[House Hearing, 111 Congress]
[From the U.S. Government Publishing Office]


 
                       NETWORKING AND INFORMATION
                        TECHNOLOGY RESEARCH AND
                        DEVELOPMENT ACT OF 2009

=======================================================================

                                HEARING

                               BEFORE THE

                  COMMITTEE ON SCIENCE AND TECHNOLOGY
                        HOUSE OF REPRESENTATIVES

                     ONE HUNDRED ELEVENTH CONGRESS

                             FIRST SESSION

                               __________

                             APRIL 1, 2009

                               __________

                           Serial No. 111-17

                               __________

     Printed for the use of the Committee on Science and Technology


     Available via the World Wide Web: http://www.science.house.gov

                                 ______
                  U.S. GOVERNMENT PRINTING OFFICE
48-168                    WASHINGTON : 2009
-----------------------------------------------------------------------
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov  Phone: toll free (866) 512-1800; (202) 512ï¿½091800  
Fax: (202) 512ï¿½092104 Mail: Stop IDCC, Washington, DC 20402ï¿½090001

                  COMMITTEE ON SCIENCE AND TECHNOLOGY

                   HON. BART GORDON, Tennessee, Chair
JERRY F. COSTELLO, Illinois          RALPH M. HALL, Texas
EDDIE BERNICE JOHNSON, Texas         F. JAMES SENSENBRENNER JR., 
LYNN C. WOOLSEY, California              Wisconsin
DAVID WU, Oregon                     LAMAR S. SMITH, Texas
BRIAN BAIRD, Washington              DANA ROHRABACHER, California
BRAD MILLER, North Carolina          ROSCOE G. BARTLETT, Maryland
DANIEL LIPINSKI, Illinois            VERNON J. EHLERS, Michigan
GABRIELLE GIFFORDS, Arizona          FRANK D. LUCAS, Oklahoma
DONNA F. EDWARDS, Maryland           JUDY BIGGERT, Illinois
MARCIA L. FUDGE, Ohio                W. TODD AKIN, Missouri
BEN R. LUJAN, New Mexico             RANDY NEUGEBAUER, Texas
PAUL D. TONKO, New York              BOB INGLIS, South Carolina
PARKER GRIFFITH, Alabama             MICHAEL T. MCCAUL, Texas
STEVEN R. ROTHMAN, New Jersey        MARIO DIAZ-BALART, Florida
JIM MATHESON, Utah                   BRIAN P. BILBRAY, California
LINCOLN DAVIS, Tennessee             ADRIAN SMITH, Nebraska
BEN CHANDLER, Kentucky               PAUL C. BROUN, Georgia
RUSS CARNAHAN, Missouri              PETE OLSON, Texas
BARON P. HILL, Indiana
HARRY E. MITCHELL, Arizona
CHARLES A. WILSON, Ohio
KATHLEEN DAHLKEMPER, Pennsylvania
ALAN GRAYSON, Florida
SUZANNE M. KOSMAS, Florida
GARY C. PETERS, Michigan
VACANCY


                            C O N T E N T S

                             April 1, 2009

                                                                   Page
Witness List.....................................................     2

Hearing Charter..................................................     3

                           Opening Statements

Statement by Representative Bart Gordon, Chairman, Committee on 
  Science and Technology, U.S. House of Representatives..........     8
    Written Statement............................................     9

Statement by Representative Ralph M. Hall, Minority Ranking 
  Member, Committee on Science and Technology, U.S. House of 
  Representatives................................................    10
    Written Statement............................................    11

Prepared Statement by Representative Eddie Bernice Johnson, 
  Member, Committee on Science and Technology, U.S. House of 
  Representatives................................................    11

                               Witnesses:

Dr. Christopher L. Greer, Director, National Coordination Office 
  for Networking and Information Technology Research and 
  Development (NCO/NITRD)
    Oral Statement...............................................    12
    Written Statement............................................    13
    Biography....................................................    21

Dr. Peter Lee, Incoming Chair, Computing Research Association 
  (CRA); Professor and Head, Computer Science Department, 
  Carnegie Mellon University
    Oral Statement...............................................    22
    Written Statement............................................    23
    Biography....................................................    31

Dr. Deborah Estrin, Director, Center for Embedded Networked 
  Sensing; Professor of Computer Science and Electrical 
  Engineering, University of California, Los Angeles
    Oral Statement...............................................    31
    Written Statement............................................    34
    Biography....................................................    38

Discussion.......................................................    38

             Appendix 1: Answers to Post-Hearing Questions

Dr. Christopher L. Greer, Director, National Coordination Office 
  for Networking and Information Technology Research and 
  Development (NCO/NITRD)........................................    52

Dr. Peter Lee, Incoming Chair, Computing Research Association 
  (CRA); Professor and Head, Computer Science Department, 
  Carnegie Mellon University.....................................    58

Dr. Deborah Estrin, Director, Center for Embedded Networked 
  Sensing; Professor of Computer Science and Electrical 
  Engineering, University of California, Los Angeles.............    61

Mr. Amit Yoran, Chief Executive Officer, NetWitness Corporation..    62

             Appendix 2: Additional Material for the Record

Mr. Amit Yoran, Chief Executive Officer, NetWitness Corporation
    Written Statement............................................    66
    Biography....................................................    68


 NETWORKING AND INFORMATION TECHNOLOGY RESEARCH AND DEVELOPMENT ACT OF 
                                  2009

                              ----------                              


                        THURSDAY, APRIL 1, 2009

                  House of Representatives,
                       Committee on Science and Technology,
                                                    Washington, DC.

    The Committee met, pursuant to call, at 10:05 a.m., in Room 
2318 of the Rayburn House Office Building, Hon. Bart Gordon 
[Chair of the Committee] presiding.


                            hearing charter

                  COMMITTEE ON SCIENCE AND TECHNOLOGY

                     U.S. HOUSE OF REPRESENTATIVES

                       Networking and Information

                        Technology Research and

                        Development Act of 2009

                        wednesday, april 1, 2009
                         10:00 a.m.-12:00 p.m.
                   2318 rayburn house office building

1. Purpose

    The purpose of this hearing is to receive testimony on the 
Networking and Information Technology Research and Development Act of 
2009. The legislation is based on findings and recommendations included 
in a recent assessment of the program conducted by the President's 
Council of Advisors on Science and Technology (PCAST) and proposes 
changes to the research content and planning and implementation 
mechanisms of the program.
    A section-by-section summary of the legislation is attached as an 
appendix to this memo.

2. Witnesses:

  Dr. Chris L. Greer, Director, National Coordination Office 
for Networking and Information Technology Research and Development 
(NCO/NITRD)

  Dr. Peter Lee, Professor and Head, Computer Science 
Department, Carnegie Mellon University

  Mr. Amit Yoran, Chairman and Chief Executive Officer, 
NetWitness Corporation

  Dr. Deborah Estrin, Director, Center for Embedded Networked 
Sensing, University of California, Los Angeles

3. Overarching Questions:

  Does the legislation ensure that the NITRD program is 
positioned to help maintain U.S. leadership in networking and 
information technology? What are industry's priorities for the NITRD 
program and are they adequately addressed in the legislation? What are 
the research community's needs for this program and are they adequately 
addressed?

  Does the legislation address the key recommendations of the 
recent PCAST assessment for making the NITRD program more effective and 
more relevant to the research needs and opportunities in information 
technology?

  Are there key research gaps or program management concerns 
not covered in this legislation? Are the mechanisms for industry and 
academic input into the planning process sufficient?

  Does the legislation effectively implement the PCAST 
recommendation for support of large-scale, multi-disciplinary research 
and development projects? What are the most appropriate mechanisms to 
undertake these projects? Are the requirements for these projects 
sufficient to encourage industry/university partnerships?

4. Background

NITRD Program
    The Networking and Information Technology Research and Development 
(NITRD) program, originally authorized in the High Performance 
Computing Act of 1991 (P.L. 102-194), is a multi-agency research effort 
to accelerate progress in the advancement of computing and networking 
technologies and to support leading edge computational research in a 
range of science and engineering fields. The 1991 statute established a 
set of mechanisms and procedures to provide for the interagency 
planning, coordination, and budgeting of the research and development 
activities carried out under the program.
    The NITRD Subcommittee of the National Science and Technology 
Council (NSTC) is the working body for interagency planning and 
coordination and includes representatives from each of the 
participating NITRD agencies as well as the Office of Management and 
Budget (OMB). For FY 2009, 13 federal agencies contributed funding to 
the NITRD program; however additional agencies that do not contribute 
funding participate in planning activities. The FY 2009 budget request 
for the NITRD program was $3.548 billion, an increase of $0.207 billion 
or approximately six percent, over the FY 2008 level of $3.341 billion. 
A summary of the major research components of the program and funding 
levels by major component and by agency is available at: http://
www.nitrd.gov/pubs/2009supplement/index.aspx
    The National Coordination Office (NCO) provides staff support for 
the NITRD Subcommittee and the program's advisory committee and serves 
as the public interface for the program.

PCAST Assessment
    In August 2007, PCAST completed an assessment of the NITRD program 
and issued a report entitled, ``Leadership Under Challenge: Information 
Technology R&D in a Competitive World'' [http://www.nitrd.gov/pcast/
reports/PCAST-NIT-FINAL.pdf].
    The PCAST report includes several findings and recommendations 
related to the research content of the program, as well as suggestions 
for improving the program's planning, prioritization and coordination. 
The recommendations from the PCAST report include:

          Federal agencies should rebalance their NITRD funding 
        portfolios by increasing support for important problems that 
        require larger-scale, longer-term, multi-disciplinary R&D and 
        increasing emphasis on innovative and therefore higher-risk but 
        potentially higher-payoff explorations.

          As new funding becomes available for the NITRD 
        program, disproportionately larger increases should go for:

                  research on NIT systems connected with the physical 
                world (which are also called embedded, engineered, or 
                cyber-physical systems);

                  software R&D

                  a national strategy and implementation plan to 
                assure the long-term preservation, stewardship, and 
                widespread availability of data important to science 
                and technology; and

                  networking R&D, including upgrading the Internet and 
                R&D in mobile networking technologies.

          The NITRD agencies should:

                  develop, maintain, and implement a strategic plan 
                for the NITRD program;

                  conduct periodic assessments of the major components 
                of the NITRD program and restructure the program when 
                warranted;

                  develop, maintain, and implement public R&D plans or 
                roadmaps for key technical areas that require long-term 
                interagency coordination and engagement; and

                  develop a set of metrics and other indicators of 
                progress for the NITRD program, including an estimate 
                of investments in basic and applied research, and use 
                them to assess NITRD program progress.

          The NITRD National Coordination Office should support 
        the development, maintenance, and implementation of the NITRD 
        strategic plan and R&D plans for key technical areas; and it 
        should be more proactive in communicating with outside groups.

Cyber-Physical Systems
    The top recommendation of the PCAST report for new research 
investments in the NITRD program is in the area of computer-driven 
systems connected with the physical world--also called embedded, 
engineered, or cyber-physical systems (CPS). CPS are connected to the 
physical world through sensors and actuators to perform crucial 
monitoring and control functions. Such systems would include the air-
traffic-control system, the power-grid, water-supply systems, and 
industrial process control systems. On a more individual level, they 
are found in automobiles and home health care devices.
    Examples of CPS are already in widespread use but growing demand 
for new capabilities and applications will require significant 
technical advances. Such systems can be difficult and costly to design, 
build, test, and maintain. They often involve the intricate integration 
of myriad networked software and hardware components, including 
multiple subsystems. In monitoring and controlling the functioning of 
complex, fast-acting physical systems (such as medical devices, weapons 
systems, manufacturing processes, and power-distribution facilities), 
they must operate reliably in real time under strict constraints on 
computing, memory, power, speed, weight, and cost. Moreover, most uses 
of cyber-physical systems are safety-critical: they must continue to 
function even when under attack or stress.
    There is evidence that CPS will be an area of international 
economic competition. For example, the European Union's Advanced 
Research and Technology for Embedded Intelligence and Systems (ARTEMIS) 
program, funded by a public-private investment of 5.4 billion euros 
(over $7 billion in mid-2007 dollars) between 2007 and 2013, is 
pursuing R&D to achieve ``world leadership in intelligent electronic 
systems'' by 2016.

Recent Amendments to NITRD Program [included in COMPETES Act]
    A 1999 assessment of the program found that the sponsored research 
was shifting too much toward support for near-term, mission focused 
objectives; that there was a growing gap between the power of high-
performance computers available to support agency mission requirements 
and those supporting the general academic research community; and that 
total federal information technology investment was inadequate. In 
response to that report, the Committee developed legislation that 
became part of the COMPETES Act (section 7024(a) ) and amends the 1991 
Act in two significant ways: requires the advisory committee to conduct 
periodic evaluations of the funding, management, coordination, 
implementation, and activities of the program and requires OSTP to 
develop and maintain a roadmap for developing and deploying very high-
performance computing (high-end) systems necessary to ensure that the 
U.S. research community has sustained access to the most capable 
computing systems.

5. Witness Questions

    All witnesses were asked to give their views on the provisions of 
the bill, including any recommendations for ways to improve it. The 
list of overarching questions (item 3 above) was included in the 
invitation letters of all of the witnesses except Dr. Greer.

Dr. Greer
    Dr. Greer was asked to please provide an update (since his last 
testimony before the Committee in July, 2008) of any significant 
changes to the NITRD Program and any actions the NITRD agencies have 
taken or plan to take in response to the recommendations of the 2007 
PCAST report. In addition, he was asked to answer the following 
specific questions:

          The NITRD subcommittee of the National Science and 
        Technology Council is in the midst of developing a strategic 
        plan. Please describe those efforts and how, if at all, they 
        address the requirements for strategic planning as described in 
        the legislation. In particular, what are the current mechanisms 
        for industry and academic input into the planning process, and 
        how is the NITRD subcommittee addressing the need for the NITRD 
        program to place more emphasis on higher-risk, long-term 
        projects? What is the timeline for completing the strategic 
        plan?

          Please describe the current responsibilities and 
        activities of the National Coordination Office (NCO). How do 
        those responsibilities and activities compare to the 
        responsibilities and activities required for the NCO in the 
        legislation? In particular, how has the NCO responded to the 
        2007 PCAST recommendation for improved communication with and 
        outreach to outside groups?

                                SUMMARY

                    DRAFT NETWORKING AND INFORMATION

                  TECHNOLOGY RESEARCH AND DEVELOPMENT

                              ACT OF 2009

SECTION 1. SHORT TITLE.

    ``Networking and Information Technology Research and Development 
Act of 2009''.

SEC. 2. PROGRAM PLANNING AND COORDINATION.

PERIODIC REVIEWS.--Responds to the PCAST report recommendation to 
require the NITRD agencies to periodically assess the NITRD program 
contents and funding levels and make changes as appropriate. Also 
requires that the program content include activities authorized under 
section 3.

STRATEGIC PLAN.--

          Responds to the PCAST report recommendation to 
        require the NITRD agencies to develop and periodically update 
        (three-year intervals) a strategic plan for the program. The 
        characteristics and content of the strategic plan are 
        described.

          Adds to the responsibilities of the OSTP Director 
        oversight responsibility to see that the strategic plan is 
        developed and executed effectively.

          Specifies that the annual report now required for the 
        NITRD program explicitly describe how the program activities 
        planned and underway relate to the objectives specified in the 
        strategic plan.

REPORT.--Specifies that the annual report now required for the NITRD 
program include a description of research areas supported in accordance 
with section 3, including the same budget information as is required 
for the Program Component Areas.

SEC. 3. LARGE-SCALE RESEARCH IN AREAS OF NATIONAL IMPORTANCE.

    Generally addresses the PCAST recommendation to increase the NITRD 
investment in larger scale, high-risk/high-payoff, and multi-
disciplinary research. These competitive awards must be made through 
collaborations between at least two agencies.
    Characteristics of the projects supported include:

          collaborations among researchers in academic 
        institutions and industry, and may involve nonprofit research 
        institutions and federal laboratories;

          when possible, leveraging of federal investments 
        through collaboration with related State initiatives; and

          plans for fostering the transfer of research 
        discoveries and the results of technology demonstration 
        activities to industry for commercial development.

    Authorizes support of activities under this section through 
interdisciplinary research centers that are organized to investigate 
basic research questions and carry out technology demonstration 
activities

SEC. 4. CYBER-PHYSICAL SYSTEMS.

    The first PCAST recommendation regarding NITRD program content was 
for developing and implementing a plan for research on cyber-physical 
systems.
    Directs that cyber-physical systems be one of the areas supported 
in accordance with SEC. 3. Specifies R&D objectives and types of 
activities authorized based on the PCAST recommendations and the 
results of the community workshops (CPS Steering Group).
    Requires the NCO Director to convene an industry/university task 
force to explore mechanisms for carrying out collaborative research and 
development activities for cyber-physical systems through a consortium 
with participants from academic institutions and industry. The goal of 
the task force is to develop recommendations for the structure and mode 
of operation of a joint industry/university research consortium and to 
report the recommendations to Congress. This provision is based on the 
recommendations of the Boeing witness (Winter) at July 31, 2008 
hearing.

SEC. 5. NATIONAL COORDINATION OFFICE.

    This section formally establishes the National Coordination Office; 
delineates the office's responsibilities; mandates annual operating 
budgets; specifies the source of funding for the office, which mirrors 
the current practice; and stresses the role of the office in developing 
the strategic plan and in public outreach and communication with 
outside communities of interest, following the PCAST recommendations.
    Chair Gordon. This hearing will come to order, and good 
morning.
    Welcome to today's hearing on the Networking and 
Information Technology Research and Development, or as it is 
commonly known, NITRD Act. Last year this committee held an 
oversight hearing on the NITRD program. At that hearing we 
heard from a panel of expert witnesses on the findings of a 
recent assessment of the program carried out by the President's 
Council of Advisors on Science and Technology. The PCAST 
recommendations and the testimony of the witnesses served as a 
basis for the legislation proposal we are reviewing today.
    Last week there was a symposium at the Library of Congress 
celebrating the achievements of computing research. During the 
opening session of the symposium, one speaker cited a New York 
Times article to illustrate how far computing has come to 
demonstrate how profoundly information technology has changed 
our lives.
    The article contained a laundry list of life-changing 
innovations over the last 30 years. Notably, two-thirds of the 
items on the list such as the Internet, open-source software 
and laptop computers, were the result of advances in 
information technology research. This result clearly 
demonstrates that information technology is a major driver of 
the economy and growth and that advances in the field have the 
potential to dramatically influence all aspects of our lives 
from manufacturing and health care to education and 
entertainment. In short, research and networking information 
technology translates to U.S. scientific, industrial and 
military competitiveness.
    The legislative proposal we are reviewing today responds to 
two categories of concerns expressed by the PCAST assessment: 
the strength of NITRD program's planning and coordinating 
functions and the balance of the research portfolio.
    First, the legislation addresses the PCAST recommendations 
to strengthen the planning, coordination and prioritization 
components of the program by requiring the development and 
periodic update of a strategic plan that will create a vision 
for information technology R&D allowing for continued 
technological breakthroughs in maintaining U.S. leadership.
    Next, the legislation addresses the PCAST recommendation 
for increased support of large-scale, long-term, 
interdisciplinary research by creating large-scale R&D rewards 
that not only encourage collaboration among the NITRD agencies 
but also promote collaboration between the academic and 
industry researchers. Past achievements have shown that these 
large-scale, long-term partnerships are a recipe for success.
    Many of the technical advances that led to today's 
computers and the Internet evolved from past research sponsored 
by industry and government, often in partnership and conducted 
by the industry, university and federal labs.
    And finally, the legislation highlights the need for 
increased research in the area of cyber-physical systems. 
Cyber-physical systems such as the power grid and home health 
care devices are computer-driven systems connected with the 
physical world. The prevalence of these systems is likely to 
increase but technical advances are needed to realize their 
full potential. The legislation calls for an industry/
university task force to explore the mechanisms for carrying 
out collaborative R&D in this important area, and while there 
has been breathtaking progress in the field of information 
technology, I believe the best is yet to come.
    [The prepared statement of Chair Gordon follows:]

                Prepared Statement of Chair Bart Gordon

    Good morning. Welcome to today's hearing on the Networking and 
Information Technology Research and Development, or as it is commonly 
known, the NITRD Act. Last year, this committee held an oversight 
hearing on the NITRD program. At that hearing we heard from a panel of 
expert witnesses on the findings of a recent assessment of the program 
carried out by the President's Council of Advisors on Science and 
Technology (PCAST). The PCAST recommendations and the testimony of the 
witnesses served as the basis for the legislative proposal we are 
reviewing today.
    Last week, there was a symposium at the Library of Congress 
celebrating the achievements of computing research. During the opening 
session of the symposium one speaker cited a New York Times article to 
illustrate how far computing has come and to demonstrate how profoundly 
information technology has changed our lives.
    The article contained a laundry list of life changing innovations 
over the last 30 years. Notably, two-thirds of the items on the list, 
such as the Internet, open-source software and laptop computers, were 
the result of advances in information technology research. This result 
clearly demonstrates that information technology is a major driver of 
economic growth and that advances in the field have the potential to 
dramatically influence all aspects of our lives from manufacturing and 
health care to education and entertainment. In short, research in 
networking and information technology translates into U.S. scientific, 
industrial, and military competitiveness.
    The legislative proposal we are reviewing today responds to two 
categories of concern expressed by the PCAST assessment: the strength 
of the NITRD program's planning and coordination functions and the 
balance of the research portfolio.
    First, the legislation addresses the PCAST recommendation to 
strengthen the planning, coordination, and prioritization components of 
the program by requiring the development and periodic update of a 
strategic plan that will create a vision for information technology 
R&D, allowing for continued technological breakthrough and maintaining 
U.S. leadership.
    Next, the legislation addresses the PCAST recommendation for 
increased support of large-scale, long-term, interdisciplinary research 
by creating large-scale R&D awards that not only encourage 
collaboration among the NITRD agencies, but also promote collaborations 
between academic and industry researchers.
    Past achievements have shown us that large-scale, long-term 
partnerships are a recipe for success. Many of the technical advances 
that led to today's computers and the Internet evolved from past 
research sponsored by industry and government, often in partnership, 
and conducted by industry, university, and federal labs.
    Finally, the legislation highlights the need for increased research 
in the area of cyber-physical systems. Cyber-physical systems such as 
the power grid and home health care devices are computer-driven systems 
connected with the physical world. The prevalence of these systems is 
likely to increase, but technical advances are needed to realize their 
full potential. The legislation calls for an industry/university task 
force to explore mechanisms for carrying out collaborative R&D in this 
important area.
    While there has been breathtaking progress in the field of 
information technology I believe the best is yet to come. A brilliant 
young scientist who participated in last week's symposium is putting to 
good use a program he invented to distinguish between a human user and 
a computer and prevent SPAM e-mail. Now when you type the distorted 
text at the bottom of a Web registration form you are helping to 
digitize books that were written before the computer age. This type of 
ingenuity is the perfect example of why many believe information 
technology R&D is still in its infancy.
    The witnesses before us today have extensive expertise in 
networking and information technology, and I look forward to their 
comments on our legislative proposal. I want to thank all of the 
witnesses for taking the time to appear before the Committee this 
morning and I look forward to your testimony.

