologies.
    Concerning the topics of research--as I noted in my written 
testimony, there is a fifteen year delay between discovery of basic 
knowledge and its appearance in product. Failure to fill this pipeline 
will not be immediately evident, but the future consequences will be 
cataclysmic. I could name a long list of areas where filling the 
pipeline is needed, but just as a sampler:

          As I have testified before, our basic model of 
        computer security (perimeter defense) is fatally flawed--we 
        will never have secure computing systems so long as this is the 
        underlying model! We need a breakthrough, and the only way to 
        get that is to support a variety of radical approaches--and to 
        expect most of them to fail! The short-term, risk-averse 
        approach being currently taken by DARPA will not yield such a 
        breakthrough.

          Our ability to produce reliable, effective software 
        seems to always totter on the brink of disaster--and 100+ 
        million dollar examples are all too common (e.g., the recent 
        problem with the FBI TRILOGY system). It ought to be obvious 
        that doing just ``more of the same'' will not solve the 
        problem; a breakthrough is needed, and, as above, the only way 
        to get that is to support a variety of approaches with a risky, 
        long-term, basic emphasis.

          It is a bit more than slightly embarrassing that our 
        current computer components are individually a million times 
        faster than our brain cells, yet computers either cannot, or 
        with great difficulty do what humans do easily. There simply 
        must be a model of computing, especially of parallel computing, 
        that we do not understand and that, if we did, would produce 
        computing architectures and algorithms of immense power.

          The use of computers in education has progressed 
        little from the ``automated drill'' model of the Plato system 
        from the 1960's. Yet we now know much more about the way that 
        people learn, physiologically and psychologically. We also have 
        tacit knowledge about how emotion interacts with learning, and 
        how to evoke emotion to train, for example, first responders 
        and troops in urban combat zones.

    I picked each of the examples above because they have a clear and 
compelling link to the mission of the DOD. Security, reliable software, 
high performance computing and education/training are all central to 
that mission--but there are undoubtedly many more such examples. To 
fail to ``fill the pipeline'' on any of them is akin to criminal--yet 
the current DARPA is AWOL on all of them!
    Concerning the ``style'' of support for topics such as those 
above--I think it is important to understand that they can't be bought 
on a competitive market in the way that incremental technology 
improvements can. I am an engineer, former CEO of an engineering 
company, Director of another engineering company, and a big fan of 
commercial development. I am also a skeptic of the academic belief that 
basic research is the source of all new ideas. But, that said, I also 
deeply believe that a program of long-term, academic, risky, basic 
research is essential to the mission of the DOD; that is a role that 
DARPA used to play but is no longer playing. Not in the near-term--but 
in the 10-15 year time frame--the U.S. is endangered by DARPA's current 
style of funding!

Q2.  At the hearing, Dr. Tether mentioned several times that his 
agency's work on cognitive computing as an example of long-range 
research underway at DARPA. Is that the kind of long-range computer 
science research that you believe DARPA should be doing? Why or why 
not?

A2. I am very sorry, but I am not sufficiently acquainted with this 
program to answer. My schedule since the hearing in May has been such 
that I have not been able to inform myself about it. If the Committee 
wishes, I will be delighted to inform myself after returning from 
Australia in late July and submit an answer at that time.

Q3.  What criteria should we be using to determine if federal support 
for fundamental research in computer science in general and cyber 
security in particular is adequate?

A3. That is, of course, one of the hardest questions to answer since 
one can never know with certainty whether the next incremental dollar 
will fund the breakthrough that revolutionizes a field, or results in a 
technology with profound implications for our quality of life.
    At least at NSF, however, the success rate for proposals is 
probably a good surrogate. Historically NSF has funded about 30 percent 
of the proposals it receives. Informal conversations with program 
officers at NSF suggests that, in fact, probably 50 percent of the 
proposals they receive are worthy of funding, so a 30 percent success 
rate is covering the really outstanding proposals. If the success rate 
for cyber security were 30 percent, I would judge the funding to be 
adequate.
    A general answer for mission agencies such as DOD and DOE is harder 
to give; each such agency must think in terms of its own needs in 
various areas. In the case of these two specific agencies, which are 
the most heavily dependent on high quality security and spend literally 
billions of dollars annually on largely manual systems, it is hard for 
me to understand why they aren't investing more on basic research in 
this area.

Questions submitted by Representative Bart Gordon

Q1.  The President's Information Technology Advisory Committee report 
on cyber security finds that the academic research community in cyber 
security is below critical mass.

Q1a.  To what extent would this be corrected simply by increasing the 
amount of research funding available?

Q1b.  Are there other impediments to bringing more researchers to this 
field aside from the availability of research funding?

A1a,b. I am strongly in agreement with the PITAC conclusion, and there 
is no question that additional funding would help increase the amount 
of research done and hence increase the production of trained 
professionals in the area of cyber security. The fact that NSF received 
12 times as many proposals as it was able to fund in its recent Cyber 
Trust Initiative demonstrates that there is a pent-up demand to do 
research in this area. I have long pointed out that there are some deep 
and very interesting problems in cyber security, and I think the 
response to NSF's initiative demonstrates that, given support, the CS 
community will be attracted to these problems.
    But, as I have said before to this committee, at least as important 
as the amount of funding is its stability--an assurance that there will 
be funds in the future. Academic reputations are built on a lifetime of 
research and so the best researchers choose problem areas where there 
is likely to be funding over their whole research career.
    Finally, the current tendency to classify security related research 
is an impediment to academic research. Speaking as one who has done 
cyber security research, much of this classification is 
counterproductive. There is a saying in the cyber security research 
community that ``There is no security in obscurity''-- meaning that if 
your security depends on hiding information, it is inevitable that 
information will leak out and you will be left insecure. That is why, 
for example, all cryptographic techniques are public. So, while I 
believe that there are a few cases associated with offensive cyber 
security that need to be classified, virtually nothing else does--and 
in fact classifying it will ultimately lead to less security.
    In short, more funding would be helpful, but stable funding and an 
open approach to security research are essential to bringing more 
academic researchers into this field.

Q2.  In your written testimony you mentioned that a significant portion 
of the NSF's computer science directorate's budget goes to fund 
cyberinfrastructure, which largely supports research in fields other 
than computer science. This means that less funding is available for 
research in computer science.

     Do you think this organizational arrangement at NSF for the 
support of cyberinfrastructure makes sense, or should the 
cyberinfrastructure be managed in a separate office and funded through 
a dedicated appropriations category?

A2. In the spirit of full disclosure I should first note that from 
1988-1991 I was the Assistant Director of NSF responsible for what is 
now called the cyberinfrastructure, and I have wrestled with this 
question off-and-on for 17 years.
    I want to be clear that the fact that cyberinfrastructure in housed 
in the Computer and Information Science and Engineering (CISE) 
Directorate causes some confusion, but in fact has worked quite well. 
The confusion results from a simplistic look at the NSF budget that 
leads some outside CS to assume that computer science is funded much 
better than it actually is. A similarly simplistic look at the CISE 
budget by some computer scientists leads them to assume that a lot of 
``their money'' is being spent on cyberinfrastructure. In truth, the 
support of cyberinfrastructure is strongly in the national interest, 
and if its management were moved out of CISE, so would the resources to 
support it; that money would not become available for CS. To repeat, 
the problem is one of confusion arising from simplistic analyses; it is 
not a real problem of reduced funding of CS because of the 
infrastructure.
    At least when I ran CISE, I tolerated this confusion because I 
believed (and still believe) that both the users of the infrastructure 
and computer science research benefited from the close and coordinated 
management of a research program on the infrastructure and its use. For 
example, we quickly learned that users of supercomputers needed to be 
able to visualize the results of their computations, which spawned a 
very fruitful program of research in computer graphics with wide 
application but that specifically was of great benefit to the 
supercomputer users. Thus my first preference would be to maintain the 
current arrangement, but it would not be a disaster to move the 
management of the cyberinfrastructure to a separate office--however, if 
that were done, I would think very carefully about how to maintain that 
close relationship of its use and further research on it. What we now 
call cyberinfrastructure has evolved very rapidly in part because of 
that relationship.

Question submitted by Representative Sheila Jackson Lee

Q1.  While I am unsatisfied by the status of computer science research 
being conducted at the federal level, I am also disturbed by the lack 
of female and minority representation in the field of computer science. 
The statistics show that women and minorities are not being 
proportionally represented in academia when it comes to computer 
science. In 2003, women represented barely 20 percent of the doctoral 
degrees granted. The same statistics show that in 2003 the White male 
population made up about 70 percent of the doctoral degrees to U.S. 
citizens and permanent residents. At the same time, Asian/Pacific 
Islanders made up about 20 percent of the doctoral degrees granted, but 
black, Hispanics and American Indian/Native Alaskans made up less than 
five percent of the doctoral degrees granted. These statistics are 
discouraging and show that we are not reaching out to our entire 
population. Indeed, the problem starts in the classroom, where many 
under-privileged youth do not have this background at an early age, its 
not surprising that they don't pursue the field in higher education and 
later in life. What are we doing to reach women, minorities and the 
under-privileged in our society?