    Chair Gordon. Now the Chair recognizes Mr. Hall for an 
opening statement.
    Mr. Hall. Mr. Chair, thank you, and before I make an 
opening statement, we are always proud when we have people in 
the audience that are related to us and are praying for us and 
working for us, and Mele, who wrote this opening statement for 
me, her mother is in the audience. Her name is Sandra Freeman 
and she is from Greenville, South Carolina, but she has been 
skiing in Boulder, Colorado, since the first of the year, and I 
am told that Colorado is made up of people from Iowa that don't 
want any more Texans. I don't know if that it right or not. 
Welcome, and thank you, Mr. Chair, for allowing us to recognize 
her.
    Thank you, Chair Gordon, for scheduling this hearing to 
receive testimony on draft authorization legislation for the 
Federal Government's Networking and Information Technology 
Research and Development program. Currently the NITRD, as they 
are called, program provides a primary mechanism by which 
Federal Government coordinates the Nation's more than $3 
billion of unclassified networking and information technology 
research and development investments. As I stated in our last 
hearing, given the ever increasing amounts of networking and 
information technology that affects our everyday lives, from 
power grid and water purification systems to automotive 
improvements and air traffic control equipment, to home health 
and care and health care devices and educational software 
programs, for all that it is important that we not only 
continue to support these R&D efforts but also make sure that 
this program is appropriately coordinating with our classified 
cyber security initiatives as well. In fact, I believe that 
this is of vital importance to our homeland security and to our 
economy.
    It is my understanding that at this moment a computer worm 
called Conficker C may be affecting millions of computers in 
ways that we can't even completely identify yet, and whether 
this pans out to be a serious threat or simply a perceived 
threat, the ability for people to create this kind of computer 
havoc is a real problem. So I would suggest that non-classified 
cyber security efforts are just as important. Hopefully our 
witnesses will discuss and address that today as well.
    I know that your staff has been working diligently with 
ours to put together good, solid legislation and I appreciate 
this bipartisan effort. The draft before us is a culmination of 
recommendations from the PCAST report, feedback we received 
from numerous organizations and witness testimony received in 
the hearing held on this topic last year. So I am sure we will 
learn today that there are yet more ways we can improve this 
bill and I hope that we can continue to work together to ensure 
that it moves forward in a bipartisan fashion and with 
bipartisan support, and our Chair, I think, is a champion of 
that type of support.
    I look forward to hearing the views of our witnesses today 
and their recommendations about how we can make an already 
exemplary interagency program even better.
    I yield back my time and I thank the Chair.
    [The prepared statement of Mr. Hall follows:]

           Prepared Statement of Representative Ralph M. Hall

    Thank you, Chairman Gordon, for scheduling this hearing to receive 
testimony on draft authorization legislation for the Federal 
Government's Networking and Information Technology Research and 
Development (NITRD) program. Currently, the NITRD program provides the 
primary mechanism by which the Federal Government coordinates this 
nation's more than three billion dollars of unclassified networking and 
information technology (NIT) research and development (R&D) 
investments.
    As I stated in our last NITRD hearing, given the ever increasing 
amounts of networking and information technology that affect our 
everyday lives from power grid and water purification systems to 
automotive improvements and air traffic control equipment to home 
health care devices and educational software programs, it is important 
that we not only continue to support these R&D efforts but also make 
sure that this program is appropriately coordinating with our 
classified cyber security initiatives as well. In fact, I believe that 
this is of vital importance to our homeland security and to our 
economy.
    It is my understanding that at this moment, a computer worm called 
Conficker C may be affecting millions of computers in ways that we 
cannot even completely identify yet. Whether this pans out to be a 
serious threat or simply a perceived threat, the ability for people to 
create this kind of computer havoc is a real problem. So, I would 
suggest that non-classified cyber security efforts are just as 
important. Hopefully, our witnesses will address that today, as well.
    I know that your staff has been working diligently with mine to put 
together good, solid legislation, and I appreciate this bipartisan 
effort. The draft before us is a culmination of recommendations from 
the PCAST Report, feedback we have received from numerous 
organizations, and witness testimony received in a hearing held on this 
topic last year. I am sure we will learn today that there are yet more 
ways we can improve this bill, and I hope that we can continue to work 
together to ensure that it moves forward in a bipartisan fashion and 
with bipartisan support.
    I look forward to hearing the views of our witnesses today and 
their recommendations about how we can make an already exemplary 
interagency program even better.

    Chair Gordon. Thank you, Mr. Hall.
    If there are Members who wish to submit additional opening 
statements, your statements will be added to the record at this 
point.
    [The prepared statement of Ms. Johnson follows:]

       Prepared Statement of Representative Eddie Bernice Johnson

    Good morning, Mr. Chairman and Ranking Member.
    Advanced computer networks are the wave of the future.
    As technology has improved, we are better able to predict the paths 
of hurricanes, the force of tsunamis, or even the trajectory of comets.
    Advanced computing is a broad area of active research. The Texas 
Advanced Computing Center, in Austin, has scientists who are using 
supercomputers to simulate airflow and manage shock waves for next-
generation, hypersonic aircraft.
    Other researchers there have been working to understand the process 
by which enzymes convert plant matter into energy, with the goal of 
creating more efficient enzymes. Then we could more quickly convert 
waste to energy.
    High speed computers have also enabled scientists to develop 
realistic models of the human lung.
    Teams of Texas researchers are working to develop a new tool to 
image, understand, and diagnose how air flows through the thousands of 
branching passageways of the lung, and how abnormalities can lead to 
illness.
    There are so many useful applications for high speed computers and 
advanced networks.
    The Federal Government invests more than $3 billion on the 
Networking and Information Technology Research and Development (NITRD) 
program.
    It is essential that such a large investment is spent wisely.
    The President's Council of Advisors on Science and Technology 
recently provided recommendations on how to improve our federal efforts 
in computer network research.
    A key recommendation was to support high-risk, multi-disciplinary 
research. I support this suggestion.
    For far too long, federal investments have been made in ``safe 
research,'' or research that has a certainty of getting a result.
    The negative consequence is that science moves along at an 
incremental snail's pace.
    Investments in high-risk research may never come to fruition or 
payoff. However we must support research of this nature.
    Scientists must be unfettered to think more creatively. Then, they 
have the freedom to tackle big questions that sometimes take more time 
and more experimentation to answer.
    As a previous Chair of the Research and Science Education 
Subcommittee, I have long been a strong supporter of this kind of 
research.
    I want to welcome today's witnesses.
    We value your feedback on draft legislation regarding the 
Networking and Information Technology Research and Development (NITRD) 
program.

    Chair Gordon. Let me thank our witnesses for being here. We 
are one witness short right now. We have experienced sometimes 
that getting through the line downstairs can slow people down. 
There can be other problems. And so we will certainly treat 
that witness with respect if they come in later and do it in 
whatever is the appropriate way. Also, I want you to know that 
there is a busy schedule here in Congress today too. The lack 
of bodies in the seats is not a lack of interest. This is a 
very important issue and they will be following it with their 
staffs, and you are right, Mr. Hall, this has been a good 
bipartisan start. Mele has been an integral part of putting 
this together as usual and she is very important to this 
committee.
    So at this time I want to introduce our witnesses. First, 
Dr. Chris Greer is the Director of the NITRD National 
Coordinating Office, Dr. Peter Lee is the Head of the Computer 
Science Department at Carnegie Mellon University, and Dr. 
Deborah Estrin is the Director of the Center for Embedded 
Networked Sensing at UCLA. Thank you for being here. As you 
know, we try to keep the oral statements to five minutes but 
this is an important area and we are not going to take you out 
with a hook because we want to hear what you have to say. Your 
written testimony will be included as a part of the record, and 
I probably at the end of the day have a couple of more 
questions that I am going to give to you that you then can 
respond back in writing. Again, we want to get this right.
    So we will start with Dr. Greer.

   STATEMENT OF DR. CHRISTOPHER L. GREER, DIRECTOR, NATIONAL 
 COORDINATION OFFICE FOR NETWORKING AND INFORMATION TECHNOLOGY 
              RESEARCH AND DEVELOPMENT (NCO/NITRD)

    Dr. Greer. Good morning. My name is Chris Greer. I am the 
Director of the National Coordination Office for the Networking 
and Information Technology Research and Development Program, 
and hereafter I will refer to those as NCO and NITRD by their 
acronyms, respectively, to keep this brief. With Dr. Jeanette 
Wing of the National Science Foundation, I also co-chair the 
NITRD subcommittee. I thank Chair Gordon and Ranking Member 
Hall and the Members of the Committee for the opportunity to 
come before you today to discuss the NITRD program and the 
Committee's draft Networking and Information Technology 
Research and Development Act of 2009.
    My written testimony provides comprehensive response to the 
questions the Committee posed in preparation for this hearing, 
and in my oral comments I want to focus on two specific points.
    First, we view the recommendations of the President's 
Council of Advisors on Science and Technology, the PCAST, and 
this committee's interest as helpful in further improving the 
NITRD framework. Our goal, as yours, is to enable the NITRD 
program to serve the Nation even more effectively in the 
future. Since I last appeared before you eight months ago, we 
have continued our vigorous response to the full spectrum of 
the PCAST recommendations. Our strategic planning process 
provides an example of that. The plan we are designing 
comprises elements operating at multiple levels, embraces the 
emphasis areas identified by PCAST, focuses significantly on 
opportunities for large-scale, long-term R&D, and benefits from 
a diversity of means for community input including a request 
for information published in the Federal Register, 
presentations at scientific and technical meetings, individual 
one-on-one interviews and small group discussions, a public 
strategic planning forum, webcasts globally and an opportunity 
for public comment on the draft text. The NCO is the focal 
point for supporting this planning process, the spectrum of 
outreach efforts that inform the plan, the response to the 
other PCAST recommendations and of course the full range of 
NITRD program activities. The NCO is currently developing its 
own strategic plan to further strengthen its capabilities in 
support of the NITRD program.
    Now, the second point I wanted to make this morning is the 
critical importance of balance in the NITRD portfolio. The 
vision of previous amending legislation from this committee and 
of the NITRD agencies over the years has been for a balanced 
portfolio, one that recognizes that hardware innovations are 
constrained without corresponding advances in software. The use 
of advanced networks will be limited without improvements in 
security and in reliability. The massive data sets will not 
drive progress if the data cannot be preserved, accessed and 
used for increased understanding and so on. I urge the 
Committee to continue its history of crafting a framework that 
enables the NITRD portfolio of investments to respond to our 
nation's changing IT needs and opportunities. This includes 
recognizing the contemporary scope of the NITRD program, 
positioning emphasis areas in the context of the full NITRD 
landscape, providing for an advisory committee with the 
expertise to offer strategic guidance on emphasis and balance 
to the program and to the President, and encouraging strategic, 
large-scale, long-term research in all agency contexts.
    So thank you for your work on the reauthorization 
legislation and for the opportunity to appear before you today. 
We at NITRD and the National Coordination Office, many of the 
outstanding staff of whom are behind me today including Ernest 
McDuffy, who is the Associate Director, Diane Theese and 
Virginia Moore, who are Office Leaders. Thank you for this 
opportunity.
    [The prepared statement of Dr. Greer follows:]

             Prepared Statement of Dr. Christopher L. Greer

    Good morning. I am Chris Greer, Director of the National 
Coordination Office (NCO) for Networking and Information Technology 
Research and Development (NITRD). With my colleague, Dr. Jeannette Wing 
of the National Science Foundation (NSF), I co-chair the NITRD 
Subcommittee of the National Science and Technology Council's (NSTC) 
Committee on Technology. I want to thank Chairman Gordon, Ranking 
Member Hall, and the Members of the Committee for the opportunity to 
come before you today to discuss the multi-agency NITRD Program and the 
Committee's draft Networking and Information Technology Research and 
Development Act of 2009.
    The NITRD Program--now in its 18th year--provides a coordinated 
view of the Government's portfolio of unclassified investments in 
fundamental, long-term research and development (R&D) in advanced 
networking and information technology (IT). All of the research 
reported in this portfolio is managed, selected, and funded by one or 
more of the 13 member agencies under their own individual 
appropriations. The Program's current research areas are high-end 
computing, large-scale networking, cyber security and information 
assurance, human-computer interaction and information management, high-
confidence software and systems, software design and productivity, and 
socioeconomic, education, and workforce implications of IT. IT R&D 
advances in these areas further our nation's goals for economic 
competitiveness, energy and the environment, health care, national 
defense and national security, and science and engineering leadership.
    IT R&D research is performed in universities, federal research 
centers and laboratories, federally funded R&D centers, private 
companies, and nonprofit organizations across the country. The NITRD 
agencies--consisting of the member agencies and a number of other 
participating agencies and offices--work together to ensure that the 
impact of their efforts is greater than the sum of the individual 
agency investments. This synergy is accomplished through interaction 
across the government, academic, commercial, and international sectors 
using cooperation, coordination, information sharing, and joint 
planning, in selected areas where the agencies can identify significant 
leverage, to identify critical needs, avoid duplication of effort, 
maximize resource sharing, and partner in investments to pursue higher-
level goals.

Program history in brief

    The 18-year history of the NITRD Program includes three previous 
legislative acts. The first, the High-Performance Computing (HPC) Act 
of 1991 (Public Law 102-194), launched the Program, establishing a 
framework that combined research goals with specific requirements for 
interagency cooperation, collaboration, and partnerships with industry 
and academia. This framework has withstood the test of time, enabling 
the Program to address its responsibilities under legislation to:

        (A)  establish the goals and priorities for federal high-
        performance computing research, development, networking and 
        other activities; and

        (B)  provide for interagency coordination of federal high-
        performance computing research, development, networking, and 
        other activities undertaken pursuant to the Program.

    The next two acts--the Next Generation Internet Research Act of 
1998 (Public Law 105-305) and the America COMPETES Act of 2007 (Public 
Law 110-69)--formally extended the scope of responsibilities for 
interagency coordination to include human-centered computing; flexible, 
extensible, inter-operable, and accessible network technologies and 
implementations; education, training, and human resources; and other 
areas.
    In its first annual report to the Congress in 1992, the Program--
then called High Performance Computing and Communications (HPCC)--
reported an estimated 1991 multi-agency investment of nearly $490 
million across eight federal agencies and four Program Component Areas 
(PCAs). Today, the NITRD Program coordinates among 13 member agencies 
that, together, invest more than $3 billion across eight PCAs, each 
coordinated by an Interagency Working Group (IWG) or Coordinating Group 
(CG) of member and participating agency program managers. (See 
Appendices 1 and 2 for a list of the current NITRD agencies and PCAs 
and a NITRD organizational chart.)
    While these numbers reflect sustained and significant budgetary 
growth over the past 18 years, I believe that the Program is more than 
just the sum of the investments. The vision of previous amending 
legislation and of the NITRD agencies over the years has been for a 
balanced portfolio of investments--a portfolio that recognizes that 
hardware innovations are constrained without corresponding advances in 
software; the use of advanced networks will be limited without 
improvements in security and reliability; massive data sets will not 
drive progress if the data cannot be preserved, accessed, and used for 
increased understanding, etc.
    The recent recommendations of the President's Council of Advisors 
on Science and Technology (PCAST) for adjustments in technical 
priorities and increases in large-scale, long-term investments 
underscore the need to continuously rebalance the NITRD portfolio in a 
fast-moving IT landscape. I urge the Committee to support a framework 
that enables the NITRD portfolio of investments to respond to our 
nation's changing IT needs and opportunities.

Response to the Committee Request

    The invitation to testify here today included a request to address 
one topic and respond to two specific questions. Responses are provided 
in the numbered sections that follow.

Topic 1. ``[P]rovide an update (since your last testimony before the 
Committee in July, 2008) of any significant changes to the NITRD 
Program and any actions the NITRD agencies have taken or plan to take 
in response to the recommendations of the 2007 PCAST report.''

    We view the recommendations of the 2007 PCAST report assessing the 
NITRD Program\1\ as helpful in further improving the NITRD framework. 
Our goal, as yours, is to enable the NITRD Program to serve the Nation 
even more effectively in the future. Our activities over the past eight 
months in response to the PCAST recommendations are summarized by topic 
below.
---------------------------------------------------------------------------
    \1\ Leadership Under Challenge: Information Technology R&D in a 
Competitive World. President's Council of Advisors on Science and 
Technology, August 2007, Washington, D.C. Available at http://
www.nitrd.gov/Pcast/reports/PCAST-NIT-FINAL.pdf

a) Strategic Planning
    The NITRD Program is engaged in a robust process, including 
extensive public input, for developing a comprehensive, five-year 
strategic plan. Details of this process are described below in the 
response to the Committee's questions on this topic. The contents of 
this strategic plan will guide our subsequent roadmapping process, 
including review of the structure of the NITRD Program. We expect the 
strategic plan to be completed later this year. However, it is 
important to remember that this strategic plan must complement and 
integrate the legislatively mandated strategic plans of the member 
agencies.

b) Education and workforce issues
    With regard to the PCAST's education and workforce recommendations, 
SRI International is nearing completion of a NITRD-commissioned fast-
track study of international education and workforce trends that we 
will use to inform the NITRD strategic plan.
    We also moved ahead last summer, under the aegis of the Social, 
Economic, and Workforce implications of IT (SEW) Coordinating Group 
(CG), to convene a September 2008 workshop of federal program managers 
who have responsibilities related to networking and information 
technology education and workforce development. Since that meeting, a 
task force of the participants has been working with SEW to develop 
content for the strategic plan on the federal role in IT education and 
workforce development.
    Moreover, in the strategic planning process we are discussing not 
just technologies and applications but the educational preparation of 
both technology workers and technology users. We devoted the first 
session of the public forum to education issues to emphasize their role 
in our considerations.

c) Rebalancing the NITRD portfolio
    Our responses to the PCAST recommendations to increase emphasis on 
large-scale, long-term efforts and on cyber-physical systems, software, 
digital data, and networking are summarized individually below.

        1.  Large-scale, long-term efforts: The strategic planning 
        process is explicitly designed to target PCAST recommendations 
        on portfolio balance and emphasis areas such as large-scale, 
        long-term, and high-risk investments. The planning thus is cast 
        at a high level that can build on the existing strategic plans 
        of our member agencies by focusing very directly on challenges 
        that no single agency can meet on its own. In fact, we view the 
        identification of these challenges as the principal goal of the 
        NITRD strategic planning process and the necessary foundation 
        to enable the member agencies to establish NITRD priorities and 
        initiate roadmaps for specific research thrusts under the plan. 
        We anticipate developing roadmaps by NITRD research area, as 
        PCAST recommended, and will provide these separately rather 
        than in the strategic plan, allowing different update cycles 
        for the different types of plans.

        2.  Cyber-Physical Systems: We appreciate the Committee's 
        interest in cyber-physical systems and agree with the Committee 
        on their importance. As we detail below, there are a number of 
        ongoing activities under existing NITRD structures that are 
        focusing on this area already. However, we are concerned with 
        the precedent of including a specific application of NITRD 
        research in this bill.

            A comprehensive plan for assessing national R&D needs in 
        the complex life- and safety-critical technologies called 
        cyber-physical systems was initiated prior to the PCAST 
        assessment and is yielding positive results. In this plan, the 
        High Confidence Software and Systems (HCSS) CG has a leadership 
        role in convening researchers and companies across three 
        selected sectors and industries comprising medical devices, 
        transportation systems (air, rail, auto), and energy (which 
        includes SCADA control systems). Our goals in identifying R&D 
        challenges in each sector are to identify both opportunities 
        for targeted investments and, more importantly, fundamental 
        challenges common across the sectors that may merit large-
        scale, long-term, multi-agency investments. The first sector 
        report--on high-confidence medical systems--has just been 
        published (March 2009). For high-confidence transportation 
        systems, the first in a series of workshop reports is expected 
        in April 2009 with the NITRD analysis to follow that. An energy 
        sector workshop is slated for June 2009; it follows a previous 
        workshop on SCADA systems. These sector reports will be used to 
        analyze common challenges that are potential targets for 
        interagency investments.

            Through its workshop series, HCSS is establishing 
        communities of interest for the first time--such as among 
        researchers, medical clinicians, hospital administrators, 
        industry representatives, and government regulators with a 
        stake in improving the quality and increasing the capabilities 
        of IT-enabled medical devices and systems, and among designers, 
        safety experts, engineers, and academic researchers involved in 
        the aviation, automotive, and rail sectors. This is an example 
        of the broad outreach being undertaken by the NITRD Program.

        3.  Software: The NITRD Program's Software Design and 
        Productivity (SDP) CG is revitalizing its collaborative agenda 
        and interagency activities under new leadership from NSF and 
        NIST. I participated last week in an NSF-sponsored ``software 
        sustainability'' conference that signals that agency's 
        continuing high interest in the challenges of improving the 
        quality, performance, and cost-effectiveness of software. The 
        reality that these challenges make slow advances across the 
        spectrum of networking and information technology applications 
        is a leitmotif of NITRD strategic planning discussions.

        4.  Digital Data: A number of NITRD agency representatives 
        participated in, and served as co-chairs for, the Interagency 
        Working Group on Digital Data (IWGDD) chartered by the NSTC in 
        2006 to ``develop and promote the implementation of a strategic 
        plan for the Federal Government to cultivate an open inter-
        operable framework to ensure reliable preservation and 
        effective access to digital data for research, development, and 
        education in science, technology, and engineering.'' Such a 
        plan, with NITRD participation, was recommended by PCAST. The 
        IWGDD, representing more than two dozen agencies, delivered its 
        report--Harnessing the Power of Digital Data for Science and 
        Society--to the NSTC in January 2009. The report addresses the 
        substance of the PCAST recommendation. It provides essential 
        conceptual foundations and proposes structural scaffolding for 
        rationalizing federal roles and responsibilities in managing 
        and maintaining critical scientific data on behalf of the 
        Nation.

        5.  Networking: PCAST endorsed the development of a Federal 
        Plan for Advanced Networking Research and Development. That 
        plan, prepared by a task force of NITRD agency members and 
        others pursuant to a January 2007 charge from the Director of 
        OSTP, was posted in draft on the NCO web site in August 2007 
        for public comment and published in final form by the NCO in 
        September 2008.\2\ The document serves as an overarching guide 
        for planning and coordination in the LSN Coordinating Group. 
        For example, DOE/SC and NSF, with LSN and NCO support, hosted a 
        ``Networking Research Challenges'' workshop shortly after the 
        plan's issuance to elicit the views of the broader industry and 
        academic networking research communities about the plan and key 
        R&D priorities. The report of that workshop is currently being 
        prepared for publication.
---------------------------------------------------------------------------
    \2\ Federal Plan for Advanced Networking Research and Development, 
Interagency Task Force on Advanced Networking Research and Development, 
September 2008. Available at http://www.nitrd.gov/Pubs/ITFAN-FINAL.pdf

            The LSN Coordinating Group also is addressing PCAST's 
        recommendations on strengthening the infrastructure for large-
        scale data resources and increasing network security and 
        reliability. The group is coordinating cross-domain performance 
        measurement to enable improved management and security on 
        networks. It is also fostering the development, use, and 
        sharing of standardized tools and infrastructure for large-
---------------------------------------------------------------------------
        scale distributed access, data transfer, and collaborations.

Question 1. ``The NITRD subcommittee of the National Science and 
Technology Council is in the midst of developing a strategic plan. 
Please describe those efforts and how, if at all, they address the 
requirements for strategic planning as described in the legislation. In 
particular, what are the particular mechanisms for industry and 
academic input into the planning process, and how is the NITRD 
subcommittee addressing the need for the NITRD Program to place more 
emphasis on higher-risk, long-term projects? What is the timeline for 
completing the strategic plan?''

    We believe the strategic planning process currently underway 
addresses the requirements for strategic planning as described in the 
draft legislation. However, the planning process is mindful of the need 
to complement and integrate the legislatively mandated strategic plans 
of the member agencies.
    The process currently in place provides for public input at each 
phase of the planning effort. Input at the outset was obtained through 
a Request for Information published in the Federal Register in August 
2008, posted on our web site, and announced through a broad 
distribution to the community. This input and discussions by the NITRD 
strategic planning team were used to define an initial conceptual 
framework for the plan. Input on this conceptual framework was obtained 
at a public, webcast forum held in February 2009. The input we have 
received has been excellent and we are using this to significantly 
revise the framework and develop draft text for public comment in June/
July 2009. Depending on the nature of the comments, we may either go 
forward with a final version--if minor revisions are required--or re-
release for public comment--if major revisions are needed.

Question 2. ``Please describe the current responsibilities and 
activities of the National Coordination Office (NCO). How do these 
responsibilities and activities compare to the responsibilities and 
activities required for the NCO in the legislation? In particular, how 
has the NCO responded to the 2007 PCAST recommendation for improved 
communication with and outreach to outside groups?''

    The PCAST concluded that the NCO had been ``effective'' in its 
support of the NITRD Program. I believe that the main areas of the 
NCO's effectiveness are in its role as:

          The focal point for coordination and policy 
        development for the Federal NITRD Program, facilitating the 
        various Program elements (e.g., CGs and IWGs) and activities 
        and fostering collaboration among federal agencies, university 
        researchers, industry, and other members of the IT community.

          A source of timely, high-quality, technically 
        accurate, in-depth information on IT R&D accomplishments, new 
        directions, and critical challenges that IT leaders, policy 
        makers and the public can use to maximize social and economic 
        benefits.

          A team of technically expert, service-oriented 
        professionals committed to advancing the mission of the NITRD 
        Program.

    The categories of activities the NCO supports are:

          Logistical/staff and expert technical support for 
        regular meetings of the IWGs and CGs

          Expert technical and professional writing support for 
        the annual NITRD supplement to the President's budget

          Logistical/staff and expert technical support for 
        annual planning meetings of the PCAs to assess progress and 
        identify priorities and activities for the coming year

          Logistical/staff, expert technical, and professional 
        writing and graphics support for task groups and others 
        developing federal reports and strategic plan documents for IT 
        R&D includes support for the Senior Steering Group developing 
        coordination and leap-ahead plans for the Federal Comprehensive 
        National Cybersecurity Initiative (CNCI)

          Expert technical and management support for 
        procurement, management, and oversight of contracted studies, 
        reviews, and reports

          Logistical/staff, expert technical, and professional 
        writing support for public and government workshops and other 
        meetings

          Expert outreach through participation in appropriate 
        government and non-government meetings and workshops and on-
        site visits to industrial, academic, and non-profit entities

          Expert outreach through response to requests for 
        information from corporate, academic, international, and other 
        inquirers

          Liaison between the NITRD Program and OSTP and OMB on 
        NITRD issues.

    A 2008 self-study of a 20-month period revealed that in an average 
month the NCO: supports more than seven IWG, CG and community of 
practice meetings; supports an average of one and a half workshops; 
participates in one workshop; supports two writing projects; and 
supports two studies or reviews.
    In 2008, more than 350 government employees participated in NCO-
supported NITRD events. Highlights for the past 12 months include 
producing the President's Budget Supplement, creating the coordination 
and leap-ahead plans for the CNCI effort, publishing the Federal Plan 
for Advanced Networking Research and Development and the High 
Confidence Medical Devices reports, producing a lessons-learned report 
for PCAST, launching an SRI study of the IT education/workforce 
landscape, publishing four requests for information (RFIs) in the 
Federal Register for public input to the NITRD strategic plan and the 
CNCI cyber leap year activities, and conducting a webcast public forum 
for input to the NITRD strategic plan.
    This range of activities and responsibilities is similar to that 
envisioned in the Committee's draft 2009 NITRD legislation with the 
exception of two areas: coordination with State IT R&D activities and 
coordination of the proposed task force.
    In its 2007 assessment, the PCAST recommended that the NCO 
``develop and implement a plan for supporting the development, 
maintenance, and implementation of the NITRD strategic plan and R&D 
plans.'' In response, NCO supported a two-day kickoff retreat for 
strategic planning by the NITRD community and supports bimonthly 
meetings of the NITRD strategic planning team. The team issued an RFI 
for public input in August 2008, developed a conceptual framework for 
the plan based on this input, conducted a webcast public forum for 
input on the framework, is now organizing a forum of government 
participants for similar input, and is entering the writing phase to 
produce text for public comment. Similar support for the roadmapping 
process is planned for the second half of this calendar year.
    The PCAST recommendation also provided that NCO should develop 
plans for supporting the ``planning and coordination of larger, longer-
term multi-disciplinary projects; greater interaction with academia, 
industry, and international entities; the planning of national 
workshops and preparation of workshop reports; and overall improved 
communication with NITRD NCO stakeholders.'' We have launched an all-
hands effort to develop the first-ever NCO strategic plan to address 
the responsibilities that are appropriate for the NCO. The plan will be 
shared with the NITRD community, with NSTC, OSTP, and OMB, and then 
with the public. I have set a deadline of October 1, 2009 for 
completing this NCO plan.

Comments on draft NITRD 2009 legislation

    We greatly appreciate the Committee's interest in NITRD and its 
continuing efforts to strengthen the Program. We share your commitment 
to the success of the NITRD enterprise. In the spirit of shared goals, 
we would like to offer a few comments intended to be helpful as the 
Committee considers legislation. Since the Administration is still in 
the process of formulating its research and development priorities, it 
would be premature for me to comment in detail on the relative 
priorities implied in the draft legislation. Therefore, my comments 
below focus on the organizational elements of the draft legislation.

a) Scope of the Program
    The Program's founding legislation, the High-Performance Computing 
Act of 1991, focused principally on high-performance computing and 
networking. This focus was reflected in the extensive use of the phrase 
``high-performance computing'' throughout. Subsequent amending 
legislation significantly broadened the scope of the Program and 
facilitated rebalancing of the portfolio. While these previous 
amendments (and the current draft) redefined the meaning of the phrase 
``high-performance computing,'' the phrase itself remains embedded in 
the text. As a result, a reader not attentive to special definitions 
and, instead, relying on the common meaning of the phrase may be 
misled. For example, Section 101(b)(1) (Advisory Committee) describes 
``an advisory committee on high-performance computing.'' If the words 
are misinterpreted, the resulting committee may be too narrowly focused 
to serve the intended function.
    We respectfully request that the Committee consider replacing the 
phrase ``high-performance computing'' with ``networking and information 
technology'' wherever appropriate throughout the text in order to 
clarify current legislative intent.

b) Cyber-physical systems
    As evidenced in my description above of our extensive cyber-
physical systems efforts, the NITRD agencies are seriously engaged in 
this area. Significantly, however, we feel that cyber-physical systems 
are best addressed in the context of a balanced portfolio.
    Because the scientific basis of networking and information 
technology is inherently multi-disciplinary, the more complex the IT 
systems, the greater the number of cross-cutting technical issues. 
NITRD's strength is that its research areas are not so narrowly focused 
that topics become isolated. Each PCA includes many interrelated 
subject matters, and a number of these--multi-dimensional modeling, for 
example, or system inter-operability--are shared interests across the 
PCAs. Such interests often lead to collaborative planning activities 
and/or research projects drawing diverse technical contributions from 
different PCAs. For example, the National Security Agency (NSA) is an 
active participant in the HCSS workshop series, not due to a focus on 
cyber-physical systems per se, but rather on the design, certification, 
and operation of extremely secure and reliable software and systems; 
for NSA, cyber-physical systems represent one instantiation of 
technology with requirements it cares about.

c) Advisory Committee
    We believe that to perform its function the proposed advisory 
committee should:

        (1)  be charged with providing strategic advice and not just 
        Program assessment;

        (2)  possess deep technical expertise relevant to the full 
        range of NITRD areas; and

        (3)  be in position to provide advice to the President.

    The first of these criteria could be addressed in the draft 
legislation by adding to the current list of advisory committee 
responsibilities the strategic functions currently referenced elsewhere 
in the draft text. The second and third could be met by chartering the 
advisory committee as a subcommittee to PCAST.

d) Large-scale research in areas of national interest
    The NITRD strategic planning process is explicitly designed to 
target PCAST recommendations on portfolio balance and emphasis areas 
such as large-scale, long-term, and high-risk investments. However, we 
believe this emphasis area is best considered in the context of the 
full scope of the NITRD Program. In particular, investments that meet 
the relevant criteria should be considered across all of the PCAs and 
should be complementary to and supportive of other investments being 
made by the NITRD agencies and by others throughout the IT R&D 
landscape.
    The draft legislation also provides that ``projects shall be 
carried out by a collaboration of no fewer than two agencies 
participating in the Program.'' This could be interpreted to exclude 
large-scale investments by any single NITRD agency or through 
partnerships between a NITRD agency and any non-NITRD entity. This may 
not be the intention of the Committee and clarification of the 
Committee's intent would be very helpful.
    Thank you for your interest in NITRD, your work on the 
reauthorization legislation, and for the opportunity to appear before 
you today. We look forward to working with you to strengthen the NITRD 
Program.






                   Biography for Christopher L. Greer

    Dr. Chris Greer is Director of the National Coordination Office 
(NCO) for the Networking and Information Technology Research and 
Development (NITRD) program. The NCO reports to the Office of Science 
and Technology Policy within the Executive Office of the President. Dr. 
Greer is on assignment to the NCO from his position as Senior Advisor 
for Digital Data in the NSF Office of Cyberinfrastructure. He recently 
served as Executive Secretary for the Long-lived Digital Data 
Collections Activities of the National Science Board and is currently 
Co-Chair of the Interagency Working Group on Digital Data of the 
National Science and Technology Council's Committee on Science. He is 
also a member of the Advisory Committee for the National Archives and 
Records Administration's Electronic Records Archive and a member of the 
Digital Library Council of the Federal Depository Library Program.
    Dr. Greer received his Ph.D. degree in biochemistry from the 
University of California, Berkeley and did his postdoctoral work at 
CalTech. He was a member of the faculty at the University of California 
at Irvine in the Department of Biological Chemistry for approximately 
18 years where his research on gene expression pathways was supported 
by grants from the National Science Foundation, the National Institutes 
of Health, and the American Heart Association. During that time, he was 
founding Executive Officer of the RNA Society, an international 
professional organization.

    Chair Gordon. Thank you, Dr. Greer, and we are glad the 
guys that get the work done are here today too.
    Dr. Lee.

STATEMENT OF DR. PETER LEE, INCOMING CHAIR, COMPUTING RESEARCH 
    ASSOCIATION (CRA); PROFESSOR AND HEAD, COMPUTER SCIENCE 
             DEPARTMENT, CARNEGIE MELLON UNIVERSITY

    Dr. Lee. Good morning, Mr. Chairman, Ranking Member Hall 
and other Members of the Committee. Thank you for this 
opportunity to comment on the NITRD program. My name is Peter 
Lee. I am, as you mentioned, the Head of the Computer Science 
Department at Carnegie Mellon University. I am also the 
incoming Chair for the Board of Directors of the Computing 
Research Association, which is the key representative 
organization for over 30 industry labs and government 
organizations and 225 academic institutions in computing 
research.
    You mentioned the symposium last week, Computing Research 
that Changed the World. I had the great privilege to attend 
that symposium, which was co-sponsored by several Members of 
your committee. It was a fantastic showcase for about 20 years 
of past advances in IT research, advances that have really 
touched every part of our lives, advanced our economy and 
enabled innovation in a multitude of scientific and engineering 
fields such as mapping human genome, creating the World Wide 
Web and Google and even now digitizing the world's books so 
everyone can access them. For all these past successes, what I 
found most exciting was that we are still in our infancy. We 
are on the cusp of major new advances in media and 
communication technologies, new tools for managing energy and 
the environment and new technologies for improving health care. 
The pace of innovation is really breathtaking.
    Looking ahead, the question that enters my mind is, who 
will lead in future innovations. Today many countries are 
investing heavily in facilities, education and research in 
network and information technology. Consider, for example, the 
emerging field of cyber-physical systems that you had mentioned 
in your opening remarks. This is the science of computing 
systems tightly integrated with the physical world, and this 
promises to enable new advances in transportation, medicine and 
many other areas, even consumer products such as toys. It is no 
secret that the Europeans today are investing heavily, many 
billions of dollars, in fact, in cyber-physical systems today. 
We here look to industry but industry is not able to support 
the kind of speculative research in such emerging areas to the 
level that is necessary. Thus, your support, our government's 
support for this type of research, as the NITRD program is 
designed to provide, is crucial for remaining competitive. 
Given the strong track record of university and industry 
partnerships in information technology, I am confident that 
these investments will be paid back many times over.
    The current legislation thankfully strengthens the NITRD 
program by addressing many of the key recommendations in the 
2007 PCAST assessment. I applaud this. However, I still think 
that there are major challenges, particularly for university-
based IT research. I would like to address just a couple of 
them with you today.
    First, today, a staggering 86 percent of all academic 
computer science research funding comes from the National 
Science Foundation. As my written testimony explains, the lack 
of a broader base of agency support leads to several problems 
including making researchers less likely to propose the kinds 
of high-risk, high-return, multi-disciplinary research that we 
all recognize as necessary. I therefore recommend achieving a 
broader base of support for our university-based research by 
urging more agencies to take greater responsibility for 
advancing both fundamental and multi-disciplinary IT research.
    Second, the PCAST assessment recommends that NITRD 
encourage innovation and risk taking, and in fact, the 
legislation encourages this by promoting both large-scale and 
multi-disciplinary research. I would also like to urge the 
agencies to develop patience, the patience for long-term, 
sustained and stable funding. This will be key to re-energizing 
high-risk innovative proposals.
    And then finally, an area that deserves special mention is 
the pipeline of talent in information technology. Simply put, 
we are not attracting enough good people into the field. This 
problem is particularly acute with women and under-represented 
minorities. In my written testimony, I offer several 
recommendations from the computing research community that 
would bring a federal focus to issues in computer science 
education at the K-12 level and this would enable emerging 
concepts in computational thinking to make their way into the 
education of all Americans.
    So in summary, network and information technology research 
and development is a field full of amazing opportunities and is 
a cornerstone for our future competitiveness. By encouraging 
broader agency support and stable, long-term university-based 
research support along with a healthy pipeline of talent, we 
can ensure U.S. leadership into the future.
    Mr. Chair, Members of the Committee, thank you for this 
opportunity to address the NITRD program. My written testimony 
includes many more details about the points I have raised here 
as well as answers to the questions you have posed in writing. 
Thank you for your time and attention.
    [The prepared statement of Dr. Lee follows:]

                    Prepared Statement of Peter Lee

    Good morning, Mr. Chairman and Members of the Committee. Thank you 
for this opportunity to comment on the proposed changes to the research 
content, planning, and implementation mechanisms of the Networking and 
Information Technology Research and Development (NITRD) program. I am 
Peter Lee, incoming Chair of the Board of Directors for the Computing 
Research Association (CRA). The CRA is widely recognized by the U.S. 
computing research community as its representative organization, with a 
membership of over 225 academic institutions, 30 government and 
industrial laboratories, and the leading professional societies in the 
computing field.
    I have been actively involved in computing research for the past 22 
years as a Professor at Carnegie Mellon University. Today I am the 
Department Head for Carnegie Mellon's Computer Science Department. I am 
also the Vice-Chair of the DARPA Information Science and Technology 
(ISAT) advisory board; a member of the National Research Council's 
Computer Science and Telecommunications Board (CSTB); and a member of 
the CRA's Computing Community Consortium (CCC).
    On March 25, 2009, I had the great privilege to participate in a 
special symposium held at the Library of Congress entitled, Computing 
Research that Changed the World: Reflections and Perspectives,\1\ which 
was organized by the CCC and co-sponsored by several Members of your 
committee. The symposium, which was attended by members of academia, 
industry, and the government, reviewed the past two decades of ``game-
changing'' advances in networking and information technology 
(henceforth referred to as ``IT'') and provided a forum for discussing 
how to foster these kinds of advances into the future. The 
presentations and discussions at the symposium made clear the 
astonishing importance of IT research:
---------------------------------------------------------------------------
    \1\ The symposium web site can be found at http://www.cra.org/ccc/
locsymposium.php

          Advances in IT are transforming all aspects of our 
        lives. Virtually every human endeavor today has been touched by 
        information technology, including commerce, education, 
        employment, health care, energy, manufacturing, governance, 
        national security, communications, the environment, 
---------------------------------------------------------------------------
        entertainment, science, and engineering.

          Advances in information technology are driving our 
        economy. IT research has shown an extraordinary ability to 
        create transferable technologies, resulting in remarkable 
        growth in the industrial IT sector over the past two decades. 
        The impact of IT research on the Nation's industrial base is 
        not restricted to just the IT sector; information technology 
        has been a driver for economic growth in nearly every sector, 
        since every industry is now ``powered'' by advances in IT. 
        Recent analysis suggests that the remarkable economic growth 
        the U.S. experienced between 1995 and 2002 was spurred by an 
        increase in productivity enabled almost completely by factors 
        related to IT.\2\ The processes by which advances in 
        information technology enable productivity growth, enable the 
        economy to run at full capacity, enable goods and services to 
        be allocated more efficiently, and enable the production of 
        higher quality goods and services are now well understood.\3\
---------------------------------------------------------------------------
    \2\ Jorgenson, Dale W., Mus S. Ho, and Kevin J. Stiroh. 
Productivity, Volume 3: Information Technology and the American Growth 
Resurgence. MIT Press. 2005.
    \3\ Atkinson, Robert D., Andrew S. McKay. Digital Prosperity: 
Understanding the Economic Benefits of the Information Technology 
Revolution. Information Technology and Innovation Foundation. 2007. 
http://www.itif.org/files/digital-prosperity.pdf

          Advances in information technology are enabling 
        innovation in all other fields. In business, advances in IT are 
        giving researchers powerful new tools, enabling small firms to 
        significantly expand R&D, boosting innovation by giving users 
        more of a role, and letting organizations better manage the 
        existing knowledge of its employees.\4\ In science and 
        engineering, advances in IT are enabling discovery across every 
        discipline - from mapping the human brain to modeling climatic 
        change. Researchers, faced with research problems that are ever 
        more complex and interdisciplinary in nature, are using IT to 
        collaborate across the globe, and to collect, manage, and 
        explore massive amounts of data.
---------------------------------------------------------------------------
    \4\ Jorgenson, Dale W., Mus S. Ho, and Kevin J. Stiroh. 
Productivity, Volume 3: Information Technology and the American Growth 
Resurgence. , pp. 46-48. MIT Press. 2005.