A1. I share Representative Jackson Lee's concern. Indeed it is perhaps 
even worse than she indicates. Taking engineering as a whole, not just 
computer science (which, incidentally does a bit better than the rest 
of the physical sciences and engineering, but much worse than the life 
sciences), for thirty years we made steady progress on the 
representation of women and minorities as a fraction of the graduating 
class. One might argue that the progress should have been faster--but 
at least there was steady progress. But then something happened in the 
early 90's and the proportion has been essentially flat since, and no 
one has been able to satisfactorily explain what happened.
    I have attached (Attachment 1) an analysis by a joint committee of 
the Association for Computing Machinery (ACM), the Institute for 
Electrical and Electronic Engineers (IEEE), and the Computing Research 
Association (CRA)--the ACM and IEEE are the two principal professional 
societies in computer science, and the CRA is an organization of the CS 
departments and research laboratories. Although this list isn't 
complete (it doesn't mention the Academy of Engineering program on 
diversity, the Anita Borg Institute for Women and Technology, or 
MentorNet, just to mention three that I am involved in), I think it 
does demonstrate that the computer science community broadly shares 
your concerns and is trying to do something about them.

Attachment 1

     Information on Coalition to Diversify Computing (CDC) efforts

          A joint organization of the ACM, CRA and IEEE-CS\1\
---------------------------------------------------------------------------
    \1\ http://www.cdc-computing.org
---------------------------------------------------------------------------
  Patricia Teller, Chair,\2\ Valerie E. Taylor, Chair-Elect,\3\ J.S. 
                    Hurley, Immediate Past-Chair\4\
---------------------------------------------------------------------------
    \2\ [email protected]
    \3\ [email protected]
    \4\ [email protected]
---------------------------------------------------------------------------
    Major progress in computing technologies over the last decade has 
been accompanied by vast improvements in computing middleware, hardware 
and networking. An unexpected consequence of these advancements has 
been a shortage of a highly trained workforce of scientists and 
engineers capable of understanding and implementing the resources. The 
Coalition to Diversify Computing (CDC) seeks to address the shortfall 
through the development of a diverse community of professionals that 
can effectively meet the computing demands of an evolving society. CDC 
projects target students and faculty with the expressed intent of 
increasing the number of minorities successfully transitioning into 
computing-based careers in academia, federal labs and industry. 
Additional projects seek to increase the available pool of faculty 
members through partnerships and mentoring. Current emphasis is placed 
on the following three areas: (1) recruitment of minority 
undergraduates to MS/Ph.D. programs, (2) retention of minority graduate 
students enrolled in MS/Ph.D. programs, and (3) transition of minority 
MS/Ph.D. graduates into academia and industry. Current projects 
include:

        1.  Richard Tapia Celebration of Diversity in Computing 
        Conference. Next conference (October 19-22, 2005 in 
        Albuquerque, New Mexico), URL: http://www.ncsa.uiuc.edu/
        Conferences/Tapia2005/

        2.  Distributed Rap Sessions

        3.  CDC Database

        4.  Sending Students/Mentors to Technical Conferences

        5.  Collaborative Research Experiences for Undergraduates 
        (CREU)

        6.  Workshop for Minority Junior Faculty

    The diverse membership of CDC from areas of academia, industry and 
federal laboratories enables a variety of different perspectives and 
approaches to be utilized in achieving the above stated goals. CDC also 
partners with a number of organizations with similar missions to 
leverage resources to optimize outcomes.

CDC Programs

    According to the 2003-2004 Taulbee Survey, in 2004 only 1.1 percent 
of the doctorates in computer engineering and computer science went to 
Hispanics, 1.5 percent went to African-Americans, and none went to 
Native Americans or Alaskan Natives.
    The number in the pipeline is not increasing by much, either. In 
fall 2004, 1.3 percent of enrolled Ph.D. students were Hispanic, 1.8 
percent were African-American, and only 0.2 percent were Native 
American.
    ``Under-representation of our communities in computing is an 
unacceptable loss of talent, creativity, and achievement for the Nation 
and the world and we must all work to change this situation,'' says 
Roscoe C. Giles (Professor, Department of Electrical and Computer 
Engineering, Boston University and team member of the NCSA Alliance 
Steering Committee). Prof. Giles also serves as Executive Director, 
Institute for African-American ECulture.
    CDC focuses its efforts on programs that increase the visibility of 
minorities, and on providing networking opportunities for minority 
researchers, faculty, and students. The CDC, founded in 1996, is a 
program of the Computer Research Association (CRA), the Institute of 
Electrical and Electronic Engineering (IEEE-CS), the Association of 
Computing Machinery (ACM), and The National Computational Science 
Alliance (Alliance), a nationwide partnership of more than 50 academic, 
government and business organizations working together to prototype an 
advanced computational infrastructure for the new century. Started in 
1997, the Alliance is one of two national partnerships funded by the 
National Science Foundation's Partnerships for Advanced Computational 
Infrastructure (PACI) program and receives cost-sharing at partner 
institutions.

Information on CRA's Committee on the Status of Women in Computing 
                    Research (CRA-W) efforts

    As Rep. Lee correctly points out, the problem of different levels 
of access to computer technology begins before college. While this is 
certainly a problem with under-privileged students, there are subtle 
social factors that affect pre-college girls in this regard as well. It 
is certainly the case that not getting computer experience and course 
work in K-12 can affect initial interest in pursuing a computer degree 
in college. Fortunately, skills acquired in high school math and 
science courses--rather than high school programming--are more 
important in preparing for computing research. Women are now taking 
math and science courses in high school (with the exception of physics) 
at almost the same rate as men, so they are not coming into higher 
education totally unprepared to move into computing if their interest 
can be engaged. It is interesting to note that while the proportion of 
B.S. degrees granted to women has been declining since 1985 (NSF data), 
both the number and proportion of graduate degrees (MS and Ph.D.) 
granted to women have generally increased (albeit slowly). One possible 
interpretation for this is that any advantage accrued by males of pre-
college computer experience is more significant at the undergraduate 
level than at the graduate level leading to research careers where 
women are continuing to slowly make gains.
    CRA-W has become a national leader in efforts to increase the 
number and success of women in computing research and innovation. CRA-W 
is an action-based committee, implementing projects aimed at 
eliminating barriers to the full participation of women at all stages 
of the research pipeline beginning at the undergraduate level. It is a 
group of very prominent, dedicated, senior women who volunteer their 
time and energy to design and manage projects and to secure funding 
needed to sustain those projects. CRA-W programs have had a direct 
impact on over 2,500 women and indirectly influenced thousands of 
others. We run a range of programs with the following aims:

        1.  To mentor individuals, by providing research experiences, 
        information, access to role models, and networking 
        opportunities that guide, support, and encourage women in 
        computing,

        2.  To educate and influence organizations on issues, policies, 
        and procedures that promote the full participation of women in 
        computing, and

        3.  To build a community for women researchers that provides 
        visibility for their accomplishments and reduces isolation.

    CRA-W has recently been recognized for our past efforts. In 2003, 
CRA-W was awarded the Presidential Award for Excellence in Science, 
Mathematics and Engineering Mentoring for ``significant achievements in 
mentoring women across educational levels,'' and this year, it was 
awarded the National Science Board's Public Service Award.

Programs for Undergraduates

    CRA-W programs that are aimed at undergraduate women are designed 
to show them what a career in computing research can offer (and how 
research is qualitatively different from stereotypical IT programming 
jobs). The programs tend to focus on one-on-one research-oriented 
mentoring to encourage women to go on to graduate school in computer 
science and engineering.

  Distributed Mentoring Project (DMP): Since 1994, the DMP has 
matched outstanding female undergraduates with female faculty mentors 
for a summer of research at the mentor's research university. Students 
participate in a research project, observe graduate life, and benefit 
from a close mentoring relationship with their advisors. They also gain 
the prior research experience and personal recommendation letters that 
are increasingly important factors in graduate admission decisions. DMP 
students receive support for transportation to the host university, a 
weekly stipend for the 10-week project, and funding to attend a 
conference with their mentor to present their work. The two evaluations 
of the DMP by the Learning through Evaluation, Adaptation, and 
Dissemination (LEAD) Center at the University of Wisconsin show that 
the program has been very effective: 52 percent of DMP participants who 
had graduated by 2001 had gone on to graduate school. When asked what 
was most influential in that decision, students ranked their DMP 
experiences second--before career goals, technical interests, advisor/
mentor at home institution, and influence of family members--only 
success in undergraduate CS&E courses ranked higher. When this success 
rate was compared with a comparable population of high-achieving 
computer science women undergraduates (with GPA's above 3.5), it was 
found that only 2.5 percent attended graduate school. 55 percent of the 
participants were students from four-year colleges and universities who 
had no other exposure to graduate level research.

  Collaborative Research Experiences for Undergraduates (CREU): 
Started in 1998, the primary goal of this program, like DMP, is to 
provide undergraduates with research experiences that will increase 
their likelihood of continuing on to graduate school. Originally, the 
program focused on women, but in 2004 CRA-W formed an alliance with the 
Coalition to Diversify Computing and expanded the program to include 
all under-represented groups. The students, all of whom are CS&E 
majors, work on research projects in collaborative teams of two or 
three students at their home institution under the guidance of a 
faculty member during the academic year. Students are selected on a 
competitive basis from proposals written jointly with their mentor. 
CREU provides a collaborative experience to help combat the stereotype 
of computer scientists as lone hackers toiling away in sterile 
cubicles, to increase students' team building skills, and to decrease 
any sense of isolation they may feel in their male-dominated classes. 
The CREU program has grown from 19 women students in 1998 to 65 
students in 2004, with six students on minority-based teams. Initial 
findings from an evaluation study of the CREU program done by the LEAD 
Center for 1998-2001, conclude that the program has served as a vehicle 
that promoted skills building, knowledge building, mentoring 
relationships, role modeling, and enhanced student career aspirations. 
The program appears to be successful in encouraging students to 
continue on to graduate school and the students themselves are 
enthusiastic about their experiences. Preliminary results found that 32 
percent of the participants responding were in graduate school. 21 
percent had plans to pursue a Ph.D. and 11 percent were receiving an MS 
degree. Another 32 percent were employed but still had plans to 
eventually return to graduate school in CS&E.
     Plans for the future include introducing a multi-disciplinary 
CREU-like program that will involve students and mentors from both 
computing and scientific disciplines that rely on computing in a 
collaborative project. This will expose women scientists in other 
fields to computing research.

  Distinguished Lecture Series (DLS): The DLS aims to increase 
the number of women undergraduates who successfully apply to graduate 
school in CS&E and to increase the visibility of distinguished women 
researchers from academia and industrial research labs. Selected sites 
host an event typically consisting of a lunch with the visitors for 
women faculty and students, a technical talk by the distinguished 
lecturer, and a panel discussion with women representing both academic 
and industrial career paths. The panels also include current women 
graduate students who give a ``view from the trenches.'' Even at 
research universities, undergraduates have so many misconceptions about 
graduate school and the career choices open to those with advanced 
degrees that the information provided by these panels can be 
invaluable.

Programs for Graduate Students

    With small numbers of women entering graduate school, it is 
important to ensure their success at navigating the challenges they 
will face. CRA-W programs for graduate students aim to improve their 
graduate school experience and increase the chances for successful 
completion of their graduate degrees.

  Graduate Student Cohort Project: The Cohort Project aims to 
build a community of female students from across the country as they 
enter graduate school. The program begins with a two-day mentoring 
workshop for all participants. At the workshop, a number of prominent 
senior women serve as role models, give practical advice and 
information, and provide personal insights on the challenges and 
rewards of their careers. As envisioned, established cohorts will 
return to the mentoring workshop at regular intervals to get advice on 
the later stages of graduate school and to provide peer mentoring to 
the newer cohorts. The Cohort Project provides increased access to 
information, a range of role models, networking skills and 
opportunities, and peer support among students at the same stage of 
their graduate careers. This relatively new project held its first 
workshop in February 2004 for 100 first-year graduate students, and 
held the second workshop in March 2005 for 288 first- and second-year 
graduate students. Informal feedback from participants was extremely 
positive. The design of the graduate cohort project allows long-term 
tracking of cohort members throughout their graduate careers and this 
kind of evaluation study is in progress. Microsoft funded the 2004 
workshop for first group. Microsoft and Google jointly funded the 2005 
workshop.

  Best Practices Report on Retaining and Recruiting Women in 
CS&E Graduate Programs: In 2000, CRA-W ran an NSF-sponsored workshop on 
recruiting and retaining women in CS&E graduate programs. Participants 
included long-time members of the CS&E academic and research 
communities, social scientists engaged in relevant research, and 
directors of successful retention efforts. Their findings were reported 
in the Best Practices Report, which aimed to provide practical advice 
to faculty, departments, and university administrations. It included 
recommendations in four categories: increasing the number of women 
enrolling in specific departments; increasing the number of women in 
CS&E graduate programs nationally; improving student-student and 
student-faculty relations; and fostering a research life. The report 
has been widely distributed. It was an insert in the September 2001 
issue of Computing Research News (circulation 3,500 research faculty), 
reprinted for the 2002 SIGCSE Bulletin Special Issue on Women in 
Computing, and distributed at workshops and conferences. It is also 
available on the web. The report aimed to increase awareness of issues 
affecting the participation of women in CS&E, give well-meaning faculty 
a list of specific things that they can do to change their institution, 
and use the credibility of CRA to get people involved at the 
departmental level.

Programs for Faculty Career Development

    The goal of CRA-W programs aimed at women who have earned their 
Ph.D. degrees and embarked on an academic/research career is to 
continue serving their mentoring needs until they become established 
leaders in their fields and inspiring role models for their women 
students.

  Career Mentoring Workshops: CRA-W has sponsored a series of 
Career Mentoring Workshops for women since 1993. Women often find 
themselves a minority at their workplace, and the CRA-W workshops bring 
them together with women already established in their fields. The 
established professionals provide practical information, advice, and 
mentoring support to their younger colleagues. The workshops have 
speakers and panels on varying topics. Recently, the Mentoring 
Workshops were expanded to include tracks for more established 
academics and to include panelists from industrial and government labs 
in order to raise awareness about alternate career paths and provide 
mentors from outside of academia. Each of the workshops has been held 
in conjunction with a major professional meeting, providing many 
attendees with the opportunity to attend technical talks and make 
contacts in their research areas. CRA-W runs a second version of the 
Mentoring Workshop at the SIGCSE (Special Interest Group in Computer 
Science Education) Conference. That workshop provides information on 
building successful academic careers that focus on undergraduate 
teaching.

  Cohort of Associate to Professors Project (CAPP): Less than 
10 percent of the full professors in CS&E departments are women. Yet, 
they provide the role models and mentors for our students. CRA-W is 
attempting to address the problem by forming and mentoring a cohort of 
women from the associate professor ranks. The cornerstone of the 
project is the involvement of 15 senior women, appointed as CRA-W 
Distinguished Professors, who actively participate as role models, 
mentors, and advisers. The project hopes to accelerate the successful 
promotion of associate professors by providing them with mentoring, 
leadership training, encouragement, and ongoing peer-support 
activities. The first workshop was held in April 2004 and the second 
occurred in June 2005.

                   Answers to Post-Hearing Questions

Responses by F. Thomson Leighton, Chief Scientist and Co-founder, 
        Akamai Technologies

Questions submitted by Chairman Sherwood L. Boehlert

Q1.  What kind of computer science research isn't DARPA supporting that 
you think it should? Is it just a matter of more funding or are there 
programs that are of a lower priority that should be cut?

A1. I am most concerned by DARPA's reduction of support for university-
led research in computer science. This is not a problem limited to a 
particular research area within the discipline per se. Rather, it is a 
trend across the spectrum of computer science. While there may be 
examples of areas, such as the cognitive computing effort mentioned 
during the hearing, where DARPA is still funding basic research in 
computer science, university funding has been greatly reduced or 
eliminated in many important areas.
    The Defense Science Board noted this trend in February 2005 in 
their examination of DOD's efforts to maintain an adequate supply of 
High Performance Microprocessors (incidentally, an area in which DSB 
concluded DOD--primarily DARPA--was ``no longer seriously involved in. 
. .research to enable the embedded processing proficiency on which its 
strategic advantage depends''). The DSB recognized the crucial payoff 
gained by DOD--and ultimately the Nation--from DARPA's prior 
significant involvement in university-led IT R&D:

         ``From the early 1960's through the 1980's, one tremendously 
        successful aspect of the DOD's funding in the information 
        technology space came from DARPA's unique approach to the 
        funding of Applied Research (6.2 funding), which hybridized 
        university and industry research through a process that 
        envisioned revolutionary new capabilities, identified barriers 
        to their realization, focused the best minds in the field on 
        new approaches to overcome those barriers and fostered rapid 
        commercialization and DOD adoption. The hybridization of 
        university and industry researchers was a crucial element; it 
        kept the best and the brightest in the university sector well 
        informed of defense issues and the university researchers acted 
        as useful `prods' to the defense contractors, making it 
        impossible for them to dismiss revolutionary concepts whose 
        feasibility was demonstrated by university-based 6.2 efforts 
        that produced convincing `proof of concept' prototypes.