    The most exciting aspect of the Computing Research that Changed the 
World symposium was that it showed that networking and information 
technology is still in its infancy. In all likelihood, the most 
important advances in IT are still ahead of us. We are on the cusp of 
new media and communication technologies, new tools for managing our 
energy and environment, new technologies for improving health care, and 
even entirely new paradigms for scientific discovery. Worldwide there 
appears to be no slowdown in the pace of innovation, the production of 
new ideas, and the discovery of additional opportunities to advance the 
economy and improve the quality of life for all people through IT.
    Several months ago, the National Academy of Engineering unveiled 14 
Grand Challenges for Engineering for the 21st century.\5\ The majority 
of these--the majority of the ``Grand Challenges'' for all of 
engineering--have either substantial or predominant information 
technology content:
---------------------------------------------------------------------------
    \5\ http://www.engineeringchallenges.org/

---------------------------------------------------------------------------
          Secure cyberspace

          Enhance virtual reality

          Advance health information systems

          Advance personalized learning

          Engineer better medicines

          Engineer the tools of scientific discovery

          Reverse-engineer the brain

          Prevent nuclear terror (to a great extent a sensor 
        network and data mining problem).

    And there are many more information technology challenges of 
equally high impact:

          Empower the developing world through appropriate 
        information and communication technology

          Revolutionize transportation safety and efficiency

          Build truly scalable computing systems, and devise 
        algorithms for extracting knowledge from massive volumes of 
        data

          Engineer advanced ``robotic prosthetics'' and, more 
        broadly, enhance people's quality of life

          Instrument your body as thoroughly as your automobile

          Engineer biology (synthetic biology)

          Revolutionize our electrical energy infrastructure: 
        generation, storage, transmission, and consumption

          Achieve quantum computing.

    It is impossible to imagine afield with greater opportunities to 
change the world.
    For me, the inescapable conclusion is that leadership in 
information technology is essential to the Nation. Today, many 
countries are investing heavily in facilities, education, and research 
in IT. Industry today is not providing support for long-term, 
speculative research; hence, government coordination and sponsorship 
research is the foundation for maintaining our leadership.
    It is against this backdrop that I would now like to consider the 
four questions you have asked me to address here today.

Question 1: Does the legislation ensure that the NITRD program is 
positioned to help maintain U.S. leadership in networking and 
information technology? What are the research community's needs for 
this program and are they adequately addressed?

    Advances in networking and information technology enable advances 
in science, economic growth, and quality of life. A key element of the 
NITRD program involves fostering communication and coordination across 
thirteen federal agencies where IT is relevant, thereby creating a 
diverse ecosystem for IT R&D spanning across many areas. The current 
legislation strengthens the program by addressing several key 
recommendations from the 2007 assessment of the NITRD program by the 
President's Council of Advisors on Science and Technology (PCAST).\6\
---------------------------------------------------------------------------
    \6\ President's Council of Advisors on Science and Technology. 
Leadership Under Challenge: Information Technology R&D in a Competitive 
World. 2007. http://www.ostp.gov/pdf/nitrd review.pdf
---------------------------------------------------------------------------
    While the coordination provided by NITRD has proven effective, 
adequate funding diversity for IT research in universities has proven 
to be quite challenging. Over the past twenty years, two federal 
agencies have been dominant in university-based IT research: the 
National Science Foundation (NSF) and the Defense Advanced Research 
Projects Agency (DARPA). Most of the other NITRD agencies--for example, 
the National Oceanic and Atmospheric Administration (NOAA), the 
National Aeronautics and Space Administration (NASA), the Department of 
Energy (DOE), and the National Institutes of Health (NIH)--have 
invested far less in university-based IT research, choosing instead to 
leverage the NSF and DARPA efforts. IT research would be strengthened 
by urging agencies such as NIH, DOE, and DHS to take greater 
responsibility for advancing IT in areas specifically relevant to their 
missions, particularly via university-based research.
    Furthermore, for academic IT research, policies at DARPA have left 
NSF standing largely alone. Frequent ``go/no-go'' program reviews and 
an overly aggressive approach to security classification have greatly 
reduced our leadership in the IT area and limited the DOD's access to 
the best minds in the country. The overall effect is the significant 
reduction in university participation in DARPA IT programs. Indeed, 
today NSF provides 86 percent of the federal support for academic 
research in computer science,\7\ a far greater proportion than for any 
other field.
---------------------------------------------------------------------------
    \7\ National Science Foundation. FY 2008 Budget Request to 
Congress. 2007. http://www.nsf.gov/about/budget/fy2008/pdf/
EntirePDF.pdf




    In my own analysis of the situation,\8\ the dramatic reduction of 
DARPA from the IT R&D ecosystem has had several a damaging effects. To 
a significant extent, increases in NSF funding for IT research at the 
start of this decade merely offset decreased DARPA academic engagement, 
thereby diminishing the possibilities for transformative impact of that 
funding. Coupled with increased competition for research funding, many 
researchers have become more risk averse. Increasing participation by 
DARPA or another agency in university-based research in fundamental IT 
would strengthen IT research in all agencies. This would provide 
greater leverage for increases in IT investments in NSF, NIH, DOE, and 
other agencies. Furthermore, the traditional DARPA model of higher-risk 
ventures within the context of focused program objectives provided a 
unique set of strategic advantages - an important feature of a strong 
R&D ecosystem.
---------------------------------------------------------------------------
    \8\ Peter Lee and Randy Katz. Re-envisioning DARPA. CCC whitepaper. 
http://www.cra.org/cec/initiatives.php

Question 2: Does the legislation address the key recommendations of the 
recent PCAST assessment for making the NITRD program more effective and 
more relevant to the research needs and opportunities in information 
---------------------------------------------------------------------------
technology?

    I am encouraged that the draft addresses many key recommendations 
of the 2007 PCAST assessment. I believe the provisions of that 
assessment will certainly make the NITRD program more effective in 
meeting the needs and opportunities in networking and information 
technology R&D. The PCAST assessment noted that the most critical need 
is to ``rebalance the NITRD investment portfolio to include more long-
term, large-scale, multi-disciplinary IT R&D.'' In this respect, the 
explicit focus on supporting such large-scale multi-disciplinary 
research is greatly welcomed. However, it is equally important to 
maintain strong investments in core IT research, in balance with multi-
disciplinary research. As we learned at the symposium on Computing 
Research that Changed the World, strength in multi-disciplinary 
research is based on a foundation of strong core research. To the 
extent that core research activities are often conducted by single 
investigators or small groups, this also implies a balance between 
large-scale and small-scale efforts.
    The legislation includes cyber-physical systems (CPS) research and 
development, as recommended in the PCAST assessment. One can observe 
that many of the grand research challenges listed earlier involve a 
deep embedding, coordination, and control of networking and information 
technologies with the physical world, making it clear that CPS is 
indeed an emerging area of opportunity. It is critical that the 
legislation is phrased to reflect the full breadth CPS. CPS pertains 
not just to man-made devices, but to any IT-enabled combination of 
physical sensing and actuation devices in the real world.
    One of the most important recommendations of the PCAST assessment 
pertains to the oversight and review of NITRD investment and 
accountability against the program's strategic plan. Specifically, the 
legislation specifies the re-establishment of the President's 
Information Technology Advisory Committee (PITAC), functioning as a 
separate Presidential advisory committee of academic and industry 
leaders. As Daniel Reed testified before this committee in 2008, ``an 
independent PITAC is needed that can devote the time, energy, and 
diligence to ongoing assessment of successes, challenges, needs and 
opportunities in information technology.'' In such a fast-moving field 
offering so many opportunities for university-industry partnerships, 
such focused oversight is crucial for maximizing the payoff of NITRD 
investments.

Question 3: Are there key research gaps or program management concerns 
not covered in this legislation? Are the mechanisms for industry and 
academic input into the planning process sufficient?

    The legislation encourages large-scale, multi-disciplinary 
research. It is equally important to have a renewed emphasis on long-
term research, through sustained, stable funding, is critical for re-
energizing high-risk, high-impact proposals. As the National Research 
Council's ``tire tracks'' figure shows,\9\ there can be long incubation 
periods for game-changing technologies. Providing the ``patience'' for 
such incubation is a key function of the NITRD program. As the 2007 
PCAST assessment recommends, NITRD should ``rebalance our research 
portfolio to encourage greater innovation and risk taking.''
---------------------------------------------------------------------------
    \9\ National Research Council. Innovation in Information 
Technology. National Academies Press. 2003. http://www.nap.edu/
catalog.php?record-id=10795&page=5
---------------------------------------------------------------------------
    Another area of emerging need and opportunity is cyber security, as 
pointed out in a 2005 report from the President's Information 
Technology Advisory Committee\10\ and, more recently, in a 2009 report 
from the Government Accountability Office.\11\ Addressing the Nation's 
pressing needs in cyber security will require a broad, coordinated 
effort. Agencies such as DARPA that have invested significantly in 
cyber security can play a key role by broadening to the larger academic 
research community, thereby achieving what PITAC referred to as 
``fundamental research on civilian cyber security.'' To first 
approximation, aside from NSF the funding for cyber security research 
at universities has been too modest relative to the threats that the 
Nation faces. I suggest that an explicit focus on cyber security that 
coordinates the efforts of multiple agencies and enables full 
participation by academia should be considered.
---------------------------------------------------------------------------
    \10\ President's Information Technology Advisory Committee. Cyber 
Security R&D: A Crisis of Prioritization. 2005. http://www.nitrd.gov/
pitac/reports/20050301-cybersecurity/cybersecurity.pdf
    \11\ General Accountability Office. National Cybersecurity 
Strategy: Key Improvements Are Needed to Strengthen the Nation's 
Posture. GAO-09-432T, March 10, 2009, http://www.gao.gov/products/GAO-
09-432T
---------------------------------------------------------------------------
    An area that deserves special attention, as pointed out in the 2007 
PCAST assessment, is to increase the pipeline of talent in IT to meet 
both the demands of industry as well as future IT research, with a 
particular focus on women and under-represented groups. Simply put, 
today we are not attracting enough people into computing education and 
careers, and this problem is particularly acute with under-represented 
groups. Recently, in a letter written by the ACM and joined by CRA and 
the National Center for Women & Information Technology, we urged that 
this crucial talent pipeline be strengthened by expanding and 
coordinating existing efforts within the NITRD program. We believe this 
can be done in ways that also gain better leverage for these efforts. 
Four specific recommendations were:

          Promote computing education, particularly at the K-12 
        level, and increased exposure to computing education and 
        research opportunities, especially for women and minorities as 
        core elements of the NITRD program;

          Require the NITRD program to address education and 
        diversity programs in its strategic planning and roadmapping 
        process;

          Expand efforts at the National Science Foundation 
        (NSF) to focus on computer science education, particularly at 
        the K-12 level through broadening the Math Science Partnership 
        program; and,

          Enlist the Department of Education and its resources 
        and reach in addressing computer science education issues.

    Each of these recommendations would bring a federal focus to issues 
in computer science education at the K-12 level, enabling emerging 
concepts in ``computational thinking'' to make their way into the 
education of all Americans.

Question 4: Does the legislation effectively implement the PCAST 
recommendation for support of large-scale, multi-disciplinary research 
and development projects? What are the most appropriate mechanisms to 
undertake these projects? Are the requirements for these projects 
sufficient to encourage industry/university partnerships?

    It is encouraging to see that the legislation explicitly recognizes 
the importance of large-scale, multi-disciplinary research and 
development projects, and provides for direct support for such 
activities. Key to the role that IT plays in enabling innovation is the 
role of the IT R&D ecosystem that enables innovation. A 1995 study by 
the National Research Council\12\ describes the ``extraordinarily 
productive interplay of federally funded university research, federally 
and privately funded industrial research, and entrepreneurial companies 
founded and staffed by people who moved back and forth between 
universities and industry.'' That study, and a subsequent 1999 report 
by the President's Information Technology Advisory Committee\13\ 
,emphasized the ``spectacular'' return on the federal investment in 
long-term IT research and development. Indeed, a 2003 NRC study\14\ 
identified 19 multi-billion-dollar IT industries--industries that are 
transforming our lives and driving our economy--that were enabled by 
federally sponsored research.\15\ This year, National Research Council 
completed a study on Assessing the Impacts of Changes in the IT R&D 
Ecosystem.\16\ The study makes four recommendations:
---------------------------------------------------------------------------
    \12\ National Research Council. Evolving the High-Performance 
Computing and Communications Initiative to Support the Nation's 
Information Infrastructure. National Academies Press. 1995. 
http:;%www.nap.edu/catalog.php?record-id=4948
    \13\ President's Information Technology Advisory Committee. 
Information Technology Research: Investing in Our Future. 1999. http://
www.nitrd.gov/pitac/report/pitac-report.pdf
    \14\ National Research Council. Innovation in Information 
Technology. National Academies Press. 2003. http://www.nap.edu/
catalog.php?record-id=10795
    \15\ See http://books.nap.edu/
openbook.php?record-id=10795&page=5
    \16\ See http://books.nap.edu/
openbook.php?record-id=12174&page=R1

        1.  Strengthen the effectiveness and impact of federally funded 
---------------------------------------------------------------------------
        IT research.

        2.  Remain the strongest generator of and magnet for technical 
        talent.

        3.  Reduce friction that harms the effectiveness of the U.S. IT 
        R&D ecosystem, while maintaining other important political and 
        economic objectives.

        4.  Ensure that the US has an infrastructure for 
        communications, computing, applications, and services that can 
        enable U.S. IT users and innovators to lead the world.

    Significant progress towards encouraging large-scale, multi-
disciplinary research this can be obtained by launching a second 
Information Technology Research (ITR) program in the NSF CISE 
Directorate, as recommended in the 2007 PCAST assessment. Between FY 
2000 and FY 2004, the original ITR program added $218 million to what 
is today (FY 2008) an NSF CISE budget of $535 million which constitutes 
86 percent of the federal support for academic research in computer 
science. (ITR also added $77 million to other Directorate's budgets.) 
ITR was managed as a distinct program, and had a particularly important 
impact in encouraging longer-term, larger-scale, multi-disciplinary IT 
R&D focused on areas of particular opportunity.
    In summary, networking and information technology research and 
development is the cornerstone of America's future infrastructure and 
economic competitiveness. By

        a.  encouraging broader agency support for advancing IT R&D,

        b.  restoring investment in long-term, stable university-based 
        research in IT,

        c.  balancing core and multi-disciplinary research activities,

        d.  increasing the pipeline of IT talent, especially from 
        under-represented groups,

        e.  bringing federal focus to K-12 computer science education, 
        and

        f.  launching a second NSF ITR program,

we can ensure U.S. leadership in IT R&D and contribute real solutions 
to many of the challenges facing our nation today. Federal investments, 
as enabled by the NITRD program, are paid back many times as the 
field's ability to create effective university-industry partnerships 
and transferable technologies has shown time and again. The proposed 
legislation makes much-needed changes to the NITRD program and will 
help us meet many of the challenges facing us today. In order for the 
U.S. to remain the world's leader, further improvements will be needed; 
the proposed legislation makes a good first step.
    Mr. Chairman, thank you and this committee for your interest in the 
future of the NITRD program and its importance to innovation and U.S. 
competitiveness. Thank you for your time and attention. At the 
appropriate time, I would be pleased to answer any questions you might 
have.






                        Biography for Peter Lee

    Peter Lee is the head of the Computer Science Department at 
Carnegie Mellon University. He joined the CMU faculty in 1987, 
immediately after completing his doctoral studies at the University of 
Michigan.
    Peter Lee is an active researcher, educator, administrator, and 
servant to the academic community. His research contributions lie 
mainly in areas related to the foundations of software reliability, 
program analysis, security, and language design. He has published 
extensively in major academic journals and international symposia, with 
several of his papers receiving ``test of time'' awards for their 
seminal contributions to the field. Peter Lee is the recipient of 
several research awards, including the ACM SIGOPS Hall of Fame Award, 
for the seminal contribution of ``proof-carrying code'' in computer 
systems research. He is an elected fellow of the Association for 
Computing Machinery.
    As the head of the Computer Science Department, Peter Lee oversees 
one of the top computing research organizations in the world. In 
addition to its substantial research program, the department offers 
highly rated doctoral and undergraduate programs in computer science, 
with the Ph.D. program consistently ranked among the top in the U.S. 
Prior to assuming his current position, Dr. Lee was briefly the Vice 
Provost for Research. In this role, he provided administrative 
oversight and strategic guidance for the university's research 
activities, an enterprise that exceeds $400M in annual expenditures. 
From 2000 to 2004, Peter Lee was the Associate Dean for undergraduate 
programs in the School of Computer Science. During this period, Dr. Lee 
shepherded the rise of Carnegie Mellon's undergraduate computer science 
programs to national prominence, including a #2 ranking in the Gourman 
Report and a six-fold increase in the number of women enrolled.
    Peter Lee is dedicated servant to the computing community. He is 
the incoming Chair of the Board of Directors of the Computing Research 
Association and chairs it's Government Affairs Committee. He also sits 
on the CRA's Education Committee. He is a member of the Computing 
Community Consortium Council, the National Research Council's Computer 
Science and Telecommunications Board, and the Defense Research Projects 
Agency's Information Science and Technology Board (where he is the 
Vice-Chair). Dr. Lee is called upon as an expert in diverse venues, 
including distinguished lectures at major universities, memberships on 
senior government advisory panels, corporate and university advisory 
boards, and court testimony (such as the Sun v. Microsoft ``Java 
lawsuit''). He maintains the CSDiary weblog.

    Chair Gordon. Thank you, Dr. Lee.
    And now we will hear from Dr. Estrin.

STATEMENT OF DR. DEBORAH ESTRIN, DIRECTOR, CENTER FOR EMBEDDED 
NETWORKED SENSING; PROFESSOR OF COMPUTER SCIENCE AND ELECTRICAL 
       ENGINEERING, UNIVERSITY OF CALIFORNIA, LOS ANGELES

    Dr. Estrin. Thank you, Chairman Gordon and Ranking Member 
Hall for inviting me as well to testify before your committee 
on this important legislation. I am a Professor of Computer 
Science and Electrical Engineering at UCLA and the Founding 
Director of an NSF-funded multi-disciplinary Science and 
Technology Center for Embedded Networked Sensing, CENS, which 
was established in 2002. CENS' research agenda falls under the 
umbrella of cyber-physical systems.
    After reviewing the NITRD legislation as requested, I 
concluded strongly that the bill addresses the key 
recommendations of the PCAST assessment and in the process 
addresses important needs of networking and information 
technology research communities. Moreover, the focus on cyber-
physical systems will have an impact that extends into the 
country's commercial leadership, into the sciences and into 
public policy. In these oral comments I will emphasize two 
aspects of the legislation: the nature and importance of cyber-
physical systems and the role of multi-disciplinary centers in 
realizing the research agenda.
    Technological advances of the past two decades enable us to 
combine sensing, computation and wireless communication in 
integrated devices that can then be placed in situ up close to 
physical phenomena whether embedded in engineered systems such 
as the power grids and factory floor systems where they monitor 
power consumption and indications of malfunctioning components 
or embedded in natural systems such as depleted forests and 
water resources, measuring physical and chemical parameters 
such as temperature and pollutants, or in human systems such as 
devices worn on the body monitoring activity and physiological 
indicators. Cyber-physical systems are created through a 
synthesis of technologies including embedded sensing, sensor 
actuator controls, mobile sensing as well as human-computer 
interfaces. All of these will be advanced by the proposed NITRD 
focus on cyber-physical systems research and together they will 
bring us closer to the promise of revolutionary advances in our 
management of the physical world.
    First, embedded sensing brings much needed understanding of 
physical processes and informs critical decisions. For example, 
the National Ecological Observatory Network, NEON, an MREFC 
project, is comprised of in situ sensing systems which capture 
and transmit measurements into web-based data management and 
geospatial modeling systems in real time. This powerful and 
programmable observing system will employ a broad spectrum of 
sensor types from the simplest temperature sensor to the 
highest resolution digital imagers. And it will greatly promote 
our understanding of ecosystems and thus inform critical issues 
in resource management and land-use policy.
    Second, when sensing is combined with automated actuation 
in a tight control loop, we enter a new regime in which 
physical processes can be managed and manipulated at the time 
scale of the physical phenomenon, not just at the time scale 
which human beings are able and available to react. For 
example, systems that implement precise and localized 
management of water and power resources can manage real-time 
inputs and demands on the system and make adjustments to 
resource treatment and distribution in real time.
    Third, mobile sensing presents tremendous economies to 
cyber-physical systems because by moving a sensor through an 
environment, you can achieve high spatial resolution 
measurements that are not achievable or affordable with fixed 
sensors alone. Mobility can take multiple forms, a Pan-tilt-
zoom camera for both ecological and built environments or 
human-carried devices for personalized measurements of human 
exposure and interaction.
    And fourth, most cyber-physical systems are part of larger 
systems with humans in the loop. They are designed to be used 
by humans as real-time interactive systems to inform both 
short-term and long-term decisions and actions. Moreover, the 
proximity of these systems to people raises the need to attend 
to privacy in their design, deployment and usage and this is 
another area in which government-funded research can contribute 
significantly.
    So in summary of this first of my two points of my 
testimony, the proposed support for cyber-physical systems in 
the NITRD legislation will greatly enhance our ability to 
address the design challenges of high-impact physically coupled 
systems by supporting research in robust and reusable, scalable 
and validative components, algorithms and integrated 
subsystems. It will thereby enable broad-scale, powerful and 
programmable environmental observing systems.
    I want to say a few words before closing about my second 
point, which is the role of multi-disciplinary research centers 
in realizing this vision. Multi-disciplinary research centers 
offer scope as well as scale and they require extended 
timelines in addition to increased funding. In my research 
center, CENS, the most important results have been iterative 
where we began by applying existing technology in an innovative 
manner to the application scientist observational needs and 
then based on the resulting experience identified the most 
important areas for the next phase of innovation. This style of 
work has great potential for serendipitous results where you 
end up in places you did not expect and having learned 
tremendously more in the process.
    We have also found consistently that the nature of these 
applications in this multi-disciplinary iterative work attracts 
a wider range of students. We believe this is because the 
social utility is very evident and is naturally integrated into 
the design discussions. We speculated that this social utility 
would end up appealing and attracting more women to computer 
science, for example, and we were not disappointed. Our center 
averages consistently double the percentage of women involved 
in our programs relative to the rest of the department, and 
that is 30 percent as opposed to 12 percent.
    Finally, multi-disciplinary centers can contribute 
significantly to collaborative agency programs where a 
technology creation agency could partner with a mission agency 
to help bridge the gap between funding of the basic ideas and 
early prototypes and systems that can actually be used and run 
through trials and exploration before commercialization. A good 
example of this would be a large-scale, let us say million-
person mobile sensing system that supports preventative and 
chronic health management and research. Today's mobile phones 
can easily report activity, location and prompted user input 
such as pain, diet, medication and other self-reports and such 
a project coordinated between, for example, the NSF and 
mission-oriented needs of the NIH and the CDC could prototype 
and pilot a privacy-preserving, population-scale system that 
would drive innovation in privacy and security of electronic 
health records, data analysis infusion and computer-human 
interaction while also providing unprecedented data sets and an 
experimental platform for public health and epidemiological 
studies.
    So finally in conclusion, cyber-physical systems cover a 
broad and important range of networking and information 
technologies and will be essential in meeting some of the key 
environmental, economic and quality-of-life challenges facing 
our nation and the world. A broadly focused cyber-physical 
systems research program in NITRD balanced between fundamental 
and applied projects, leveraging university, agency and 
corporate R&D efforts will go a long way towards ensuring the 
United States continues to hold a leadership position in this 
critical field.
    Thank you, Mr. Chairman, for the opportunity to provide my 
testimony on this important issue. I am pleased to answer any 
further questions you might have as you and your colleagues on 
the Committee move the legislation forward.
    [The prepared statement of Dr. Estrin follows:]