         Recently, DARPA has further limited university participation, 
        especially as prime contractors, in its Computer Science 6.2 
        programs, which were by far its most significant investments in 
        university research (vastly outstripping 6.1 funding). These 
        limitations have come in a number of ways, including non-fiscal 
        limitations, such as the classification of work in areas that 
        were previously unclassified, precluding university submission 
        as prime contractors on certain solicitations, and reducing the 
        periods of performance to 18-24 months.''

    For FY 2005, DARPA reported to the National Coordination Office for 
IT Research and Development that it planned to make no investment in 
the High Confidence Software and Systems research area. This area 
includes several important topics, such as cyber security R&D.
    As Director Tether's testimony before the Committee indicated, 
DARPA is funding classified research efforts in the cyber security 
space. Because the work is classified, however, the amount and nature 
of the work can't be shown in the NCO's budget supplement. More 
importantly, the university research community is largely unable to 
participate in the research, and constraints on the dissemination of 
the results of the work limit the community's ability to drive further 
innovation based on it.
    In its March 2005 review of federal cyber security R&D, the 
President's Information Technology Advisory Committee (PITAC) noted 
that this trend stands to disadvantage both the civilian and military 
sectors. As an example, PITAC cited the potential impact of the 
increased use of classification on DOD's planned Global Information 
Grid (GIG)--a multi-layered network to link weapons, intelligence, and 
military personnel for ``network enhanced'' warfare:

         ``The Defense Department intends the most sensitive portions 
        of the GIG to be self-contained, reducing the military's 
        potential exposure to the insecurities associated with the 
        public IT infrastructure. However, some less sensitive portions 
        of the GIG are expected to connect to the Internet, at least 
        part of the time. Vulnerabilities are introduced whenever 
        highly sensitive defense networks and civilian networks 
        intersect, giving both communities a significant stake in 
        cooperating to improve the security of the civilian IT 
        infrastructure. Also, economic realities dictate that today's 
        military networks and tomorrow's GIG use civilian commercial 
        hardware and software, exposing those networks to the security 
        vulnerabilities of such products. Thus, the success of the GIG 
        as a secure IT infrastructure of the future--and the near-term 
        success of today's military networks--depends in part on 
        improvements in the security of the civilian IT infrastructure. 
        Yet because the civilian R&D community has access only to the 
        results of unclassified research, reduced support for this 
        community will have a harmful impact on its ability to generate 
        the fundamental discoveries upon which future generations of 
        security products and practices will be based.''

    PITAC identified 10 specific priority areas, listed below, in 
computer science of ``paramount importance'' to securing the national 
IT infrastructure. DARPA's support for unclassified research in these 
areas would likely prove enormously beneficial to DOD and the Nation:

         1.  Authentication Technologies

         2.  Secure Fundamental Protocols

         3.  Secure Software Engineering and Software Assurance

         4.  Holistic System Security

         5.  Monitoring and Detection

         6.  Mitigation and Recovery Methodologies

         7.  Cyber Forensics

         8.  Modeling and Testbeds for New Technologies

         9.  Metrics, Benchmarks and Best Practices

        10.  Research into Human and Organizational Aspects of IT 
        Infrastructures.

    There are other areas in which DARPA's efforts are under supported 
(or absent completely). DARPA's unclassified efforts in Software Design 
and Productivity, for example, have also been discontinued, according 
to the FY 2005 plan and FY 2006 request. Low power computation models, 
improved mesh & grid computing methods, easy-to-learn and use HCI, 
fault tolerance and replication for portable computing, and federated 
database management and integration, are all example areas of computing 
research where advances could help the warfighter, as well as the 
civilian population, homeland defense and the economy.
    DARPA's mission is to support the warfighter and DOD future needs. 
DARPA research has, in the past, often met those needs by ``pushing the 
envelope'' such that advances were adopted in the civilian sphere, thus 
making them available in quantity, and at lower cost, to the military 
as ``commodity'' computing items. By not pursuing research in this 
realm, or by classifying it, the commoditization and the synergy 
produced by mixing both university and industrial talent, are missing.
    But as the DSB report alluded, DARPA's key role in promoting 
innovation in IT--innovation that has honed America's war fighting 
capability, fueled the new economy, and revolutionized health care and 
the conduct of the sciences--wasn't just its support for particular 
research areas. It was its unique approach (and commitment) to 
developing communities of researchers in both industry and academia 
focused on problems in computer science. DARPA continues to maintain a 
focus on some of those important problems, but its growing failure to 
support the university elements of that community is altering the 
innovation ecosystem in an increasingly negative way. And worse yet, no 
other mission agency has yet picked up the mantle, leaving NSF to bear 
the bulk of support for university-led fundamental computer science 
research.
    In summary, I do not believe that the problem necessarily results 
from a lack of money, but rather from a change in prioritization. 
Whereas overall funding for computer science has increased over the 
last several years at DARPA, DARPA funding for basic research at 
universities in computer science has dropped significantly.

Q2.  At the hearing, Dr. Tether mentioned several times his agency's 
work on cognitive computing as an example of long-range research 
underway at DARPA. Is that the kind of long-range computer science 
research that you believe DARPA should be doing? Why or why not?

A2. I am not directly familiar with DARPA's program in cognitive 
computing, but I do believe that research in this area is worthwhile. 
However, it is only one area of computer science and will not address 
many needs of the warfighter and the Nation. For example, research in 
this area will probably not be relevant to the area of cyber security.

Q3.  What criteria should we be using to determine if federal support 
for fundamental research in computer science in general and cyber 
security in particular is adequate?

A3. ``How much should we spend?'' is always a difficult question when 
it comes to funding basic research. The reason is that the benefit 
derived from the research generally is not realized until many years 
later. And, basic research is a high-risk endeavor. Not every idea pans 
out. Indeed, fundamental research, by its very nature, should be 
expected to have many failures. Risk-averse research simply does not 
lead to fundamentally new ways of thinking or to breakthroughs in the 
most important problems.
    That said, there are measures that one can use to determine if the 
levels of funding are inadequate. First, the success rates of qualified 
grant proposals can be examined and compared across disciplines. As was 
noted in prior testimony, the success rate of qualified proposals in 
computer science at NSF lags far behind the NSF-wide average. The 
success rate in the area of cyber security is even smaller, a factor of 
three smaller than the NSF-wide average. These statistics indicate that 
there is good research that is going unfunded in computer science and 
that the lack of funding in computer science is out of proportion with 
other disciplines.
    Second, one can look at the historical return on investment for 
research expenditures in a particular field. As was noted in prior 
testimony, the return on investment for academic computer science 
research over the last several decades has been extraordinary. Not only 
has the research led to the creation of numerous billion-dollar 
industries, but it has led, in part, to our nation's preeminence in 
technology as a whole. If history is any guide, we should be spending 
far greater sums on fundamental research in computer science than we do 
today.
    Third, one can turn to experts for advice. PITAC was one such body 
of experts in information technology and they have made it very clear 
that our under-investment in basic cyber security research poses a 
significant threat to our national well being. PITAC had planned to 
study the adequacy of our overall investment in IT R&D but their term 
has expired and no renewals have been announced.

Questions submitted by Representative Bart Gordon

Q1.  What efforts are now being made and what mechanisms exist to 
transition the results of federally funded cyber security research to 
commercial products and methods, and do you have recommendations for 
additional federal efforts in this area?

A1. As was noted in the PITAC report ``Cyber Security: A Crisis of 
Prioritization,'' ``current cyber security technology transfer efforts 
are not adequate to successfully transition federal research 
investments into civilian sector best practices and products.''
    PITAC recommended that ``the Federal Government should strengthen 
its cyber security technology transfer partnership with the private 
sector. Specifically, the Federal Government should place greater 
emphasis on the development of metrics, models, data sets, and testbeds 
so that new products and best practices can be evaluated; jointly 
sponsor with the private sector an annual interagency conference at 
which new cyber security R&D results are showcased; fund technology 
transfer efforts (in cooperation with industry) by researchers who have 
developed promising ideas or technologies; and encourage federally 
supported graduate students and postdoctoral researchers to gain 
experience in industry as researchers, interns, or consultants.''
    In its discussion, PITAC noted that ``technology transfer enables 
the results of federally supported R&D to be incorporated into products 
that are available for general use. There has been a long and 
successful history of federally funded IT R&D being transferred into 
products and best practices that are widely adopted in the private 
sector.''
    ``The diffusion of federally supported IT R&D into products and 
practices benefits both consumers and developers:

          Consumers have benefited from faster hardware, faster 
        networks, better software that is easier to use, and more 
        frequent time- and labor-saving upgrades.

          IT research often results in new ideas and prototypes 
        that can be rapidly developed into new or improved commercial 
        products. The developers of such innovations are free to carry 
        their innovative ideas into the marketplace, benefiting all 
        consumers.''