                  Prepared Statement of Deborah Estrin

Personal Introduction

    Thank you Chairman Gordon and Ranking Member Hall for inviting me 
to testify before your committee on this important legislation. I am a 
Professor of Computer Science and Electrical Engineering at UCLA, and 
the founding Director of an NSF funded Science and Technology Center 
for Embedded Networked Sensing (CENS), established in 2002. I was 
educated at MIT and experienced my early career at USC supported by the 
Defense Advanced Research Projects Agency (DARPA) and the National 
Science Foundation (NSF). During the past decade I became involved in 
multi-disciplinary work in an area that falls under the umbrella of 
cyber-physical systems. I also served on DARPA's Information Science 
and Technology Study Group (ISAT) and NSF's Computer and Information 
Science and Engineering (CISE) Advisory committees and currently sit on 
the National Research Council's Computer Science and Telecommunications 
Board (CSTB) and have participated in numerous studies over the years.
    In the invitation to testify at today's hearing, Mr. Chairman, you 
asked whether I believe the legislation you have proposed will help 
ensure the Networking and Information Technology Research and 
Development program (NITRD) is positioned to help maintain U.S. 
leadership in networking and information technology. Having reviewed 
the legislation, I believe the bill addresses the key recommendations 
of the PCAST assessment, and in the process, addresses important needs 
of networking and Information technology research communities. I also 
believe that the focus on cyber-physical systems in the legislation 
will have an impact that extends into the country's commercial 
leadership, into the sciences, and into public policy.
    In this testimony I will emphasize a few issues I think are key in 
responding to the questions you posed: cyber-physical systems; the 
importance of experimental, purpose-driven research and opportunities 
for cross-agency projects; and the importance of multi-disciplinary 
centers in realizing a research agenda and creating effective 
opportunities to attract and engage a more diverse student body in IT 
research.

The importance of NITRD and Cyber-Physical Systems

    The Computing Research Association's Computing Community Consortium 
hosted a symposium last week here on Capitol Hill, where an all-star 
cast of computer scientists reviewed the importance of information 
technology and how the advances that are now essential to science, 
government and citizens, are a direct result of federal support for 
research, particularly from NSF and DARPA. I was pleased to be invited 
to participate.
    In my session on ``Computing Everywhere,'' we focused in particular 
on how computing extends beyond the processing and sharing of knowledge 
encoded in text and numbers, to direct measurement, management, and 
manipulation of physical phenomena.
    We often hear how miniaturization and Moore's law\1\ has enabled 
the growth, proliferation and scaling of computational capabilities. 
Our computing power has become exponentially more powerful over time as 
our devices become smaller and more powerful. So the computer that once 
occupied the back room, then moved to the desktop, now fits in our 
pocket, or can be embedded in sensor rich devices.
---------------------------------------------------------------------------
    \1\ Moore's Law is the projection that the number of transistors 
that can be placed on an integrated circuit will increase 
exponentially, doubling approximately every two years, that was first 
noted by Intel Co-Founder Gordon Moore in 1965 and has held true to the 
present day.
---------------------------------------------------------------------------
    These developments enable us to combine sensing, computation and 
wireless communication in integrated devices, that can be placed in 
situ, up close to physical phenomena. Whether embedded in:

          Engineered systems such as power grids and factory 
        floor systems monitoring power consumption and indications of 
        malfunctioning components.

          Natural systems such as depleted forest and water 
        resources, measuring physical (e.g., climate) and chemical 
        (e.g., pollutants) parameters.

          Human systems such as devices worn on the human body 
        monitoring activity and physiological indicators.

    Across this wide array of applications, the ability to observe 
physical processes with such high spatial and temporal fidelity will 
allow us to create models, make predictions, and thereby manage our 
increasingly stressed physical world.
    Cyber Physical Systems are created through a synthesis of 
technologies, including: embedded sensing systems, sensor-actuator 
control, mobile sensing, and human computer interfaces. All will be 
advanced by the proposed NITRD focus on cyber-physical systems research 
and together will bring us closer to the promise of revolutionary 
advances in our management of the physical world.

          Embedded sensing brings much needed understanding of 
        processes and informs critical decisions. For example, the 
        National Ecological Observatory Network (NEON) and Ocean 
        Observing Initiative (OOI) MREFC projects are primarily 
        embedded sensing systems in that they are comprised of in situ 
        sensing systems which capture and transmit measurements into 
        web-based data-management and geospatial-modeling systems, in 
        real time. These powerful and programmable observing systems 
        will employ a broad spectrum of sensor types (from the simplest 
        temperature sensor, to highest resolution digital imagers), and 
        will greatly promote understanding of ecosystem and ocean 
        dynamics, and thus inform critical issues in resource 
        management and land use policy. Similarly, in the context of 
        observing systems for the built environment, transportation 
        related embedded sensing systems, for example, are being 
        installed along major roadways to capture real time traffic 
        information and inform real-time driving patterns and longer-
        term planning.

          When sensing is combined with automated actuation in 
        tight control loops, we enter a new regime in which physical 
        processes can be managed and manipulated at the timescale of 
        the physical phenomena, not just at the timescale on which 
        human beings are able and available to react. For example, 
        biomedical systems can measure physiological parameters and 
        based on the readings automatically adjust drug dosage (e.g., 
        insulin pump) or system function (e.g., prosthetics). 
        Similarly, systems that implement precise and localized 
        management of water and power also can measure real-time inputs 
        and demands on the system, and make adjustments to resource 
        treatment or distribution in real time.

          Mobile sensing presents tremendous economies to 
        cyber-physical systems because by moving a sensor through an 
        environment you can achieve high spatial resolution 
        measurements that are not achievable with fixed sensors. 
        Mobility takes multiple forms. Pan-tilt-zoom cameras are useful 
        in both ecological and built-environment settings. Unmanned 
        Arial Vehicles are emerging for practical use in surveying 
        natural and urban settings. Vehicle-mounted sensors on public 
        transportation vehicles, can capture data specific to traffic, 
        but more generally can take advantage of the natural coverage 
        that these vehicles provide to measure other parameters such as 
        air quality. And finally, human-carried devices offer 
        tremendous opportunity for individual and aggregate 
        measurements related to human exposure and interaction. 
        Mobility presents tremendous coverage benefits but does call 
        for more sophisticated internal operation of the system.

          Most cyber-physical systems are part of larger 
        systems with ``humans in the loop,'' operating on human 
        timescales. For example, all of the cyber-physical applications 
        described above require visualization of the observed data and 
        physical system. They are designed to be used by human users as 
        real time interactive systems to inform both short- and long-
        term decisions and actions. Moreover, in some cases, human 
        assistance and augmentation is desired to contribute additional 
        data feeds to the system that cannot be fully automated (e.g., 
        laboratory based analyses of manually-collected samples). 
        Finally, the proximity of these systems to people raises the 
        need to attend to privacy in their design, deployment and 
        usage, which is another area in which research can contribute 
        significantly.

    In summary, cyber-physical systems cover a broad and important 
range of networking and information technologies and are essential to 
meeting the key challenges facing the Nation, and the planet as a 
whole, including: the need for cleaner and more efficient 
manufacturing, transportation, and energy production and distribution; 
water treatment and conservation; personalized health management, 
treatment, and care; and preservation and recovery of key ecosystems 
and services. The proposed support for CPS in the NITRD legislation 
will greatly enhance our ability to address the design challenges of 
physically-coupled systems by supporting research in robust and 
reusable, scalable and validated components, algorithms, and integrated 
sub-systems to enable broad scale, powerful and programmable 
environmental observing systems.

Importance of federally funded research to U.S. leadership

    Federally funded research is directly responsible for today's 
technologies and the technologies we'll deploy tomorrow. Indeed, the 
development of every major sub-sector of the IT industry bears the 
stamp of federally-supported research, usually research supported at 
U.S. universities In fact, perhaps the most important aspect of 
federally supported university-led research is that it generates both 
the ideas of tomorrow and the people necessary for turning those ideas 
into reality. These are the students and researchers who generate the 
ideas that will power the innovations of tomorrow.
    One of the great success stories of federally funded research in 
information technology in my own research area has been the growth of 
entirely new sectors and phenomenally successful commercial companies 
in support of the use of computing everywhere. These are companies like 
Apple that has revolutionized the design of personal technologies, and 
Nokia that has proliferated sophisticated mobile technology around the 
world at such a rate that now there are over three billion cell phones 
and Nokia sold devices at the rate of 16 million per quarter in 2008. 
At the same time, the existence of this strong commercial sector has 
not lessened the need for federally funded research dollars. While 
these companies are spending, in some cases, considerable dollars 
investing in research and development, that investment is almost always 
focused on reasonably short-range development efforts--generally the 
next product cycle or two. Federal support, particularly at U.S. 
universities, is essential for the long-range research necessary to 
advance the field and enabling the game-changing technologies of the 
next 10-20 years.
    Even if, and that's a big if, commercial investment in R&D was high 
enough to maintain a healthy flow of new, long- and mid-term technology 
innovation, the role of federal dollars would still be essential. One 
of the reasons it is so essential to maintain a healthy investment in 
publicly funded technology research is so that issues of public good, 
which cannot always be the primary drivers in a commercial enterprise, 
can shape our technology; not to prevent commercialization and private 
investment, but rather to promote it in a form that addresses 
externalities such as open interfaces and privacy preserving 
architectures. Moreover, innovation can be focused in areas that don't 
yet have established revenue streams or business models, such as 
aspects of ecosystems science, for example.
    This research ecosystem I've described--the interplay between 
federal support for university research and commercial research and 
development efforts--has been, as the National Research Council 
declared back in 1995, ``extraordinarily productive.'' But in order to 
keep it as productive as possible, it's important to keep it as finely 
tuned as possible. Balanced ecosystems are essential in nature, in our 
diets, in our financial portfolios, and in our research. Currently our 
research ecosystem is lacking balance on both ends of the research time 
horizon. On the one hand there is a need for more basic research that 
explores foundational algorithmic capabilities. On the other hand, 
there is also a need for bold, experimental, purpose-driven research 
with discovery that comes from synthesis, problem solving and use. 
Space missions and the Internet are both excellent examples of the 
latter approach. And much of the work funded under NSF's highly 
successful Information Technology Research (ITR) program, which ran 
from 2000 to 2004, had this latter quality.
    While there is a need for far out, theoretical work that 
disconnects from constraints--indeed, the PCAST assessment concluded 
that the portfolio is currently imbalanced in favor of low-risk 
projects and that too many are small-scale and short-term efforts--
there is also a need for work that explores applying what is possible 
now but on a grand scale and to grand problems. Such projects lead 
researchers to uncover the ``interconnection between the pieces''--and 
not just between technologies, but between technology and people, and 
in the case of cyber-physical systems between technology and nature as 
well! This research offers further value added relative to commercial 
R&D when it serves non-monetized applications such as environmental 
monitoring and public health, thereby creative innovative technologies 
for the under-served markets, while providing the technologists with 
the integrative experience they can only get when their technology or 
system is deployed and used.

The role of multi-disciplinary research centers

    Multi-disciplinary research centers offer scope, as well as scale, 
i.e., extended timelines in addition to increased funding levels. 
Multi-disciplinary research, by definition, requires that you have more 
people at the table, and also produces its most important results when 
there is enough time for the collaboration to iterate and thereby 
expand on its own findings. In my research center, CENS, the most 
important results have been iterative: where we began by applying 
existing technology in an innovative manner to the application 
scientist's observational science problem, and based on the resulting 
experience identified the most important areas for the next phase of 
innovation. Two key innovations from the center came about in this 
way--the use of mobile sensing to achieve high spatial resolution, and 
the development of smart cameras as ``biological'' sensors for flora 
and fauna. It was only by engaging in this collaborative iterative 
process between the application scientists and technologists that these 
innovative solutions emerged. This style of work has great potential 
for serendipitous results where you end up in places you did not 
expect, having learned tremendously more. Through this we have 
discovered other new opportunities for addressing pressing problems--
for example, using the mobile phone as an instrument for personal and 
participatory sensing, e.g., for congestion-based pricing on highways, 
personalized and precise management of medication, and individualized 
behavior shaping to combat avoidable health care burdens such as 
obesity.
    Education opportunities also flourish in centers. At CENS we 
developed a hands-on research experience for undergraduates and high 
school students interested in the application of information 
technologies to environmental and urban sensing. We have had tremendous 
success with the program. It has been a source of innovation within the 
research agenda, and has produced excellent students, many of whom 
decided as a result to continue their studies in graduate school, and 
who are demographically more diverse than the equivalent populations in 
their local engineering schools. However, we also learned that these 
programs scale up better than they scale down. With a core of 
coordinated programming and staffing you can support a wide range of 
projects and students. However if you support only a few students, we 
found that they do not get the same structured social setting for their 
research, without generally unsustainable Inputs from the supervising 
faculty and graduate students.
    We have also found consistently that the nature of these 
applications attracts a relatively diverse student population--perhaps 
because the social utility is very self-evident and is explicitly a 
part of the design discussions. We speculated that this social utility 
would end up appealing and attracting more women and we were not 
disappointed--our CENS averages for women students are consistently 
double that of the rest of the school.
    Finally, multi-disciplinary research centers in pursuit of cyber-
physical systems and applications could contribute greatly to 
collaborative agency programs where a technology creation agency could 
partner with a mission agency to help bridge the gap between funding of 
the basic ideas and early prototypes, and systems that can actually be 
used and run through trials and exploration before commercialization:

          A good example of this would be a large scale, 
        million-person, mobile-sensing system that supports 
        preventative and chronic health management and research. 
        Today's mobile phones can easily report activity, location, and 
        prompted user input (e.g., pain, emotional state, and other 
        self-reports). Such a project, coordinated between the NSF and 
        the mission oriented needs of NIH and CDC, could prototype and 
        pilot a privacy-preserving, population-scale system that would 
        drive innovation in privacy and security of electronic health 
        records, data analysis and fusion, and human computer 
        interaction, while also providing unprecedented data-sets for 
        public health and epidemiological studies.

    Another example opportunity would be for multiple user agencies 
with overlapping needs to launch development of an innovative sensor 
type that is not being brought to market because revenue streams are 
not large enough to justify the capital investment by commercial 
enterprise.

          Development of specific sensors for environmental 
        monitoring is a good example. There is not a large enough 
        commercial market to drive development and production of 
        miniaturized, high precision, nitrate sensors for example which 
        are critical to both ground water testing systems, coastal 
        margin ecosystem health, and terrestrial ecosystem carbon cycle 
        characterization. In this case, a coordinated effort between 
        the NSF and the mission-oriented needs of EPA, USGS, NOAA, USDA 
        to develop and produce such a sensor could have significant 
        long-term ecological benefit to the country.

Conclusion

    I was pleased to see the inclusion of cyber-physical systems as an 
area of emphasis in the PCAST assessment of 2007 and I'm pleased to see 
its inclusion in the NITRD legislation under discussion today. As I 
noted above, cyber-physical systems cover a broad and important range 
of networking and information technologies and will be essential in 
meeting some of the key environmental, economic, and quality of life 
challenges facing our nation and the world. A broadly focused cyber-
physical systems research program in NITRD, balanced between 
fundamental and applied efforts and leveraging university, agency, and 
corporate research and development efforts will go a long way towards 
ensuring that the United States continues to hold a leadership position 
in this critical field.
    Thank you, Mr. Chairman, for the opportunity to provide my 
testimony on this important issue. I am pleased to answer any further 
questions you might have as you and your colleagues on the Committee 
move this legislation forward.

                      Biography for Deborah Estrin
    Deborah Estrin is a Professor of Computer Science and Electrical 
Engineering at UCLA. She holds the Jon Postel Chair in Computer 
Networks, and is Founding Director of the National Science Foundation 
funded Center for Embedded Networked Sensing (CENS). CENS' mission is 
to explore and develop innovative, end-to-end, distributed sensing 
systems, across an array of scientifically and socially relevant 
applications, from ecosystems to human systems. Estrin is currently 
exploring Mobile Personal Sensing systems that leverage the location, 
acoustic, image, and attached-sensor data streams increasingly 
available globally from mobile phones; with particular emphasis on 
human and environmental health applications and on privacy-aware 
architectures. Estrin's earlier research addressed Internet protocol 
design and scaling, in particular, inter-domain and multi-cast routing. 
She received her Ph.D. in 1985 from MIT and her BS in 1980 from UC-
Berkeley, both in EECS. Estrin currently serves on the National 
Research Council's Computer Science and Telecommunications Board (CSTB) 
and was previously a member of the NSF National Ecological Observatory 
Network (NEON) Advisory board, the NSF CISE Advisory Committee, and 
DARPA-ISAT. Estrin was selected as the first ACM-W Athena Lecturer in 
2006 and was awarded the Anita Borg Institute's Women of Vision Award 
for Innovation in 2007. She was elected to the American Academy of Arts 
and Sciences in 2007 and to the National Academy of Engineering in 
2009. She is a fellow of the IEEE, ACM, and AAAS and was granted Doctor 
Honoris Causa from EPFL in 2008.

                               Discussion

    Chair Gordon. Thank you, Dr. Estrin. I agree, it is the 
discovery that you are not expecting that is oftentimes more 
important than the breakthrough that you originally sought.
    Dr. Lee, I want to go back a little bit to your discussion 
about what is going on around the rest of the world and the 
competition that we might have, and you say Europe is really 
the center or where most of the research is going on outside 
the United States?
    Dr. Lee. Yes, that is correct.
    Chair Gordon. And are there any lessons learned--what they 
are doing that we need to be incorporating? And typically what 
they will do is, they will have more of a focus on, you know, 
breakthroughs in two or three different areas. Is that what 
they are doing there, and if so, where?
    Dr. Lee. Yes. So indeed, one model that I think is very 
interesting, particularly in the European efforts in hybrid 
systems, which is roughly speaking their analog to cyber-
physical systems, they have a very focused mission orientation 
in some of their research programs.
    Chair Gordon. Is this E.U. or is this a particular country?
    Dr. Lee. This is E.U., and in the--so, for example, in one 
major initiative, they would like cyber-physical systems or 
hybrid systems that would eliminate any possibility of 
collisions in the high-speed rail systems throughout Europe and 
so this provides a grand challenge framework but associated 
with those large programs are sub-projects that provide 
sustained, long-term basic research funding.
    Chair Gordon. And what is their vehicle for collaboration?
    Dr. Lee. So they have multi-university research teams.
    Chair Gordon. It is university based. Does industry play 
much of a role?
    Dr. Lee. Industry does play a role, and in fact, in the 
large mission programs, industry is required to play a role but 
they are in our parlance sub-awards to the prime awards that 
are given to the university-based teams. This allows the 
university teams to really think beyond the leading edge but 
still provide a long-term partnership with industry to provide 
a smoother or a greased track, so to speak, for technology 
transfers.
    Chair Gordon. I want to pose a question to all of you. The 
legislation calls for an industry/university task force to 
explore collaborative research models for cyber-physical 
systems. Are there other research areas where public-private 
partnerships would be particularly appropriate and what 
characteristics are necessary for a successful industry/
university collaboration in networking and IT? Dr. Estrin, do 
you want to start us off?
    Dr. Estrin. Certainly. I think successful efforts--everyone 
needs to be getting something out of the process to get true 
engagement. An interesting example of something like that is 
where industry has the capacity to construct things, let us 
say, a highly sensitive sensor type that is needed by a broad 
range, but they are not going to do it on their own because the 
commercial market doesn't yet exist but perhaps there are truly 
needs for such a sensor--pose it--in health, in ecology, in 
cleanup of contaminated water, and so by bringing together 
researchers, agencies that have a need, an industry that has 
the capacity but wouldn't otherwise produce such a device 
because the commercial market doesn't yet exist, you can bring 
those three together in very successful ventures and the number 
of the things, projects I would foresee would have that similar 
quality where you bring in the capacity of the commercial 
enterprise but focusing on problems that are needed for public 
good that don't yet have the market to have them do it on their 
own.
    Chair Gordon. And what about the intellectual property? I 
mean, does that get worked out between the universities and 
industry relatively smoothly or what happens there?
    Dr. Estrin. In my experience, that works out even more 
smoothly when the government is involved from the beginning 
because it keeps people from even thinking about trying to be 
greedy in the shorter-term. In the end we found first to market 
understanding the technology is the way to go. We benefited so 
much from open work. So we do all of our work open and without 
IP protection. Since this is for the public good, you would 
want----
    Chair Gordon. Is that fairly well universal here in the 
United States, that attitude?
    Dr. Estrin. It is not--I think it is broad enough and 
people have seen enough success from it that it is certainly a 
practical thing to pursue, an important role for government.
    Chair Gordon. Dr. Lee, do you want to add anything there?
    Dr. Lee. Yes. I think that many of the major challenges 
that computing research is really poised to contribute to, and 
let me just mention three: cyber security, energy and health 
care. These are sources of grand challenge, problems that 
university and IT-based research alone won't be able to solve 
and so partnerships, particularly partnerships with 
stakeholders and typically these stakeholders would often be 
industrial organizations, seem absolutely crucial. I would like 
to emphasize again though that universities, if we are looking 
at beyond the leading edge of technology, universities leading 
in this are absolutely crucial, and I would just bring your 
attention to the last year's DARPA urban challenge where the 
top three winners of the DARPA urban challenge robot race were 
in fact university teams that had significant industry support 
but the universities were leading.
    Chair Gordon. Dr. Greer, do you want to conclude on that 
topic?
    Dr. Greer. A couple of things I would add to the comments 
you already heard. The characteristics of successful efforts 
are really twofold. All involve bring their capabilities to the 
table and that all realize real value from the interaction. 
Those are the key issues that have to be addressed. In addition 
to the areas Dr. Lee described, the whole area of software 
development, design and engineering is a rich one for multi-
sector collaboration, in fact, probably requires that 
networking capability, security, reliability. The vast majority 
of the networking capability around the globe belongs to the 
private sector, certainly in this country, than to the 
government. There are examples of effective cooperation of this 
type. The Semiconductor Research Corporation is an example of a 
consortium where it provides neutral ground for all the parties 
to reach agreement, for example, a common legal framework which 
everybody who wants to participate has got to buy into, so that 
I think is another important value.
    Chair Gordon. Thank you, Dr. Greer.
    Mr. Hall is recognized for five minutes.
    Mr. Hall. I thank you, Mr. Chair.
    Dr. Greer and Dr. Lee, are all of the federal agencies 
involved with NITRD pulling their, what we call their weight in 
this? What agencies could be doing more and in what area, and 
whether or not you believe it is a function of funding or is 
something else involved? Dr. Greer, do you want to take a shot 
at that first?
    Dr. Greer. In my written testimony in the appendix is the 
list of member agencies and participating agencies. That is a 
list of 28 federal agencies all told. That is a remarkable set 
of federal agencies willing to participate in the program. I 
think that is a very strong signal that there is broad 
interest. The member agencies are the ones that contribute to 
our budget. Again, there are 13 of those. Our experience is 
that the networking and information technology issues touch on 
the missions of all of the federal agencies in one form or 
another and so we encourage their participation and actively 
seek it as well.
    Mr. Hall. Well, is that--are they listed because they are 
participating, the 28?
    Dr. Greer. That is right. They are listed because they have 
on the left-hand side the ones that contribute to the NCO 
budget, on the right-hand side those that participate in other 
ways in the NITRD program activities.
    Mr. Hall. And are there other federal agencies that are 
involved that could also be on that list?
    Dr. Greer. I certainly think--as I said, almost all federal 
agency missions touch on this and I think part of our 
responsibility is to find those areas where agencies not now 
participating could realize value from participating.
    Mr. Hall. I guess I will ask all witnesses whether or not 
the draft version of the legislation that is before us today 
helps to achieve an appropriately balanced portfolio, and if 
not, what is missing or what has been given too much attention? 
Dr. Greer, do you want to take a shot at that again?
    Dr. Greer. Sure. Let us take one specific example, cyber-
physical systems. As Dr. Estrin has eloquently pointed out, 
that touches on a very broad range of issues and even the 
definition of a cyber-physical system ranges from a chip in 
your car to the National Ecological Observatory Network, quite 
a range of things. The software for achieving those 
capabilities, the reliability issues, networking, all of those 
things go into realizing success in the area of cyber-physical 
systems and so an important issue is not to view them as 
isolated from all of the challenges across the networking 
information technology landscape but as one of the key priority 
and goal areas in that landscape.
    Dr. Lee. I have one comment.
    Mr. Hall. Dr. Lee.
    Dr. Lee. Yes. Thank you. I think on the subject of balance, 
one area that perhaps could use more emphasis, I think the 
legislation does very well in emphasizing large-scale multi-
disciplinary research and that is in response to the PCAST 
assessment. We shouldn't forget though that for all of the 
wonderful technologies that we see, there is literally an 
iceberg, a gigantic amount of core research in fundamental 
algorithms and technologies, and that emphasis on the core I 
think should have equal weight in the legislation.
    Mr. Hall. Dr. Estrin, you gave a very detailed and 
inclusive opening statement. Do you have anything to add to 
what either of these gentlemen have said, and if something is 
missing, what's missing, and if something is given too much 
attention, what is, and if something is not given enough 
attention, what is it?
    Dr. Estrin. I will be brief. As was mentioned in the 
opening statements, I think language about security and privacy 
would belong and would be a great addition.
    Mr. Hall. About a brief an answer as I have ever gotten out 
of anybody. I yield back. Thank you, Mr. Chair.
    Chair Gordon. Thank you, Mr. Hall. Since you have got a 
little bit of time left, Dr. Greer, could you finish up on your 
question? You were saying there needs to be more outreach to 
other agencies. How would you suggest that--you know, who 
determines where they are and how should that outreach be made?
    Dr. Greer. Of course, the legislation that this committee 
has provided says that the President and the Director of OSTP 
decide who in the end is a member of the NITRD program so there 
is----
    Chair Gordon. Just in case they were busy that day, I mean, 
what would you--you know, how would we do this internally?
    Dr. Greer. And what we do at the National Coordination 
Office is, we go to our agency counterparts, explain the role 
of the NITRD program, its value to the agencies, identify 
appropriate points of contact and start that dialogue, invite 
them to our meetings, share our reports with them.
    Chair Gordon. Okay. I see. Thank you.
    Ms. Woolsey is recognized.
    Ms. Woolsey. Thank you, Mr. Chair, and thank you to these 
wonderful witnesses. You have each said something about the 
ability of the United States to lead in science, math, 
technology, information technology in particular, that we have 
to have an educated workforce. So my question and we will go 
right down the line, how are we doing? And there are three 
Members on this committee, Congressman Wu, Dr. Ehlers and 
myself who are senior Members on the Education and Labor 
Committee as well, so my question, what can we be doing better 
to encourage an increase for the recruitment and the education 
of women and minorities in particular but in general all 
individuals interested in this field that is so important to 
us? And finally, where does it start in the education system? 
Does it start at the Ph.D. level or does it start in the 8th 
grade or the 6th grade? So we will start with you, Dr. Estrin, 
because actually we want--I am the author of Go Girl, which 
encourages young girls from the 8th grade on to stay involved 
in science, math and technology and we are going to have a 
hearing in my committee and I want you to be one of the 
witnesses. Let us start from you and go up the stream from 
there.
    Dr. Estrin. I am delighted this issue is being taken so 
seriously, and certainly a Ph.D. is far too late. We have far 
too few people available in the pipeline by then. We must start 
earlier. Eighth grade is just about right. Of course, we need 
excellent childcare, we need good prenatal nutrition, we need 
everything that feeds up to the 8th grade but 8th grade is 
about the time that these young people start forming their 
ideas about what they want to do. Something we have been trying 
to do is put an authentic face on information technology, 
explaining that it is not just this transparent set of 
mechanisms that happened behind your screen but rather it is a 
way to help save the planet, help save your community, and I 
have no formal evidence on that subject, but as I said, many 
people who are entering and selecting careers who might 
otherwise select to become doctors and now we have greater than 
50 percent in pre-med in medical schools who are women and our 
intention is to draw some of those bright, engaged committed 
individuals from that community.
    And finally, the same thing holds when you look at first-
generation students becoming the first generation to get 
college degrees. There again tends to be a commitment to the 
world, to their community and they want something and they are 
on the front lines doing that. And certainly information 
technology innovations are really very much about that.
    Ms. Woolsey. Thank you.
    Dr. Lee.
    Dr. Lee. Thank you very much for this question. It is 
really an issue that has caused a great deal of anxiety, I 
would say, in the academic research community. I believe and 
many of my colleagues believe that computational thinking is 
necessary for any educated person in the same way that 
mathematical thinking or global thinking is becoming necessary 
for any educated person in our society, and this really has to 
start, I believe in the K through 12 system and maybe the 8th-
grade level is about right. The National Science Foundation 
actually has begun a number of important initiatives. One that 
I would call attention to is the Math Science Partnership 
Program, and there are ideas to expand this in order to improve 
K through 12 computing education, and this would undoubtedly 
increase access and participation by women and minorities 
further upstream.
    Ms. Woolsey. Thank you. Do I have time for Dr. Greer?
    Chair Gordon. Certainly.
    Dr. Greer. Very quickly, I would say that that this is one 
of the largest challenges to the NITRD landscape and my agency 
colleagues agree. It should be a centerpiece of our strategic 
plan. It should address the entire pipeline including curricula 
that are inspiring, that put science in the computer science 
curriculum, that show the opportunity for IT innovation to 
benefit people, individuals and our society as a whole and 
teachers who are prepared to engage students on that ground.
    Ms. Woolsey. Before turning the microphone over, I have to 
be clear. I don't think we start teaching math in the 8th 
grade. I just know that by the 8th grade we know there are kids 
that are very talented that we want to keep in the system. 
Thank you very much.
    Chair Gordon. Ms. Woolsey, your leadership in helping pass 
the America COMPETES will help move this ball down the field 
very much.
    Ms. Woolsey. That is true. Thank you.
    Chair Gordon. Dr. Roscoe Bartlett was here a little bit 
earlier, and in talking with him, he mentioned that his son, 
who he claimed was smarter than him and even smarter than his 
mother, which was apparently even a greater accomplishment, is 
a graduate of Carnegie Mellon and was very complimentary of 
what you do there.
    Mr. Akin is recognized.
    Mr. Akin. Thank you. Mr. Chair, a couple of questions. They 
are a little bit related. The first is, with the proposal 
before us, do we have the adequate mechanisms to ensure that 
patent rights and national security, particularly the patent 
right piece is the first part of my question, is that--because 
we are doing a lot of sort of network types of development. Do 
we still protect patent rights appropriately?
    Dr. Greer. Clearly that is a challenge in the evolving IT 
landscape and I think it is one that this Congress will need to 
consider. For the most part, it is outside the portfolio of the 
NITRD program; it is cooperation on R&D, but it surely plays 
into our ability to interact with the academic and commercial 
sector, a very important part of what we need to be able to do. 
So I think there are major challenges here that constrain 
progress.
    Mr. Akin. I think my next question is a bigger one and a 
harder one because one of my other committee assignments is on 
the Armed Services Committee, and we have taken a look at sort 
of unique forms of warfare and one of the most threatening and 
one that we appear to be largely unprotected against is the 
whole hacking into networks. I am not a whiz on computers 
although I used to work for IBM but my son is with the Marine 
Corps and he is a communications guy and he said we are 
absolutely wide open in this area. My understanding is, there 
are hundreds or even thousands of attacks every day from China 
directed toward our information systems and hacking into them. 
One rather big situation I think was in the news. It was two 
days ago or so in a number of different countries where 
computers that had very sensitive information had been 
infiltrated with software which was downloading all of this 
sensitive information and it was tracked back to China, which 
is no big surprise. Are we doing enough in that security 
because the hearings that I held as a Subcommittee Chair 
indicated that there is good news and bad news. The good news 
is, we can hack into anybody's stuff. The bad news is, they can 
all hack into ours.
    Dr. Lee. It is in fact I think imperative that we somehow 
find a way to bridge across classification levels in order to 
allow more university-based researchers to participate in 
solving this problem. As it stands now, many university 
researchers are really not able to effectively participate in 
those programs and that then ends up excluding a large amount 
of our technology base.
    Mr. Akin. So what you are saying is, is that there are some 
solutions that could help us in this area but because of the 
fact that they are coming from a university direction that it 
is hard for them to connect with things like the systems that 
we are actually using nationally?
    Dr. Lee. That is right. To give a concrete example, can we 
access data for access patterns to apply the latest machine 
learning algorithms to help understand these attacks. Even 
access to data is now an issue.
    Mr. Akin. I don't totally understand what you are saying 
but you are saying that we have got more of this stovepipe 
stuff where one part of our Nation is not talking to another. 
We are not using all of the resources available to us. I gather 
that is what you are saying.
    Dr. Lee. That is correct, sir.
    Mr. Akin. How would you then change that? Would you say 
that you would maybe put in some sort of a provision so that 
the Department of Defense would have more aggressive work with 
the--I know at the Naval Academy they do--you know, they have 
red team come in and hack and all that kind of stuff. My son 
just loved that. But are you saying more of those kinds of 
programs would be helpful?
    Dr. Lee. I think that would in fact do quite a lot. There 
are some natural defenses that just come out of new networking 
core research, new research and operating systems and software 
but as it stands now, there is a virtual gulf that separates 
classified programs from open programs, and that gulf ends up 
creating a split personality, so to speak, in how we approach 
these cyber security problems.
    Mr. Akin. Thank you very much.
    Thank you, Mr. Chair.
    Chair Gordon. We should have had your son as a witness 
today.
    Mr. Akin. I bet he would have had some questions. I don't 
know about a witness.
    Chair Gordon. Dr. Griffith is recognized for five minutes.
    Mr. Griffith. Thank you, Mr. Chair. I have a question that 
hopefully you can shed some light on. At what level of the cell 
can you introduce this technology? At what level of the 
organism, when we are talking about health care, can you begin 
to measure? Can you measure outside the cell membrane, nuclear 
membrane? Are you down into the DNA, RNA? I know that 
sequencing was critically important in your area or it was 
critically important to us, but where are we now in general? 
Anybody can answer that.
    Dr. Lee. Well, this is a very large question. In fact, 
there is ongoing information technology research that is 
literally trying to treat DNA sequences as computer code, 
literally programming DNA sequences in order to understand from 
the ground up exactly what all of these things mean, and that 
is kind of a bottom-up approach from actually the top-down 
approach of looking at natural organisms, so we are very, very 
far down into the biochemistry today.
    Mr. Griffith. Thank you.
    Yes, please.
    Dr. Estrin. So in the laboratory and even laboratory-based 
analyses, again, very far down that path, in terms of worn 
systems, systems that you might wear all the time, current 
state of technology isn't there. You are measuring higher-level 
physiological, perhaps measuring blood glucose, perhaps 
capturing other physiological parameters. Those are actually 
quite easily accessible now whereas the more detailed DNA 
analysis is happening through collected samples and then in the 
laboratory. But these things advancing together help science in 
understanding of health tremendously because you can do that 
analysis in the lab but understand the exposures that people 
have had during the course of their everyday life.
    Mr. Griffith. I think it is a great selling tool, by the 
way, for young students to know that the advances in our 
computer technology have led to incredible advances in the care 
of patients, and I think that is attractive to them and it 
attracts them in, just as the greening of America or saving our 
ecosystem, so we appreciate you all being here. Thank you.
    I yield back my time.
    Chair Gordon. Thank you, Dr. Griffith.
    Let us see. Mr. Hall says he doesn't have any questions at 
this time. So Mr. Davis, you are recognized for five minutes.
    Mr. Davis. Mr. Chair, thank you very much. I will be very 
brief. As I heard the questions engaging in those back and 
forth and our concern about China being able to tap into our 
most sensitive systems that we have and find information, 
obviously we can do the same thing but do you see any way where 
we can ever prevent that? As we talked about the information 
superhighway, the highways in my district are interstates so 
you go both ways on them. I am just wondering, is there any way 
that we can perfect--that we would be able to block out with a 
certainty, that no one would be able to tap into our 
information?
    Dr. Lee. So thank you for that question. In fact, today's 
Internet, just to take that as one key part of our information 
technology ecosystem, was designed to be completely open, to be 
that interstate that allows free traffic in all directions 
literally without even any kind of traffic control. This was 
fine in the early going. We have come to depend on it now and 
it is well past time to rethink what the next generation 
Internet should be, and in fact, there are concepts on the 
drawing boards that would provide large test beds to experiment 
with new architectures for the Internet that could in fact be 
much more secure.
    Dr. Estrin. I would like to add a comment. Having been 
around in those early days as the Internet was being designed 
in that very open process, some people look back and say that 
was a mistake. I think of it a little bit more as, you take a 
child, you introduce them in childcare, they start to be 
exposed, you know, to viruses and such things and they build up 
some antibodies. You don't keep them in a bubble. And in that 
process of having the Internet open and accessible, we have 
started to develop a stronger set of ideas of how you begin to 
protect yourself from these attacks and you--I don't know that 
we will see the day that we will be completely immune but I 
think we can be much better in terms of our treatment of 
addressing these kinds of viruses and infections and building 
healthier immune systems, if you will, for our systems. I would 
just like to say that a critical component of that is that we 
build systems whose security measures are actually usable by 
everyday people. A lot of the technology that ends up in 
critical government parts of the systems comes from the 
commercial side because it is less expensive, it has so much 
functionality to it, and so it is very important for our 
national security that our commercial and consumer information 
technology systems are built with important and the latest 
security ideas and that those security ideas are actually 
usable, that the configurations and the defaults are ones that 
everyday people can do the right thing and the protective thing 
because that technology ends up coming back into our national 
security systems.
    Mr. Davis. So in essence you are saying in the near future 
there is a possibility, a probability, likelihood that we will 
be able to protect our most sensitive information to keep 
someone else from tapping into it, either of you?
    Dr. Estrin. I think we will be able to do better and I 
don't see that as being something that is an absolute 
guarantee. We always have to remain vigilant.
    Mr. Davis. Thank you, Mr. Chairman. I yield back my time.
    Chair Gordon. Mr. Davis, Dr. Bartlett has been out 
consulting with his son for questions so you are recognized for 
five minutes.
    Mr. Bartlett. Thank you. I am sorry that I couldn't have 
been here for your testimony and the discussion. I worked eight 
years for IBM Corporation. As I mentioned to Dr. Lee, my 
youngest son, youngest of 10, chose to go to his university for 
his doctorate, which was ostensibly in chemical engineering but 
he went there because his interest is in computers and they 
hired him at Sandia Labs because of his expertise in computers. 
I have a growing concern that we are becoming too dependent on 
computers. They now are involved in almost everything we do. 
When the hacker comes in, he wants you to know that he broke 
into your house so he pulls out the dresser drawers and strews 
the stuff all over the floor so that you know he was there. 
When the really bad guys come to your house and break in, they 
don't even want to disturb the dust on the dresser. They don't 
want you to know they were there. Several years ago--I am 
senior Member on the Armed Service Committee. Several years ago 
we commissioned several of our people to pretend that they were 
bad guys and see if they could break into our military 
computers. They did that 3,000 times. We caught them twice. 
Now, we are much wiser because of that but so are the bad guys, 
when they make mistakes and they figure out what they need to 
do next time so as not to make the mistake. I have a growing 
concern that they are just testing us with the viruses and the 
worms that they put in our computers now and I am concerned 
that in the operating systems, which I think we have trouble 
determining whether they are germ-free, that there could be a 
sleeper there that becomes active only with a big ramp-up in 
activity which is an emergency when you really need them. 
Shouldn't we have some redundancy in our society? Today we have 
essentially no redundancy. If the computers are down--and one 
thing that would bring all of our computers down is a single 
nuclear weapon detonated 300 miles high over Iowa or Nebraska 
and the Russian generals tell us that would produce 200 
kilovolts per meter, which is 100 kilovolts per meter at the 
margins of our country. That of course would fry all of our 
microelectronics so you are essentially in a world in which the 
only person you can talk to is the person next to you, unless 
you happen to be a ham operator with a vacuum tube set, a 
million times less susceptible. And the only way you can go 
anywhere is to walk unless you happen to have an Edsel or a 
similar kind of car. Shouldn't our society have some sort of 
redundancy? When something is really, really important in our 
military, we always build in redundancies so if we lose the 
primary, we still can function. We can't function without 
computers, can we? Shouldn't we have a redundancy?
    Dr. Lee. Congressman Bartlett, let me start by saying that 
your son, congratulations on his accomplishment, and I should 
say that I applied to Carnegie Mellon hoping to do my own Ph.D. 
studies there and was not admitted, so I am very impressed with 
your son.
    So indeed, I think that we are facing some significant 
challenges as you say, and the redundancy is the most simple 
thing that we could imagine doing. Indeed, Wall Street uses 
redundant systems for precisely the reasons that you----
    Mr. Bartlett. Redundant computer systems?
    Dr. Lee. Yes.
    Mr. Bartlett. They are all down under some scenarios.
    Dr. Lee. That is true, and indeed, simple redundancy turns 
out to give you maybe one layer of protection, but in basic 
computer science algorithms research, and we saw this at the 
symposium at the Library of Congress last week, there are far 
more sophisticated concepts in the general area of redundancy 
and diversity that could lead to a great deal more reliability 
and robustness.
    Mr. Bartlett. I don't know where we go----
    Chair Gordon. You have got them all scared.
    Mr. Bartlett. I am just more and more concerned that the 
more sophisticated we become in using computers, the more 
vulnerable we are.
    Dr. Estrin. It is a clearly valid concern. In the scenario 
you gave, which is clearly disastrous from all perspectives, 
just addressing the bringing back of the information technology 
and such, it is--while it is about the United States, it is, we 
know from security, that when you do backups, you don't just 
keep backups locally. You also ship some backups off to a 
remote location. I am from Los Angeles. We have all sources of 
natural disasters there. We always do our backups off-site, and 
in that sense, I would expect that there are programs within 
our government as well that has backup of key data sets and key 
resources off-site so that one way that you deal with this 
problem is to allow yourself to do rapid restructuring, rapid 
build-up of a replacement infrastructure.
    Mr. Bartlett. An all computer replacement infrastructure?
    Dr. Estrin. Yes.
    Mr. Bartlett. Yes. I am asking, shouldn't we have another 
fall-back redundancy?
    Dr. Estrin. Certainly from a government infrastructure, 
community infrastructure, I think your fall-back are a well-
trained citizenry and people and governments. I am not sure 
what form that takes in the information transfer. I think it is 
a very interesting question how we think about starting to 
bring up our capacity, relying again on the human beings.
    Mr. Bartlett. Thank you, Mr. Chair.
    Mr. Hall. Mr. Chair, I can help the gentleman if he would 
like. For a fall-back redundancy, I still have my Big Chief 
tablet and cedar pencil.
    Chair Gordon. Thank you, Mr. Hall. I think Dr. Bartlett has 
got the beginnings of a good screenplay.
    Mr. Lujan, you are recognized for five minutes.
    Mr. Lujan. Mr. Chair, thank you very much. I want to go 
back to the importance in the questioning with collaboration 
with some of the entities that have capabilities, whether it is 
through our laboratories with the emphasis in DOD and DOE.
    Dr. Estrin, you said that it was important that the 
commercial aspect of this drive the security of the experience 
and what can be done to protect the networks with the Federal 
Government. Can you elaborate on that a little bit?
    Dr. Estrin. Sorry if I wasn't clear. I didn't mean that it 
should drive. Clearly you have to have classified activities 
and government-focused activities. What I meant is that if you 
look empirically and historically you see the adoption of 
commercial technology in our everyday government business, both 
classified and unclassified, and so since we know that there is 
technology that the government wants to bring in from the 
commercial sector, it is important from the government's 
interest that the technology that is being produced in the 
government sector has built into it good forms of security and 
usable forms of security. Does that clarify?
    Mr. Lujan. Absolutely, and I appreciate that very much, and 
that is really the basis for the line of questioning.
    Dr. Lee, you mentioned the importance of the collaboration 
between entities. I think Mr. Akin asked a question along those 
lines about how are we collaborating with all of the efforts 
and the investment that has been made in so many of these areas 
and with your experience, and I would ask Dr. Greer the same 
question, with your experience, how can we truly move forward 
where we are collaborating more, where we are supporting more 
tech transfer, where we take advantage of the investments that 
we made within laboratories with the Department of Defense, 
Department of Energy, Office of Science and others to utilize 
that brain trust and that expertise to move forward with some 
of the modeling that can take place, the supercomputing 
capabilities in all aspects, especially in the area of energy, 
disease, smart grid applications, developing the necessary 
software and security with their experience with the number of 
threats that they experience on a daily basis as well.
    Dr. Lee. Thank you, Mr. Lujan. Indeed, just recently, the 
former CIO G6 of the U.S. Army, Steven Boutelle, informed me 
that during his tenure the U.S. Army had moved to a position 
where over 80 percent of the software and networking technology 
employed by the U.S. Army today is commercial off the shelf, 
COTS, and this raises a specific question about how we can 
certify the security and trustworthiness of commercial systems. 
This goes all the way down even to the hardware and the 
circuitry. And in fact, as Dr. Greer had mentioned and 
emphasized before, much of this is really core research in 
areas related to software development, software analysis and 
networking, and I believe that if we are able to increase the 
base of agency support for academic research, right now we are 
at 86 percent coming from the National Science Foundation. If 
we are able to expand into other areas, DARPA and other defense 
agencies and DOE, we will be able to provide a wider range of 
attacks on this problem and really come to grips with our 
needs, particularly in this security-related and 
trustworthiness-related area.
    Mr. Lujan. Dr. Greer.
    Dr. Greer. I would second what Dr. Lee has had to say in 
the sense that inherent in your question are a number of basic 
research challenges that the NITRD agencies are currently 
investing in including issues of software assurance, validation 
and verification and how can you ensure that a software package 
being delivered does what it is purported to do, that the 
system doesn't have any Trojan horses and so on. That is an 
example of a very basic research question. In the end, what we 
are striving for is research and development informed by 
implementation and implementation informed by research and 
development. So there is a cycle and an interaction that has go 
on there. That is all about communication amongst the various 
groups, and that is what is important to us.
    Mr. Lujan. Thank you, Dr. Greer.
    Mr. Chair, I certainly appreciate the fact that this is 
coming forward and the importance of COMPETES that you stressed 
as well, and as we look to see how we can incorporate the 
federal laboratories into the educational component but 
specifically in the area when we are talking about large-scale 
research in areas of national importance and we characterize 
those, I truly believe that if we harness that energy and we 
are able to expose so many of our young people when they are in 
junior high, even elementary and high school, to some of the 
research taking place at our national laboratories, include 
them into that field where we can take advantage of those 
opportunities, really use them as a hub to expand our 
university system and those capabilities as it translates to 
solving some of our large-scale problems is something that we 
can truly do. So I appreciate the inclusion of those in the 
Act.
    Chair Gordon. Thank you, Mr. Lujan. You are absolutely 
correct. Our National labs are a tremendous resource, and by 
the synergy of them working with universities and private 
sector is going to make a big difference in our country. In the 
COMPETES bill, we did address some of this so that there will 
be collaboration where both teachers and students can go into 
the labs and hopefully those teachers come back and get the 
kids excited.
    Before we close, is there anyone else that would like to 
ask another question? If not, I want to thank our witnesses. 
This has been a very good hearing. You have provided us very 
good information. This is not as high profile as climate change 
and energy independence and health care but it is important to 
all those areas, and we hope that this bill will help us to 
move forward.
    Let me also say that we welcome any further comments you 
might have in terms of our bill, and we welcome also comments 
from the audience here and for those who are listening over the 
Internet or watching for this transcript, and the record will 
remain open for two weeks for additional statements from 
Members and for answers to any of the follow-up questions the 
Committee may ask of the witnesses.
    So the witnesses are excused and the hearing is adjourned.
    [Whereupon, at 11:16 a.m., the Committee was adjourned.]