    ``Unlike other IT products, cyber security's benefits are measured 
by the absence of problems in IT systems. Because the market for these 
benefits has historically been small, interest is limited among both 
start-ups and large companies.''
    PITAC believes that, ``given the value and difficulty of technology 
transfer, the Federal Government should support programs to transform 
existing and future cyber security research results into commercial 
products or operational best practices. Specifically, the Federal 
Government should:

          Strengthen the development of metrics, models, data 
        sets, and testbeds so that new products and best practices can 
        be evaluated.

          Jointly sponsor with the private sector an annual 
        interagency conference at which new cyber security R&D results, 
        especially those conducted or sponsored by the Federal 
        Government, are showcased.

          Require grant proposals to describe the potential 
        practical utility of their research results and have the 
        coordinating body identified in Recommendation 4 of the PITAC 
        report collect and publish these descriptions. (While 
        fundamental research is usually undertaken without any direct 
        transition path envisioned, cyber security research is often 
        undertaken in the context of recognized problems, and 
        documenting logical connections with real world problems is 
        worthwhile.)

          Establish a fund to support technology transfer 
        efforts by researchers who have developed promising ideas or 
        technologies. This fund could also help researchers cooperate 
        with industry to bring products or enhancements rapidly to 
        market.

          Establish and maintain a national database of results 
        from federally funded cyber security research, allowing vendors 
        to identify ideas that can be incorporated into commercial 
        products.

          Encourage federally supported graduate students and 
        postdoctoral researchers to gain experience in industry as 
        researchers, interns, or consultants.

          Encourage agency investment in technology transfer of 
        cyber security R&D results through the Small Business 
        Innovation Research (SBIR) and Small Business Technology 
        Transfer (SBTT) programs of the Federal Government.

    ``The Federal Government and the private sector, by working 
together, can effectively and efficiently transfer federally funded 
cyber security research results into commercial products and build an 
innovative cyber security workforce, and by doing so can help our 
society realize the potential benefits of this research.''

Q2.  The President's Information Technology Advisory Committee report 
on cyber security finds that the academic research community in cyber 
security research is below critical mass.

Q2a.  To what extent would this be corrected simply by increasing the 
amount of research funding available?

Q2b.  Are there other impediments to bringing more researchers to this 
field aside from the availability of research funding?

A2a,b. As PITAC notes in its report, increasing the level of funding 
for basic research in cyber security is required to increase the size 
of the academic research community in cyber security. But it is not 
sufficient. The long-term stability of the funding is also important, 
and it is critical that the university research not be classified.
    I do not mean to imply that all cyber security research should be 
unclassified. Indeed, classified research in the area of cyber security 
is certainly a worthwhile endeavor. However, if most or all research in 
cyber security is classified, then university researchers (with whom 
much of our nation's networking and computer science expertise resides) 
will not be able to contribute to the discovery of the breakthroughs 
that are so badly needed in this area. Moreover, the technology 
transfer needed to convert breakthroughs into products and best 
practices will also be seriously impeded.

Questions submitted by Representative Sheila Jackson Lee

Q1.  While I am unsatisfied by the status of computer science research 
being conducted on the federal level, I am also disturbed by the lack 
of female and minority representation in the field of computer science. 
The statistics show that women and minorities are not being 
proportionally represented in academia when it comes to computer 
science. In 2003, women represented barely over 20 percent of the 
computer science doctoral degrees granted. The same statistics show 
that in 2003, the White population made up about 70 percent of the 
doctoral degrees granted to U.S. citizens and permanent residents. At 
the same time, Asian/Pacific Islanders made up about 20 percent of the 
doctoral degrees granted, but Blacks, Hispanics, and American Indian/
Native Alaskans made up less than five percent of the doctoral degrees 
granted. These statistics are very discouraging and show that we are 
not reaching out to our entire population. Indeed, the problem starts 
in the classroom, where many under-privileged youth do not have nearly 
the same access to computers and the Internet. If they don't have this 
background at an early age, its not surprising that they don't pursue 
the field in higher education and later in life. What are we doing to 
reach women, minorities, and the under-privileged in our society?

A1. Although I am painfully aware of lack of female and minority 
representation in the field of computer science (as well as related 
fields such as mathematics), I do not have sufficient expertise to 
provide a good answer to this question.
    I do know that National Science Foundation's CISE Directorate is 
continually experimenting with innovative programs to improve this 
situation, including the new `Broadening Participation in Computing' 
program (http://www.nsf.gov/pubs/2005/nsf05562/nsf05562.htm). Ensuring 
continued and increased funding for this program and others like it is 
important.
    In addition, two years ago, computer scientists established the 
National Center for Women in Technology (http://www.ncwit.org) to 
coordinate a number of national efforts aimed at increasing the 
participation of women and minorities in the field.

Q2.  Your committee's report on cyber security recommends an increase 
to NSF's budget for cyber security research to $90 million per year and 
``substantial'' increases in civilian cyber security R&D at DARPA and 
the Department of Homeland Security.

Q2a.  Why is there a recommendation for a specific increase for NSF, 
but not for the other agencies?

Q2b.  Did your committee consider the need for funding increases at 
NIST or other federal agencies?

A2a,b. NSF is the only agency for which we had enough credible data on 
research funding in order to make a specific recommendation for funding 
levels. That said, a comparable amount of funding for basic non-
classified research at DARPA and DHS would certainly be in the Nation's 
interest. As was noted in prior testimony, DARPA has shifted a 
significant amount of funding away from universities in cyber security 
in favor of more directed and/or classified work, and DHS (which is 
tasked with the Nation's cyber security) spends only a tiny fraction of 
its large S&T budget on cyber security. The failure of the Department 
of Homeland Security to invest significantly in cyber security R&D was 
of particular concern to PITAC. DHS has an overall Science & Technology 
budget of roughly $1.3 billion dollars, of which $18 million dollars is 
devoted to cyber security. For FY06, the DHS budget decreases this 
amount to $17 million. Of these amounts, less than $2M is devoted to 
basic research.
    NIST, NIJ, DHS, DOE and other agencies should all re-examine the 
role they play in cyber security research. It is probably in the 
Nation's interest to increase funding at each of these agencies. 
However, without better data, a clear understanding of how the money 
would be spent at those agencies, and some kind of national strategy, 
the committee was unable to formulate specific recommendations--
especially at a time when there are such large federal deficits.

                              Appendix 2:

                              ----------                              


                   Additional Material for the Record

          Joint Statement of the Computing Research Community

    Thank you, Chairman Boehlert and Ranking Member Gordon, for 
convening this hearing and for your committee's continued support of 
information technology research and development. The American Society 
for Information Science and Technology (ASIS&T), Coalition for Academic 
Scientific Computing (CASC), Computing Research Association (CRA), 
Electrical and Computer Engineering Department Heads Association 
(ECEDHA), Society for Industrial and Applied Mathematics (SIAM), and 
U.S. Public Policy Committee of the Association for Computing Machinery 
(USACM) join in endorsing this testimony because we believe the health 
of the computing research enterprise to be crucial to the Nation's 
future economic competitiveness, our national defense and homeland 
security, the health of our citizens, and further discovery in the 
sciences.
    The United States, in both the public and private sectors, has done 
a remarkable job in forging a leadership role in information 
technology, due in large part to a healthy fundamental computing 
research enterprise. That leadership role has paid great dividends to 
the country and the world. However, we are concerned that the U.S. is 
in danger of ceding leadership if current trends continue. Fortunately, 
the U.S. remains in good position to reverse those trends if we act 
soon.
    Our testimony examines how the U.S. came to assume its dominant 
position in IT and the benefits that role conveys to the Nation. We 
also examine why the changing landscape for federal support of 
computing research imperils U.S. leadership in IT, and in turn, U.S. 
economic performance in the coming decades. Finally, we outline what we 
believe should be done to shore up that leadership.
    We commend the Committee for its interest in this topic and hope 
this ``view from the community'' provides you a valuable perspective on 
the critical importance of IT on national prosperity, and how changes 
to the federal research portfolio impact the IT sector.

The Impact of New Technologies

    The importance of computing research and computational science in 
enabling the new economy is well documented. The resulting advances in 
information technology have led to significant improvements in product 
design, development and distribution for American industry, provided 
instant communications for people worldwide, and enabled new scientific 
disciplines such as bioinformatics and nanotechnology that show great 
promise in improving a whole range of health, security, and 
communications technologies. Federal Reserve Board Chairman Alan 
Greenspan has said that the growing use of information technology has 
been the distinguishing feature of this ``pivotal period in American 
economic history.'' Recent analysis suggests that the remarkable growth 
the U.S. experienced between 1995 and 2000 was spurred by an increase 
in productivity enabled almost completely by factors related to IT. 
``IT drove the U.S. productivity revival [from 1995-2000],'' according 
to Harvard economist Dale Jorgenson.
    Information technology has also changed the conduct of research. 
Innovations in computing technologies are enabling scientific discovery 
across every scientific discipline--from mapping the human brain to 
modeling climatic change. Researchers, faced with research problems 
that are ever more complex and interdisciplinary in nature, are using 
IT to collaborate across the globe, simulate experiments, visualize 
large and complex data sets, and collect and manage massive amounts of 
data.

The Information Technology Ecosystem that Gives Birth to New 
                    Technologies

    A significant reason for this dramatic advance in IT and the 
subsequent increase in innovation and productivity is the 
``extraordinarily productive interplay of federally funded university 
research, federally and privately funded industrial research, and 
entrepreneurial companies founded and staffed by people who moved back 
and forth between universities and industry,'' according to a 1995 
report by the National Research Council. That report, and a subsequent 
1999 report by the President's Information Technology Advisory 
Committee (PITAC), emphasized the ``spectacular'' return on the federal 
investment in long-term IT research and development.
    The 1995 NRC report, Evolving the High Performance Computing and 
Communications Initiative to Support the Nation's Information 
Infrastructure, included a compelling graphic illustrating this 
spectacular return. The graphic was updated in 2002 and is included 
with this testimony. (See Figure 1.)
    It is worth a moment to consider the graphic. The graphic charts 
the development of technologies from their origins in industrial and 
federally-supported university R&D, to the introduction of the first 
commercial products, through the creation of billion-dollar industries 
and markets. The original 1995 report identified nine of these multi-
billion-dollar IT industries (the categories on the left side of the 
graphic). Seven years later, the number of examples had grown to 19--
multi-billion-dollar industries that are transforming our lives and 
driving our economy.
    The graphic also illustrates the dynamic interplay between 
federally-supported university-based research and industrial R&D 
efforts. In some cases, such as reduced instruction set computing 
(RISC) processors (a chip architecture that forms the basis for 
processors used by Sun, IBM, HP, and Apple, and has significantly 
influenced all microprocessor design) and RAID disk servers 
(``redundant arrays of inexpensive disks''), the initial ideas came 
from industry, but government-supported university research was 
necessary to advance the technology. In other cases, such as 
timesharing, graphical user interfaces, and the Internet, the ideas 
originated in the universities long before they matured to a point 
where subsequent research by industry helped move the technologies 
towards commercialization. In each example, the industry/university 
research relationship has been complementary. University research, 
focused as it is on fundamental questions and long-term problems, does 
not supplant industry research and development. And industry, which 
contributed $190 billion in 2002 (down from $198 billion in 2001) in 
overall R&D geared primarily towards short-term development, does not 
supplant university research.
    This is an important point that bears some development. The great 
majority of industry-based research and development is of a 
fundamentally different character than university-based research. 
Industry-based research and development is, by necessity, much shorter 
term than the fundamental research performed in universities. It tends 
to be focused on product and process development, areas which will have 
more immediate impact on business profitability. Industry generally 
avoids long-term research because it entails risk in a couple of 
unappealing ways. First, it is hard to predict the outcome of 
fundamental research. The value of the research may surface in 
unanticipated areas. Second, fundamental research, because it is 
published openly, provides broad value to all players in the 
marketplace. It is difficult for any one company to ``protect'' the 
fundamental knowledge gleaned from long-term research and capitalize on 
it without all players in the marketplace having a chance to 
incorporate the new knowledge into their thinking.
    Those companies that do make significant fundamental research 
investments tend to be the largest companies in the sector. Their 
dominant position in the market ensures that they benefit from any 
market-wide improvement in technology basic research might bring. But, 
even with that advantage, the investment of companies like Microsoft 
and Intel in fundamental research remains a small percentage of their 
overall IT R&D investment (in Microsoft's case, it's estimated at 
around five percent of the company's R&D budget), and many companies of 
equivalent size (Oracle, Dell, Cisco) don't invest in long-term R&D at 
all.
    The chart also illustrates one other important characteristic of 
the IT R&D ecosystem--it is very interdependent. Note that the arrows 
that show the flow of people and ideas move not only between industry, 
university and commercial sectors, but between subfields as well, 
sometimes in unanticipated ways. Developments in Internet-working 
technologies led to the development of the Internet and World Wide Web 
(and the rise of Yahoo and Google), but also to developments in Local 
Area Networking and Workstations. Work on timesharing and client and 
server computing in the 1960s led to the development of e-mail and 
instant messaging. In addition, this interdependence increasingly 
includes subfields beyond traditional IT, helping enable whole new 
disciplines like bioinformatics, opto-electronics, and nanotechnology.
    Perhaps the most noteworthy aspect of the graphic is its 
illustration of the long incubation period for these technologies 
between the time they were conceived and first researched to the time 
they arrived in the market as commercial products. In nearly every 
case, that lag time is measured in decades. This is the clearest 
illustration of the results of a sustained, robust commitment to long-
term, fundamental research. The innovation that creates the 
technologies that drive the new economy today is the fruit of 
investments the federal government made in basic research 10, 15, 30 
years ago. Essentially every aspect of information technology upon 
which we rely today--the Internet, web browsers, public key 
cryptography for secure credit card transactions, parallel database 
systems, high-performance computer graphics, portable communications 
such as cell phones, broadband last mile. . .essentially every billion-
dollar sub-market--is a product of this commitment, and bears the stamp 
of federally-supported research.
    One important aspect of federally-supported university research 
that is only hinted at in the flow of arrows on this complex graphic is 
that it produces people--researchers and practitioners--as well as 
ideas. This is especially important given the current outlook for IT 
jobs in the coming decade. Despite current concerns about offshoring 
and the end of the IT boom times, the U.S. Bureau of Labor Statistics 
this year released projections that continue to show a huge projected 
shortfall in IT workers over the next 10 years. As Figure 2 
illustrates, the vast majority of the entire projected workforce 
shortfall in all of science and engineering is in information 
technology. These are jobs that require a Bachelor's level education or 
greater. In addition to people, university research also produces 
tangible products, such as free software and programming tools, which 
are heavily relied upon in the commercial and defense sectors. 
Continued support of university research is therefore crucially 
important in keeping the fires of innovation lit here in the U.S.
    But the impact of IT research on enabling of innovation resonates 
far beyond just the IT sector. IT has played an essential--many argue 
the essential--role in the economic growth of the U.S. in the past 20 
years. Most of the actual economic value of IT does not come directly 
from fundamental discoveries in electronics, computers, software, 
communications, or algorithms--these are inputs to larger processes of 
product and service innovation, most of which happens in the private 
sector and in competitive markets. Nevertheless, the seeds of this 
economic growth are in the fundamental discoveries, most of which are 
pre-competitive and occur in the Nation's universities and research 
laboratories. The economic growth would not happen without these 
discoveries. Our concern is on the precarious state of research that 
primes the pump of economic growth, and that puts the U.S. in jeopardy.