                              Appendix 1:

                              ----------                              


                   Answers to Post-Hearing Questions



                   Answers to Post-Hearing Questions

Responses by Christopher L. Greer, Director, National Coordination 
        Office for Networking and Information Technology Research and 
        Development (NCO/NITRD)

Questions submitted by Chair Bart Gordon

Q1a.  There is a growing concern that the educational programs in 
networking and information technology are insufficient to prepare our 
future IT workforce. Please describe the NITRD program's current 
efforts to improve networking and information technology education at 
both the secondary and post-secondary level.

A1a. In FY 2008, NITRD agency investments in the Social, Economic, and 
Workforce (SEW) Implications of IT and IT Workforce Development Program 
Component Area totaled $118.7 million, including the following 
education-related efforts:

          Cyber-enabled Discovery and Innovation (CDI). This 
        major National Science Foundation (NSF)-wide, five-year 
        initiative is intended to revolutionize the conduct of science 
        and engineering by infusing computational thinking and methods 
        across the disciplines both in laboratory research and at all 
        stages of education and training. Funded activities include 
        exploration of interactive virtual learning environments that 
        maximize students' cognitive capacities and learning styles as 
        well as IT for reliable identification of developmental and 
        learning disorders.

          NIH's National Library of Medicine (NLM) 
        bioinformatics and biomedical informatics training. This 
        ongoing program, which supports a variety of doctoral and 
        postdoctoral training fellowships at academic institutions 
        across the country, was set up to develop a cadre of scientific 
        professionals with expertise both in IT and informatics and in 
        biomedical science; the effort has led to recognition of 
        bioinformatics as a significant specialization in biomedicine 
        and institutionalization of biomformatics training programs in 
        academia.

          Computational science graduate fellowship program 
        (DOE). This ongoing activity supports students pursuing 
        doctoral degrees in scientific or engineering disciplines with 
        an emphasis in high-performance computing. The fellows gain 
        hands-on high-end computing experience working with 
        computational and disciplinary scientists at national 
        laboratories.

          The NSF Computer and Information Science and 
        Engineering (CISE) Directorate's Pathways to Revitalized 
        Undergraduate Computing Education (CPATH). Begun in 2007, CPATH 
        is focused on developing a computationally skilled workforce 
        that can maintain U.S. economic competitiveness in the 21st 
        century. The program is supporting multi-sector activities to 
        identify strategies for improving undergraduate computing 
        education; grants for adopting, extending, and evaluating 
        innovative undergraduate programs; ``transformation'' projects 
        that model new academic structures and cultural approaches; and 
        a Distinguished Education Fellows effort, which brings 
        outstanding professionals into the curriculum planning process.

          Broadening Participation in Computing (NSF). The goal 
        of this effort begun in 2005 is to develop effective 
        undergraduate and graduate-level recruitment and retention 
        strategies to increase the number of U.S. citizens and 
        permanent residents receiving post-secondary degrees in the 
        computing disciplines, with an emphasis on students from 
        communities with longstanding under-representation in 
        computing. The program also seeks to improve computing research 
        and education opportunities for all students.

          The Education and Workforce Program (NSF). This 
        program invests in education initiatives for women (the 
        Advancement of Women in Academic Science and Engineering 
        Careers, or ADVANCE program), graduate student fellowships 
        (GRF), graduate STEM Fellows, Integrative Graduate Education 
        and Research Traineeship (IGERT) program, Research Experiences 
        for Undergraduates (REU) and REU Sites.

          Cyberlearning and impact of IT on education practice 
        (NSF). NSF supports activities to provide new opportunities for 
        using cyberinfrastructure as a platform fir student learning 
        experiences. It also supports the study of the impact of IT on 
        teaching and learning.

          Faculty Early Career Development (CAREER) Program 
        (NSF). All core computing programs at NSF participate in the 
        CAREER Program, which emphasizes the integration of research 
        and education.

Q1b.  To what extent has the Department of Education been involved in 
the Social, Economic, and Workforce program component area of NITRD?

A1b. The Department of Education has only occasionally participated in 
SEW activities in recent years. The NCO is currently working to develop 
contacts within the agency and exploring possible avenues to encourage 
its participation.

Q1c.  Additionally, please describe how the NITRD strategic plan will 
address networking and information technology education to ensure an 
adequate workforce.

A1c. As I noted in my April 1 testimony, education and workforce 
challenges are envisioned as a central element of the NITRD strategic 
plan. Two NITRD activities are providing inputs to the plan directly on 
this theme: a fast-track study comparing international IT education and 
workforce data, and draft education goals for the plan being developed 
by SEW with an ad hoc interagency group. The latter effort began in 
September 2008 with a Collaborative Expedition Workshop on strategic 
leadership for networking and IT education; the participants were 
Federal managers with education-related responsibilities from non-NITRD 
as well as NITRD agencies. The workshop was designed to promote 
coordination among NITRD programs with educational missions and 
identify candidates for a working group to develop the draft strategic 
plan educational goals.

Questions submitted by Ralph M. Hall

Q1.  One of our witnesses in a previous NITRD hearing called out the 
oversized role of the NSF in supporting academic NIT research, noting 
that this single agency provides 86 percent of the funding in this 
area. What do We gain or lose by having a single agency dominate 
funding? How can we assess whether specialization like this is leading 
to greater efficiency for the program overall or creates stovepipes 
that slow down overall progress?

A1. Each agency's NITRD investments support the particular mission of 
the agency. NSF has the unique mission of promoting the health of the 
science and engineering research and education enterprise in this 
country and has traditionally focused on the academic sector. Thus, NSF 
leads among NITRD agencies in investments in basic research in 
mathematics and computer science in the academic sector. However, the 
Department of Defense is the largest investor (56 percent) in applied 
research in math and computer science in the academic sector (source: 
NSF SRS, 2005-2007; NSF 09-309).
    Advantages of having the federal agency whose mission is most 
closely tied to basic research at academic institutions take the lead 
role in academic IT R&D include familiarity with the relevant community 
and its processes and deep expertise in the fundamental research 
challenges. A potential disadvantage is that the interests and 
perspectives of the other agencies may be overshadowed. Among the goals 
of the NITRD program is to support the kind of close information 
sharing and cooperation among agencies that can ensure that all 
agencies' interests and perspectives are considered.
    From the perspective of the NITRD portfolio as a whole, investments 
are fairly widely distributed across the member agencies. For example, 
NSF accounted for 28 percent of the 3.3 billion in estimated FY 2008 
NITRD spending reported in the FY 2009 NITRD budget supplement. The 
Department of Defense (OSD, DARPA, and NSA combined) accounted for 37 
percent; NIH accounted for 15 percent; and DOE (FE/NE/NNSA/SC) 
accounted for 13 percent; NASA, NIST, NOAA, EPA, and NARA together 
accounted for seven percent.

Q2.  You suggested in your testimony that the recent PCAST 
recommendations reflect the need for a framework that enables the NITRD 
portfolio of investments to respond to our nation's changing IT needs. 
Does the draft legislation provide for the flexibility and 
responsiveness you feel is necessary? Are there any areas where the 
suggested language would throw up a roadblock?

A2. In the current High-Performance Computing Act as amended, the topic 
areas that make up the Program are listed together in Section 101. This 
allows a balanced view of the scope of the Program and emphasizes the 
critical inter-dependencies across all of the topic areas. However, the 
draft legislation placement of both cyber-physical systems and long-
term, large-scale research in separate sections rather than in Section 
101, could be a significant roadblock to research progress in these 
areas and encourage unnecessary duplication of effort.
    Section 104(b)(2) of the draft legislation includes as a criterion 
that large-scale projects ``shall be carried out by a collaboration of 
no fewer than two agencies participating in the Program.'' This 
phrasing could be misinterpreted to discourage critical large-scale 
investments by any one agency or by agencies outside the Program.

Q3.  How much stimulus funding will be devoted to NITRD programs and 
activities, and is OSTP/OMB or the NCO undertaking any special efforts 
to ensure this funding is fully coordinated and spent wisely?

A3. OMB is collecting data on restoration and recovery act spending on 
NITRD goals, and OSTP and OMB have worked closely with the NITRD 
agencies in planning effective spending under the restoration and 
recovery act.

Q4.  How successful have the Federal agencies been at figuring out ways 
to interact with one another through computer systems, particularly 
since September 11, 2001, when it became evident how important it could 
be to homeland security?

A4. The OMB Office of eGovernment and Information Technology and the 
Federal CIO Council are better positioned to comment on current IT 
deployment and implementation. I can comment, however, on how some of 
the results of NITRD agency investments are improving the IT landscape:

          Identity management across domains. Shibboleth is a 
        standards-based open software suite that enables federations of 
        networks--such as those linking together the academic networks 
        of U.S. universities--to authenticate users on any 
        participating campus through a secure ``single sign-on'' 
        interface. Developed by Internet2 researchers funded by NSF's 
        Middleware Initiative, Shibboleth has both raised the security 
        level of campus networks and increased the ease of inter-campus 
        resource sharing, allowing sites to make informed authorization 
        decisions on access to protected online resources while 
        preserving privacy.

          Distributed computing. Globus and Condor are software 
        packages, developed with funding by NITRD agencies, that each 
        has significantly enhanced U.S. distributed computing 
        capabilities in this decade. The Globus concept originated in 
        DOE/SC research in the late 1990's on how to enable networks 
        not just to transmit data but also to make advanced scientific 
        resources (such as telescopes, microscopes, high-end computers, 
        large-scale physics equipment, and data repositories) 
        accessible to researchers regardless of their location. The 
        result was ``grid computing,'' made possible by an open suite 
        of software tools called the Globus Toolkit for managing a 
        secure distributed computing environment. Condor, developed by 
        University of Wisconsin researchers with NSF support, is 
        cunning scalable software for maximizing the use of computing 
        cycles on distributed machines--from small computing clusters 
        to large-scale grids. By parallelizing tasks, scanning for free 
        cycles on networked computers, and directing the scheduling of 
        those cycles for jobs, Condor minimizes idle computer time and 
        speeds certain types of massively parallel research tasks, such 
        as the identification of effective cellular binding sites for 
        promising new medicines.

          Cyber threats and malware detection. Two developments 
        funded by NITRD agencies--the Protected Repository for the 
        Defense of Infrastructure Against Cyber Threats (PREDICT) and 
        the Cyber Defense Technology Experimental Research (DETER) 
        network--have improved the ability of public- and private-
        sector enterprises to understand their cyber vulnerabilities 
        and improve their defenses against cyber attacks. The secure 
        PREDICT archive makes available to authorized cyber security 
        researchers and developers real data sets from attacks on U.S. 
        networks. Such data, normally closely held, are an invaluable 
        resource for designing hardware and software to prevent attacks 
        and/or mitigate damage to systems and networks. The DETER 
        testbed--a 1,000-node virtual network isolated from the 
        Internet--provides an equally critical component for improving 
        U.S. cyber security. DETER enables researchers to test 
        innovative security approaches and experiment with a broad 
        range of hardware and software strategies in a realistic 
        environment. DARPA plans to develop a more advanced facility to 
        expand upon this important work.

          Efficient and reliable development methods. DOD's 
        Systems and Software Producibility Collaboration and 
        Experimentation Environment (SPRUCE) is a three-year 
        collaborative effort among federal, industry, and academic 
        researchers to establish a hardware/software testbed and 
        evaluation infrastructure to improve the timeliness, 
        reliability, and cost-effectiveness of DOD procurements of 
        software-intensive systems such as aircraft.

          Improved network performance. NITRD's Joint 
        Engineering Team (JET) plays a key year-round role in 
        maintaining U.S. research networks and their global 
        connections. JET, which includes members from federal agencies, 
        industry, academia, and other groups with an interest in high-
        performance research networking, coordinates networking 
        activities, operations, and plans among multiple federal agency 
        operational and research networks. Among its multiple ongoing 
        responsibilities are: planning for network access points (NAPS, 
        12 gigaPoPs, STARLight, etc.); security; coordinating Optical 
        Networking Testbeds; high-performance research connectivity; 
        international connections; traffic monitoring; performance 
        measurement; new technology deployment (e.g., IM); and 
        developing recommended best practices (e.g., 9000 Byte MTU 
        frames).

Questions submitted by Representative Vernon J. Ehlers

Q1.  Does the draft legislation help to achieve an appropriately 
balanced portfolio? If not, what is missing or has been given too much 
attention?

A1. In the current High-Performance Computing Act as amended, the topic 
areas that make up the Program are listed together in Section 101. This 
allows a balanced view of the scope of the Program and emphasizes the 
critical inter-dependencies across all of the topic areas. I believe 
the Program has benefited over many years from this broad balance in 
the networking and IT R&D portfolio, which recognizes that hardware 
innovations are constrained without corresponding advances in software; 
the use of advanced networks will be limited without improvements in 
security and reliability; massive data sets will not drive progress if 
the data cannot be preserved, accessed, and used for increased 
understanding; etc.
    Rather than continuing this important means for achieving balance, 
the draft legislation places both cyber-physical systems and long-term, 
large-scale research in separate sections rather than in Section 101, 
suggesting that these topics may be separate from, rather than integral 
to, the other elements of the Program. Development and deployment of 
cyber-physical systems are, for example, heavily dependent on 
continuing advances in dynamic mobile networking technologies; high-
confidence methods, techniques, and tools to achieve reliability, 
verification, validation, and assured security and privacy; and in the 
scientific foundations of hardware and software. R&D in these topics is 
germane to multiple NITRD PCAs. Because of these inter-dependencies and 
the need for balanced efforts, both cyber-physical systems and long-
term, large-scale research might best be included as integral elements 
of Section 101.

Q2.  The PCAST Report calls for a number of ways to improve interagency 
coordination? Do all of you agree with those.recommendations? Do you 
have additional ideas on how coordination could be improved?

A2. The PCAST assessment included six recommendations for improved 
coordination. All six are being addressed by NITRD and the NCO, as 
summarized briefly below:

          Develop a strategic plan for the NITRD Program--
        Currently midway in the planning process

          Conduct periodic assessments of the NITRD Program 
        Component Areas and restructure the NITRD Program when 
        warranted--Evaluation of the PCA structure is expected to begin 
        once the new strategic plan is in place

          Develop public R&D plans or roadmaps--R&D plans are 
        scheduled to be developed under the new strategic plan upon its 
        completion

          Develop a set of metrics and other indicators of 
        progress for the NITRD Program--These will be included in the 
        strategic plan and R&D plans process

          NITRD NCO should develop and implement a plan for 
        supporting the development, maintenance, and implementation of 
        the NITRD strategic plan--An NCO strategic planning process is 
        underway, with completion expected in Fall 2009

          The NITRD NCO should be more proactive in 
        communicating with outside groups--

                  Implemented new policy: All NCO staff travel now 
                includes outreach visit to academic or commercial 
                counterparts

                  Increased opportunities for public input: Four RFIs 
                issued in current year; globally webcast public forum 
                for strategic plan

                  Increased one-on-one meetings with commercial 
                partners (e.g., Telcordia, Microsoft, and IBM visits)

                  Explored increased coordination with the Federal CIO 
                Council through the Federal Agency Administration of 
                Science and Technology Education and Research (FASTER) 
                Community of Practice

Q3.  What are the main challenges facing the education pipeline 
supplying the workforce for the research community and the information 
technology industry? In what ways do you think the NITRD program can 
address these challenges?

A3. Based on the current reports on this topic and dialogue with 
experts, I see three categories of challenges:

          At the K-12 level, the issues are complex. Computer 
        science has often not been part of the curriculum or, where it 
        has been included, has been focused on programming and/or 
        computer literacy. Many K-12 teachers have no formal training 
        in computer science. Many schools do not have the resources to 
        help their teachers and to provide 21st century computing 
        environments (including high-bandwidth Internet access). At all 
        levels, the central role of computation in many scientific 
        fields is not well addressed in the computer science curriculum 
        today.

          At the undergraduate level, additional efforts are 
        needed to promote and support the participation of women and 
        minorities. If they are not part of the pipeline in the early 
        years, they will not become part of the skilled IT workforce 
        our country needs to remain competitive.

          Finally, there exists a widespread misperception of 
        computer scientists as solely programmers, who work in 
        isolation on abstract code--and today are subject to employment 
        out-sourcing. This misperception of IT career paths may be 
        especially discouraging to women, but it has also depressed 
        computer science enrollments over all and has inhibited a wide 
        range of efforts to attract women and minorities to the field. 
        We need to highlight the exciting opportunities in computer 
        science to address important societal and scientific 
        challenges.