The Changing Landscape for Computing

    The landscape for computing research funding has changed 
significantly since PITAC began its review of the federal IT R&D effort 
in 1997. Since the early 1960s, the federal agencies arguably most 
responsible for supporting computing research, the development of the 
field and much of the innovation that has resulted are the National 
Science Foundation, the Defense Advanced Research Projects Agency, and 
the Department of Energy. At the time PITAC began its review, NSF and 
DARPA bore a leading and nearly equal share of the overall federal 
investment in IT R&D. In FY 1998, DARPA funding constituted 30 percent 
of federal IT R&D spending, compared to NSF's 27 percent share.
    However, as the overall investment has increased, DARPA's share of 
the research--both as a percentage of the overall effort and in 
absolute dollars--has declined. While NSF's $795 million investment in 
IT R&D in FY 2005 represents 35 percent of overall federal IT R&D (an 
increase in its total share since FY 1998), DARPA's $143 million in FY 
2005 represents just six percent of the overall IT R&D budget, a 
significant decrease in its share since FY 1998.
    We are concerned about DARPA's diminished role in supporting 
computing research and the impact that it will have on the field, 
DARPA's mission, and the Nation as a whole. Central to these concerns 
is the idea that the field--and hence, the Nation--benefited greatly by 
having different approaches to funding computing research represented 
by the NSF model and the DARPA model. While NSF has primarily focused 
on support for individual investigators at a wide range of 
institutions--and support for computing infrastructure at America's 
universities--DARPA's approach has varied over the years. Historically, 
DARPA program managers could fund individual researchers, or even 
``centers of excellence''--typically university research centers--with 
useful and critically important flexibility. DARPA program managers had 
great discretion in funding projects they believed to be promising. In 
this way, DARPA was able to create and nourish communities of 
researchers to focus on problems of particular interest to the agency 
and to the Department of Defense, with great success.
    The combination of the different approaches has proven enormously 
beneficial to the Nation, we argue, and to DARPA's overall mission of 
assuring that the U.S. maintains ``a lead in applying state-of-the-art 
technology for military capabilities and [preventing] technological 
surprise from her adversaries.'' DARPA-supported research in computing 
over a period of over four decades, beginning in the 1960s, has laid 
down the foundations for the modern microprocessor, the Internet, the 
graphical user interface, single-user workstations, and a whole host of 
other innovations that have not only made the U.S. military the lethal 
and effective fighting force it is today, but have driven the new 
economy and enabled a whole range of new scientific disciplines.
    However, through a series of policy changes, including the use of 
``go/no-go'' decisions applied to critical research at 12 to 18 month 
intervals and the increasing classification of research sponsored by 
the agency,\1\ DARPA has shifted much of its focus in IT R&D from 
pushing the leading edge of computing research to ``bridging the gap'' 
between basic research and deployable technologies--in essence relying 
primarily on other agencies such as NSF and Department of Energy's 
Office of Science--to fund the basic research needed to advance the 
field.
---------------------------------------------------------------------------
    \1\ There are, of course, important reasons for classifying federal 
research, especially when it is clear that the research might reveal 
our defense capabilities or vulnerabilities. However, it should also be 
understood that there are real costs--including that the research is 
unavailable for public dissemination and scrutiny, and that many 
university researchers, arguably some of the best minds in the country, 
are no longer able to contribute to the work. In the case of DARPA's 
cyber security research, there is another significant cost to bear as 
well. The military (and the government overall) has a huge dependence 
on our nation's commercial infrastructure, but classifying the research 
in information security means that it is largely unavailable for use in 
protecting this commercial infrastructure.
---------------------------------------------------------------------------
    These changes at DARPA have discouraged university participation in 
research, effectively reducing DARPA ``mindshare''--the percentage of 
people working on DARPA problems--at the Nation's universities. This is 
borne out by a review of DARPA's support for IT R&D at universities. 
While DARPA's overall funding for IT R&D across the agency increased 
from $543 million in FY 2001 to $586 million in FY 2004 (in unadjusted 
dollars), DARPA IT research funding for universities dropped by nearly 
half--from $214 million in FY 2001 to $123 million in FY 2004--
according to numbers the agency provided in response to questions from 
the Senate Armed Services Committee.
    The research community is not alone in noting the potential impact. 
A DOD Defense Science Board Task Force report on High Performance 
Microprocessors in February 2005, noted that DOD--primarily DARPA--``is 
no longer perceived as being seriously involved in--or even taking 
steps to ensure that others are conducting--research to enable the 
embedded processing proficiency on which its strategic advantage 
depends. This withdrawal has created a vacuum where no part of the U.S. 
Government is able to exert leadership, especially with respect to the 
revolutionary component of the research portfolio.'' The report 
continues in a remarkable footnote:

         This development is partly explained by historic 
        circumstances. Since World War II, the DOD has been the primary 
        supporter of research in university Electrical Engineering and 
        Computer Science (EECS) departments, with NSF contributing some 
        funds towards basic research. From the early 1960's through the 
        1980's, one tremendously successful aspect of the DOD's funding 
        in the information technology space came from DARPA's unique 
        approach to the funding of Applied Research (6.2 funding), 
        which hybridized university and industry research through a 
        process that envisioned revolutionary new capabilities, 
        identified barriers to their realization, focused the best 
        minds in the field on new approaches to overcome those barriers 
        and fostered rapid commercialization and DOD adoption. The 
        hybridization of university and industry researchers was a 
        crucial element; it kept the best and the brightest in the 
        university sector well informed of defense issues and the 
        university researchers acted as useful ``prods'' to the defense 
        contractors, making it impossible for them to dismiss 
        revolutionary concepts whose feasibility was demonstrated by 
        university-based 6.2 efforts that produced convincing ``proof 
        of concept'' prototypes. As EECS grew in scale and its scope 
        extended beyond DOD applications, a ``success disaster'' ensued 
        in that EECS essentially ``outgrew'' the ability of the DOD to 
        be its primary source of directional influence, let alone 
        funding. Furthermore, DOD never developed a strategy to deal 
        with this transition. With pressures to fund developments are 
        unique to the Defense (e.g., military aircraft, tanks, 
        artillery, etc.), the DOD withdrew its EECS research 
        leadership. Recently, DARPA has further limited university 
        participation, especially as prime contractors, in its Computer 
        Science 6.2 programs, which were by far its most significant 
        investments in university research (vastly outstripping 6.1 
        funding). These limitations have come in a number of ways, 
        including non-fiscal limitations, such as the classification of 
        work in areas that were previously unclassified, precluding 
        university submission as prime contractors on certain 
        solicitations, and reducing the periods of performance to 18-24 
        months.

         High Performance Microchip Supply, Defense Science Board, 
        February 2005, Appendix D, p. 87-88.

    Unfortunately, the other mission agencies have not yet stepped in 
to fill the gap created by DARPA's withdrawal. As PITAC members Edward 
Lazowska and Dave Patterson noted in a recent Science Magazine 
editorial, the Department of Homeland Security spends less than two 
percent of its Science and Technology budget on cyber security, and 
only a small fraction of that on research. NASA is downsizing 
computational science, and IT research budgets at the Department of 
Energy and the National Institutes of Health are slated for cuts in the 
President's FY 2006 budget. In effect, the national commitment to 
fundamental research in IT has waned. Ironically, this began at about 
the same time the economists began to understand the huge benefit that 
such research provided for economic growth.
    This fact, combined with an overall growth in the number of 
researchers in the field and an increase in the breadth of the 
discipline, has placed a significant burden for funding basic IT R&D on 
NSF. The agency reports that in FY 2004, NSF supported 86 percent of 
federal obligations for basic research in computer science at academic 
institutions--and the agency's Computing and Information Science and 
Engineering directorate (CISE) is beginning to show the strain. In FY 
2004, the funding rate for competitive awards in CISE fell to a decadal 
low of 16 percent, lowest of any directorate at NSF and well below the 
NSF average. Programs in critical areas like information security and 
assurance are experiencing even lower success rates--NSF's CyberTrust 
program reported an 8.2 percent success rate for FY 2004. Other 
fundamental areas, where long-term advances are critical to broad 
research advances, are also suffering neglect. In particular, 
computational science, which was the raison d'etre for the entire 
Federal High-Performance Computing and Communications (HPCC) Program, 
has become an expanding area for all sciences, however, it has been 
without any focal point in the overall Federal HPPC Program (now 
renamed as NITRD). Moreover, even at NSF, support for mathematics and 
computing sciences--which underlie the health of computing research--
has been declining in real terms since FY 2004. Such budget and program 
management decisions, we argue, are harmful to the field and to the 
Nation as a whole.
    To be clear, our concern is not just with the impact of changes at 
a single agency. Rather, our concern is that the total level of 
national investment in fundamental IT research rise to the need that 
our economy requires in an increasingly competitive world.
    As Lazowska and Patterson note: ``At a time when global competitors 
are gaining the capacity and commitment to challenge U.S. high-tech 
leadership, this changed landscape threatens to derail the 
extraordinarily productive interplay of academia, government, and 
industry in IT. Given the importance of IT in enabling the new economy 
and in opening new areas of scientific discovery, we simply cannot 
afford to cede leadership.''

Maintaining Leadership

    The U.S. still has the world's strongest capability in fundamental 
research in IT, and the most experience in how to leverage that 
capability toward economic growth. This is a robust system that can 
take stresses from decreased funding for a short time as we determine 
our strategy. But we run a grave risk in letting the uncertainty about 
funding for fundamental IT research go on too long. The first 
causalities are the brilliant young people, many of them from other 
countries, who come to the U.S. to learn from and contribute to our 
global lead in this area. Already, tightened visa rules and a 
perception of a more hostile environment in the U.S. encumber our 
ability to attract many of these brilliant minds. Without support, they 
will go to Canada, Europe, Australia and other countries that are 
actively courting them. Those other countries know the value the U.S. 
has realized from its system of fundamental research--and want it for 
themselves. Even with their own economic difficulties, those countries 
are increasing their investments in such research.
    The U.S. took a critical step some years ago in doubling the 
Nation's investment in health research, and, at the urging of your 
committee, agreeing to double its investment in other areas of 
research, including IT research. We believe that was the right 
decision. The current delays in that process of doubling are 
understandable, but the costs of delaying too long are very high. We 
taught the rest of the world how to grow from such investment and they 
learned the lesson well.
    That federal investment helps fuel the innovation that insures the 
U.S. remains the world leader in business, that we have the strongest 
possible defense, and that we continue to find ways to live longer, 
healthier lives. To keep the fires of innovation lit, we should 
continue to boost funding levels for fundamental IT R&D. We should 
insure that NSF, DARPA, and the Department of Energy have broad, 
strong, sustained research programs in IT independent of special 
initiatives. And we should work to maintain the special qualities of 
federally-supported university research.




Appendix A

    What others are saying:

    Council on Competitiveness, Innovate America report on the National 
Innovation Initiative, released December, 2004. Available online at: 
http://www.compete.org

         To Out-Compete Is to Out-Compute

         Few areas of technology hold more promise for stimulating 
        innovation and propelling competitiveness than high performance 
        computing. Along with theory and experimentation, modeling and 
        simulation with high performance computers has become the third 
        leg of science and path to competitive advantage. There's now 
        in vivo, in vitro and in silica. A recent survey by the Council 
        on Competitiveness of U.S. chief technology and chief 
        information officers revealed that nearly 100 percent consider 
        high performance computing tools essential to their business 
        survival. And they are realizing a range of strategic 
        competitive benefits from using this technology, such as 
        shortened product development cycles and faster time to market 
        (in some cases more than 50 percent faster), all of which 
        improve a company's bottom line.

         But we are only beginning to reap the potential innovation and 
        competitive benefits that use of this technology promises. With 
        dramatically more powerful systems, companies can extract 
        trillions of dollars in excess cost through business enterprise 
        transformation. We can revolutionize manufacturing through 
        advanced modeling and simulation of the entire process from raw 
        resource to finished product. We can dramatically accelerate 
        the drug discovery process, and substantially increase oil 
        recovery rates by modeling entire oil fields. By shrinking 
        ``time to insight'' and ``time to solution'' through the use of 
        high performance computing, companies in virtually every sector 
        will be able to accelerate the innovative process in ways 
        simply not seen in the past, resulting in new capabilities and 
        revolutionary products and services that capture and cement 
        global market share. As Robert Bishop, CEO of Silicon Graphics, 
        notes, ``In the 21st century, to out-compete is to out-
        compute.'' [Page 47]

         Because of the IT revolution--especially in software--a major 
        component of manufacturing is service-based. As the U.S. 
        Congress Office of Technology Assessment noted: ``Software is. 
        . .a marriage of manufacture and service, since it has the 
        character of both a good (it can be stored and shipped) and a 
        service (computer programs are not immutably fixed).'' But, we 
        classify software as a service, not a manufacture. Consider how 
        it is being applied:

                  Manufacturers like Xerox are installing 
                service capabilities in their machines--diagnostic 
                software that is capable of signaling to the 
                manufacturer when a part is nearing the end of its 
                useful life, before the problem is ever visible to the 
                customer.

                  In 1985, when Ford Motor Company wanted 
                safety data on its vehicles, it spent $60,000 to slam a 
                vehicle into a wall. Today, that frontal crash is 
                performed virtually on high performance computers--at a 
                cost of around $10.

                  To design the 777, Boeing developed a 
                software program that allowed its engineers to ``fly'' 
                in a computerized prototype of the aircraft and iterate 
                the design in virtual space.

                  Wal-Mart has installed miniature tracking 
                devices on its products, enabling computerized 
                inventory tracking and controls. [Page 15-16]

         Goal No. 1 Revitalize Frontier and Multi-disciplinary Research

         Nowhere is the need for new multi-disciplinary approaches 
        clearer than in the area of emerging ``services science''--the 
        melding together of the more established fields of computer 
        science, operations research, industrial engineering, 
        mathematics, management sciences, decision sciences, social 
        sciences and legal sciences that may transform entire 
        enterprises and drive innovation at the intersection of 
        business and technology expertise. [Page 30-31]

         A 21st Century Infrastructure

         In the late 19th and 20th centuries, the United States 
        pioneered the world's most advanced infrastructure in 
        transportation (railroads, highways, air travel), 
        telecommunications, energy, water and waste management.

         Even the Internet, the marvel of modern communications, needs 
        an upgrade. In 1985, the Internet connected 2,000 computers. 
        Today, there are more than 233 million Internet hosts and more 
        than 812 million users. The Internet of the future must be able 
        to connect billions of information appliances, like computers, 
        portable devices, wireless modems, GPS locators and sensors. 
        The current infrastructure was not designed to support this 
        explosion of users and devices--and much more investment will 
        be needed to transform the technology and support innovation. 
        [Page 50]

    Task Force on the Future of American Innovation, The Knowledge 
Economy: Is The United States Losing Its Competitive Edge?, released 
February, 2005. Available on-line at http://futureofinnovation.org

         Federal support of science and engineering research in 
        universities and national laboratories has been key to 
        America's prosperity for more than half a century. A robust 
        educational system to support and train the best U.S. 
        scientists and engineers and to attract outstanding students 
        from other nations is essential for producing a world-class 
        workforce and enabling the R&D enterprise it underpins. But in 
        recent years federal investments in the physical sciences, math 
        and engineering have not kept pace with the demands of a 
        knowledge economy, declining sharply as a percentage of the 
        gross domestic product. This has placed future innovation and 
        our economic competitiveness at risk.

         It is essential that we act now; otherwise our global 
        leadership will dwindle, and the talent pool required to 
        support our high-tech economy will evaporate. [Page 1-2]

    U.S. Commission on National Security/21st Century (Hart-Rudman 
Committee), Road Map for National Security: Imperative for Change. 
Phase III, January 2001. Available online at: http://
govinfo.library.unt.edu/nssg/PhaseIIIFR.pdf

         . . .[T]he U.S. Government has seriously underfunded basic 
        scientific research in recent years. . . [T]he inadequacies of 
        our systems of research and education pose a greater threat to 
        U.S. national security over the next quarter century than any 
        potential conventional war that we might imagine. American 
        national leadership must understand these deficiencies as 
        threats to national security. If we do not invest heavily and 
        wisely in rebuilding these two core strengths, America will be 
        incapable of maintaining its global position long into the 21st 
        century. [Page ix]

                   About the Endorsing Organizations

American Society for Information Science and Technology (http://
www.asist.org)--Since 1937, the American Society for Information 
Science and Technology (ASIS&T) has been the society for information 
professionals leading the search for new and better theories, 
techniques, and technologies to improve access to information.
    ASIS&T brings together diverse streams of knowledge, focusing what 
might be disparate approaches into novel solutions to common problems. 
ASIS&T bridges the gaps not only between disciplines but also between 
the research that drives and the practices that sustain new 
developments.
    ASIS&T counts among its membership some 4,000 information 
specialists from such fields as computer science, linguistics, 
management, librarianship, engineering, law, medicine, chemistry, and 
education; individuals who share a common interest in improving the 
ways society stores, retrieves, analyzes, manages, archives and 
disseminates information, coming together for mutual benefit.

Coalition for Academic Scientific Computing (http://www.casc.org)--CASC 
is a nonprofit organization of supercomputing centers, research 
universities and federal laboratories that offer leading edge hardware, 
software, and expertise in high-performance computing resources and 
``advanced visualization environments.'' Founded in 1989, CASC has 
grown into a national association representing 42 centers and programs 
in 28 states.
    Coalition members complement traditional methods of laboratory and 
theoretical investigation by using high-performance computers to 
simulate natural phenomena and environmental threats, handle and 
analyze data and create images--all at performance levels not available 
from smaller computers. By applying advanced technology, CASC members 
help extend the state-of-the-art to achieve the scientific, technical, 
and information management breakthroughs that will keep the U.S. in the 
forefront of the 21st century information technology revolution.

Computing Research Association (http://www.cra.org)--The Computing 
Research Association (CRA) is an association of more than 200 North 
American academic departments of computer science, computer 
engineering, and related fields; laboratories and centers in industry, 
government, and academia engaging in basic computing research; and 
affiliated professional societies.
    CRA's mission is to strengthen research and advanced education in 
the computing fields, expand opportunities for women and minorities, 
and improve public and policy-maker understanding of the importance of 
computing and computing research in our society.

Electrical and Computer Engineering Department Heads Association 
(http://www.ecedha.org)--The Electrical and Computer Engineering 
Department Heads Association is composed of heads or chairs of 
departments offering accredited programs in electrical and/or computer 
engineering.
    The purposes of ECEDHA are threefold: help advance the field, help 
members exchange ideas, and improve communication with the profession, 
industry, government, and others.
    ECEDHA membership is open to the official leaders (whether called 
head, chair, or some other title) of U.S. university departments 
offering ABET-accredited electrical and/or computer engineering (or 
similarly named) programs. Of about 300 departments offering such 
programs, almost 90 percent are currently represented in ECEDHA.

Society for Industrial and Applied Mathematics (http://www.siam.org)--
SIAM has grown from a membership of few hundred in the early 1950s to 
over 10,000 members today. SIAM members are applied and computational 
mathematicians, computer scientists, numerical analysts, engineers, 
statisticians, and mathematics educators. They work in industrial and 
service organizations, universities, colleges, and government agencies 
and laboratories all over the world. In addition, SIAM has over 400 
institutional members-colleges, universities, corporations, and 
research organizations.

U.S. Public Policy Committee of the Association for Computing Machinery 
(http://www.acm.org/usacm)--USACM is the U.S. Public Policy Committee 
of the Association for Computing Machinery, which is widely recognized 
as the premier organization for computing professionals, delivering 
resources that advance the computing as a science and a profession, 
enabling professional development, and promoting policies and research 
that benefit society. ACM is the world's first educational and 
scientific computing society with almost 80,000 members worldwide. 
USACM members include leading computer scientists, engineers, and other 
professionals from industry, academia, and government.