    Among the programs to address these challenges are the CPATH and 
ADVANCE programs described above, the Department of Energy's 
Computational Science Fellows Program, the Broadening Participation in 
Computing Program at NSF, and others. Efforts within the computing 
community include the development of additional components to the 
computer science Advanced Placement (AP) exam and the work of the 
Computer Science Teachers Association (CSTA) to develop model 
curricula. Efforts to expand on these activities through cooperation 
and coordination are described in my response to question 4, below.

Q4.  What actions is the NITRD program taking to address computing 
education issues, particularly at the K-12 level? What additional 
agencies and/or resources need to be brought to bear to create the most 
effective strategies to address these issues?

A4. Education and workforce development have emerged as key elements in 
our NITRD strategic planning discussions. As I commented in my response 
to Chairman Gordon's question, a small interagency working group led by 
SEW is focusing on these elements of the strategic plan.
    In addition, the NITRD NCO is currently exploring the potential for 
a three-way partnership to address the education and workforce 
challenges. In our current thinking, the elements of this partnership 
would include:

          NITRD agency program managers, division directors, 
        and others with education/training/workforce investments and/or 
        responsibilities. (Last September's Collaborative Expedition 
        workshop was designed to create connections and strengthen ties 
        in this community.)

          Department of Education counterparts with close ties 
        to the education community. (NCO is currently interacting with 
        agency leadership to examine this possibility.)

          Professional organizations with active programs in 
        computer science education, including curriculum development--
        e.g., Computer Science Teachers Association (CSTA) of the 
        Association for Computing Machinery (ACM), The Computing 
        Research Association (CRA), the National Science Teachers 
        Association (NSTA). (For example, we will meet with an ACM/CSTA 
        delegation in a few weeks to discuss ideas.)

Q5.  What efforts are being made within OSTP to encourage other 
agencies to become more involved in the NITRD program and to ensure 
that those currently participating are pulling their weight?

A5. I have not discussed this matter with the new leadership of OSTP 
and, thus, cannot comment on that aspect of your question. However, I 
and Associate NCO Director, Ernest McDuffie, have taken a number of 
steps over the last 12 months to strengthen and expand agency 
participation in the NITRD Program. We have:

          met with DHS representatives to brief them on the 
        NITRD Program and the potential value of becoming a core member 
        of the Program (DHS staff already participate extensively in 
        NITRD activities as valued participating members);

          worked with DOD representatives to forge closer ties 
        to Army, Air Force, and Navy service research organizations;

          established connections with the Nuclear Regulatory 
        Commission (NRC) and facilitated their active engagement as 
        participating NITRD constituents; and

          met with representatives of DOE's CIO Office to brief 
        them on current NITRD activities.
                   Answers to Post-Hearing Questions
Responses by Peter Lee, Incoming Chair, Computing Research Association 
        (CRA); Professor and Head, Computer Science Department, 
        Carnegie Mellon University

Questions submitted by Representative Ralph M. Hall

Q1.  One of our witnesses in a previous NITRD hearing called out the 
oversized role of the NSF in supporting academic NIT research, noting 
that this single agency provides 86 percent of the funding in this 
area. What do we gain or lose by having a single agency dominate 
funding? How can we assess whether specialization like this is leading 
to greater efficiency for the program overall or creates stovepipes 
that slow down overall progress?

A1. The two dominant federal agencies in the development of the 
discipline of computing and the resulting innovation in IT have been 
the National Science Foundation (NSF) and the Defense Advanced Research 
Projects Agency (DARPA). In addition to the NSF and DARPA, research and 
development in supercomputing was supported in large part by the 
Department of Energy (DOE), though much of that funding went to 
industry or non-academic operations of universities. The fact that 
these agencies have had significantly different approaches to funding 
IT R&D has been an overall benefit to the discipline. Historically, NSF 
has focused on funding smaller awards to the individual investigator; 
in the process ensuring a broad range of research in the field was 
performed. DARPA, created in response to the Soviet launch of Sputnik 
and charged with insuring the Nation was never caught ``flat-footed'' 
by a technologically superior adversary again, has historically focused 
on larger awards and building communities of researchers to address 
critical research problems--creating centers of excellence, many of 
which formed the basis of some of the top computer science departments 
in the country. In addition, funding opportunities at other mission-
oriented agencies--NASA, Department of Energy, Office of Naval 
Research, the Air Force Research Labs--meant university researchers had 
a number of possible outlets for their ideas, and consequently, many 
good ideas that may have otherwise gone unfunded found their way into 
the knowledge base.
    But in addition to a diversity of funding sources, the discipline 
(and, by extension, the Nation) has been well-served by especially 
visionary program managers, especially at DARPA, drawn from university 
and industrial research labs who knew the discipline well and were 
given the flexibility to take risks with the research they supported 
with their program funds. As the National Research Council noted in the 
2002 Innovation in Information Technology report:

         This style of funding and management allowed researchers room 
        to pursue new venues of inquiry. The funding style resulted in 
        advances in areas as diverse as computer graphics, artificial 
        intelligence, networking, and computer architecture. As that 
        experience illustrates, because unanticipated outcomes of 
        research are so valuable, federal mechanisms for funding and 
        managing research need to recognize the inherent uncertainties 
        and build in enough flexibility to accommodate mid-course 
        changes.

    Unfortunately, there is significant concern building within the 
academic computing research community that DARPA has lost much of what 
made it so important to the discipline by adopting policies that 
discourage university participation in defense-related IT R&D. Of 
particular concern is DARPA's recent focus on shorter-term research 
efforts, its implementation of a ``go/no go'' decision matrix for 
DARPA-funded research projects, the classification of research on 
certain topics (for example, cyber security, an area in which I know 
this committee has been particularly active), and restrictions on the 
participation of foreign nationals (e.g., U.S. graduate students who 
are not U.S. citizens).
    The idea of ``scheduling'' breakthroughs or demonstrable results on 
12-month timelines results in research that is evolutionary instead of 
revolutionary, with potential grantees only proposing research they can 
be sure will deliver results within the shorter timeframe.
    There are, of course, important reasons for classifying federal 
research, especially when it's clear that the research might reveal our 
capabilities or vulnerabilities. However, it should also be understood 
that there are real costs--including that the research is unavailable 
for public dissemination and scrutiny, and that many university 
researchers, arguably some of the best minds in the country, are no 
longer able to contribute to the work. In the case of classifying 
Defense Department cyber security research, there is another 
significant cost to bear as well. The military (and the government 
overall) has a huge dependence on our nation's commercial 
infrastructure, but classifying the research in a range of areas, 
including information security, AI, computer vision, embedded networks, 
and more means that it is largely unavailable for use in protecting 
this commercial infrastructure.
    A related problem has been the increasing inability of foreign 
nationals (for example, many graduate students) to participate in some 
of this type of research. The restriction of foreign nationals should 
not be applied blindly, but instead based on a careful analysis of 
risk/benefit issues per research topic or project.
    Failure to act to broaden the base of support for academic 
computing research will jeopardize U.S. leadership in IT, and constrain 
the pace of U.S. innovation across the economy, imperiling many of the 
gains those innovations have enabled.

Questions submitted by Representative Vernon J. Ehlers

Q1.  Does the draft legislation help to achieve an appropriately 
balanced portfolio? If not, what is missing or has been given too much 
attention?

A1. The draft legislation identifies cyber-physical systems (CPS) as an 
area of opportunity and importance to the Nation's leadership in 
information technology. CPS is clearly going to be extremely important. 
However, this IT subfield is still in its infancy, and thus it is 
critical that the legislation promote a broad definition, going well 
beyond the science of computer-controlled physical devices (such as 
cars, airplanes, and other machine controllers) and into all systems in 
which IT and the physical world are tightly coupled. To take just one 
example, consider a network of sensors embedded into a natural area, 
for the purpose of understanding the effects of climate change. Such 
systems directly address our nation's challenges in energy and the 
environment, and give a glimpse at the tremendous opportunities in CPS.
    An area that has been difficult to address in a coordinated manner 
is cyber security. There is no doubt that the Nation is at risk, as we 
have become increasingly dependent on the reliability and 
trustworthiness of our networks and information technology systems. As 
suggested in the recent report issued by the National Research 
Council's CSTB, ``Toward a Safer and More Secure Cyberspace,'' federal 
funding for harder, long-term research challenges in cyber security is 
lacking, with most funding today being targeted instead towards short-
term problems, or on fixing already-existing systems. Almost no funding 
has been expended on radical new ideas of system architecture and 
design of systems that might be more securable yet capable of meeting 
necessary mission requirements. This has hampered attempts to build a 
solid science base for cyber security--something that is sorely needed 
if we are to develop the innovative solutions that will protect our IT 
assets in the future.

Q2.  The PCAST Report calls for a number of ways to improve interagency 
coordination. Do all of you agree with those recommendations? Do you 
have additional ideas on how coordination could be improved?

A2. I agree with the recommendations called for in the PCAST Report. 
The strategic plan that is described in the legislation, as it is 
developed, should address interagency coordination directly, with each 
section of the plan specifying how such coordination should be 
achieved, as appropriate.

Q3.  What actions is the NITRD program taking to address computing 
education issues, particularly at the K-12 level? What additional 
agencies and/or resources need to be brought to bear to create the most 
effective strategies to address these issues?

A3. On March 17, 2009, CRA joined with the Association for Computing 
Machinery and the National Center for Women and Information Technology 
in providing a series of recommendations to the Committee to bolster 
computing education in the NITRD program. The three organizations 
believe the current bill could expand and better leverage and 
coordinate existing education efforts within the NITRD program.
    Specifically, they recommended that the bill:

          Promote computing education, particularly at the K-12 
        level, and increased exposure to computing education and 
        research opportunities for women and minorities as core 
        elements of the NITRD program;

          Require the NITRD program to address education and 
        diversity programs in its strategic planning and roadmapping 
        process;

          Expand efforts at the National Science Foundation to 
        focus on computer science education, particularly at the K-12 
        level through broadening the Math Science Partnership program; 
        and,

          Enlist the Department of Education and its resources 
        and reach in addressing computer science education issues.

    Computing and the innovations it yields are critical to the 
domestic economy. However, the current NIT workforce pipeline will not 
satisfy the demands of an industry that includes some of the country's 
most innovative and successful companies. It is crucial that K-12 
students are exposed to computer science education. The PCAST report 
noted some of the concerns of the computing community in this regard, 
arguing that K-12 science and mathematics preparation is weak, and 
students and parents are exposed to a negatively skewed view of 
computer science and engineering. This was reinforced by a recent 
National Academies study of the information technology research and 
development ecosystem, which says, in part:

         Concerns about the generation of talent are exacerbated by the 
        poor state of the kindergarten though grade 12 (K-12) IT/
        computing education system in the United States. In its report 
        The New Education Imperative: Improving High School Computer 
        Science Education, the Computer Science Teachers Association 
        correctly assess the situation as one in which knowledge of 
        computer science is as essential as any of the traditional 
        sciences, but in which curriculums, leadership, funding, 
        professional development for teachers, and fluency objectives 
        for students are all deficient.

    The diversity of the pipeline also remains a major concern. 
Participation rates among women and minorities in computer science are 
among the lowest of any scientific field. In 2008, only 17 percent of 
Advanced Placement (AP) computer science test-takers were women, even 
though women represented 55 percent of all AP test-takers. 
Participation in computer science AP tests among under-represented 
minorities has increased in the past decade, but it is only at 11 
percent, compared to 19 percent of all AP test-takers.
    NITRD has a Program Component Area (PCA) that includes education 
activities and specifically mentions the 21st Century workforce and K-
12 education as strategic priorities. However there is little specific 
attention to these issues within the PCA or prioritization within the 
NITRD program in general. Most education funding is from NSF. The 
Department of Education does not participate in the NITRD program at 
all. And, the NSF activities appear to lack involvement with some of 
the key programs within NSF's Education and Human Resources 
Directorate, which are focused on strengthening K-12 science, 
technology, engineering and mathematics education, including the Math 
Science Partnership program.
    The public investments in K-12 education are largely based on 
outdated visions of education, curriculum and the skills that high 
school graduates should master. Simply put, we must do more to 
strengthen computer science and related curricula to expose and attract 
a more diverse population of students to computing and to support 
teachers of computer science at the K-12 level. Given the national 
education and workforce needs, it is short-sighted to rely on a 
relatively small federal agency and effort to address K-12 issues in 
computer science education. It is imperative that specific investments 
in computing education are authorized and funded. Addressing this in 
the NITRD reauthorization would be a welcome and appropriate step 
toward strengthening the computer science education pipeline and 
supporting the critical innovations it brings to industry and the 
economy.
                   Answers to Post-Hearing Questions
Responses by Deborah Estrin, Director, Center for Embedded Networked 
        Sensing; Professor of Computer Science and Electrical 
        Engineering, University of California, Los Angeles

Questions submitted by Representative Ralph M. Hall

Q1.  One of our witnesses in a previous NITRD hearing called out the 
oversized role of the NSF in supporting academic NIT research, noting 
that this single agency provides 86 percent of the funding in this 
area. What do we gain or lose by having a single agency dominate 
funding? How can we assess whether specialization like this is leading 
to greater efficiency for the program overall or creates stovepipes 
that slow down overall progress?

A1. NSF has enough diversity internally that I have not seen evidence 
of stovepipes or a slowing down of progress. They have been a 
tremendously affective steward of the IT R&D dollars and process. They 
have been particularly effective when they have had adequate funds to 
support multi-disciplinary and experimentally oriented research such as 
under the ITR program. However, it is a huge burden on NSF to be the 
only game in town for IT research and given the clearly evidenced 
importance of this technology to all aspects of economy and society, 
additional funding through partner agencies is warranted.

Questions submitted by Representative Vernon J. Ehlers

Q1.  Does the draft legislation help to achieve an appropriately 
balanced portfolio? If not, what is missing or has been given too much 
attention?

A1. I believe that the draft legislation does in fact represent an 
appropriately balanced research portfolio.

Q2.  The PCAST Report calls for a number of ways to improve interagency 
coordination? Do all of you agree with those recommendations? Do you 
have additional ideas on how coordination could be improved?

A2. As to interagency coordination, I would highly encourage a 
continued emphasis in this direction and suggest seeking input from 
representatives from the research community (such as those who provided 
testimony at this hearing, as well as from domain scientists 
representing the other mission oriented agencies) as to particular 
projects and opportunities that seem most promising from a 
technological opportunity and scientific need perspective.
                   Answers to Post-Hearing Questions
Responses by Amit Yoran, Chief Executive Officer, NetWitness 
        Corporation

Questions submitted by Chair Bart Gordon

Q1.  In your written testimony you indicate that the Department of 
Homeland Security is investing approximately $19.5 million in cyber 
security research. Do you think DHS could leverage their investment 
more effectively if they were to become a full member of the NITRD 
program? Are research areas that DHS is not actively pursuing that they 
should be?

A1. While only a small amount, the DHS investment is efficiently 
invested and NITRD membership would not impact their investment 
significantly. DHS participates in all of the NITRD activities and so 
is coordinating within the interagency process. The DHS S&T investment 
is very broad for the funding they have. They are limited more by their 
budget than in the ability to pursue other research areas.

Q2.  In your written testimony you indicate that while certain areas of 
research should remain classified the vast majority of networking and 
information technology research should be unclassified. Can you 
describe what research should remain unclassified and how 
classification has affected the networking and information technology 
R&D ecosystem?

A2. The only research and development that should be classified is that 
which is specific to certain operational missions. Because most 
academic and small business researchers do not have clearances, they 
are unable to participate in classified research programs. Over the 
past decade research in this area has been classified, leaving out the 
innovative ideas of small business and academia. Additionally, 
classified research seldom results in commercial products, which has 
also impacted the transition of government-funded research into the 
marketplace. Most classified research efforts should be transitioned to 
unclassified programs and only specific use cases remain classified. 
This transition will lead to better research and result in greater 
benefit to the cyber defense mission.

Q3.  In your testimony you state that the U.S. cannot match the large-
scale investments China and India are making in networking and 
information technology R&D, but we can maintain our leadership through 
innovation. Can you compare the level and types of investments being 
made by our international competitors? What strategic investments 
should we be making to maintain our innovative edge?

A3. The OECD recently ranked the United States 22nd in the percentage 
of GDP devoted to non-defense research. According to Steven Ezell of 
the Information Technology & Innovation Foundation (ITIF), ``compared 
with other industrialized democracies, the U.S. Government invests 
relatively little in innovation-promotion efforts. In fiscal year 2006, 
the Federal Government spent a total of $2.7 billion, or 0.02 percent 
of gross domestic product, on its principal innovation programs and 
agencies [.]. . . if the United States wanted to match Finland's 
outlays per dollar of GDP, it would have to invest $34 billion per 
year.'' In an article in Physics Today published in late 2006, Cong 
Cao, Richard Suttmeier, and Denis Fred Simon analyzed China's 15-year 
science and technology plan. They point out that, ``according to the 
``Medium- to Long-Term Plan for the Development of Science and 
Technology,'' China will invest 2.5 percent of its increasing gross 
domestic product in R&D by 2020, up from 1.34 percent in 2005; raise 
the contributions to economic growth from technological advances to 
more than 60 percent, and limit its dependence on imported technology 
to no more than 30 percent.'' This plan also includes ambitious goals 
in the areas of developing Chinese scientific thought leadership and 
domestic Chinese innovation. While this is covering the broad spectrum 
of Science and Technology, it is clear that these countries are making 
the necessary strategic investments. To start with, we should increase 
our government funded research programs by an order of magnitude. Such 
an investment would revitalize the entire R&D ecosystems, including 
small business, venture capital, etc. While we cannot match dollar for 
dollar the investment of China and other nations, we can rely on 
innovative approaches and entrepreneurial functions in the United 
States to yield more efficient results with the funds we do chose to 
invest.

Questions submitted by Representative Ralph M. Hall

Q1.  One of our witnesses in a previous NITRD hearing called out the 
oversized role of the NSF in supporting academic NIT research, noting 
that this single agency provides 86 percent of the funding in this 
area. What do we gain or lose by having a single agency dominate 
funding? How can we assess whether specialization like this is leading 
to greater efficiency for the program overall or creates stovepipes 
that slow down overall progress?

A1. The major drawback of having this single agency dominate the 
funding in this area is that NSF funds only basic research solely with 
academics and non-profits. Therefore, a majority of the funded research 
never makes it into the development, transition, and commercialization 
pipelines. Other government agencies, such as DHS S&T, have broad 
programs that includes the full research, development, test, 
evaluation, and transition (RDTE&T) spectrum and these programs are 
hampered when the majority of funding is given to NSF. Assessment of 
efficiency in the R&D environment is a difficult task. Current NSF 
assessment is usually based on the number of academic papers written 
and the number of granted degrees. These statistics do not provide a 
measure of progress. Other agencies can measure the impact by number of 
products developed, transitioned, and commercialized, which is an 
excellent measure for those program, but not applicable to NSF. There 
are many sources for development capital in the United States, of which 
the Federal Government is one. The government does have a larger role 
to play in fundamental research, where commercial entities typically 
investment with shorter-term expectations of commercialization.

Q2.  You stated in your testimony that ``care must be taken to no 
expend limited resources trying to enter the security product 
development business, especially via classified venues.'' Please 
elaborate. Are you concerned that DHS and/or other agencies may be 
attempting to develop their own cyber security hardware and software 
and sell it to (or force it upon) the private sector?

A2. DHS does not currently have a classified research program. The 
concern is that other agencies, e.g., DARPA, are creating ``Government-
Off-The-Shelf (GOTS)'' products that are competing with the private 
sector. Additionally, there are intelligence agencies that are 
producing GOTS products and requiring their usage by other agencies as 
part of the current CNCI program. Many of these technologies are 
already available from the private sector and the government is not 
considering these solutions, instead they are spending their limited 
funds to create their own competing solutions. Furthermore, any such 
GOTS solutions are expected to be developed in classified environments 
where any possible benefits they make possible are not delivered to the 
private sector. The intelligence community should work with private 
industry to better refine the products and capabilities to address the 
government cyber requirements. Use cases and signature sets can remain 
classified so as to protect sources and methods. The resulting 
improvement in security products will better enable the private sector 
and critical infrastructures to better protect themselves.

Q3.  The White House is publicly calling for a ``national public-
private partnership'' on cyber security, which some believe may focus 
on regulating private sector cyber security standards and protocols. 
Separately, legislation has been introduced in the Senate that would 
``establish enforceable cyber security standards'' that ``would be 
applicable to both government and the private sector.'' Do you think 
this is a good idea? Why or why not?

A3. The government should be concerned about protecting its 
infrastructure and government data. As the largest consumer of IT and 
IT security products, any good standards and practices that the 
government requires will be embedded eagerly into security products and 
assist private industry in better protecting itself. In isolation the 
private sector has other interests, including profitability which 
sometime preclude it from aggressively adopting new security standards. 
Public-private partnerships are necessary going forward, but they can 
only be effective if they are clearly defined, with measurable 
objectives and clear value propositions for all participants.

Q4.  How successful have the Federal agencies been at figuring out ways 
to interact with one another through computer systems, particularly 
since September 11, 2001, when it became evident how important it could 
be to homeland security?

A4. The information sharing environments of the government are still 
not working effectively. The recent resignation of Rod Beckstrom 
described some of the continuing problems in this area, some of which 
are technical and others cultural and political. In addition, the 
sharing of information with the private sector has not advanced very 
far. There have been many instances where the private sector has had 
information, but have not shared it with the government because there 
is no value proposition for sharing, and in many instances significant 
exposure.

Questions submitted by Representative Vernon J. Ehlers

Q1.  Does the draft legislation help to achieve an appropriately 
balanced portfolio? If not, what is missing or has been given too much 
attention?

A1. Because the National Coordination Office (NCO) and the NITRD 
program is solely an oversight activity, the legislation doesn't 
guarantee a balanced portfolio. Each of the agencies that participate 
in the NITRD program has their own budgets, none of which are 
``controlled'' by the NCO and NITRD. To truly force a balanced 
portfolio across all agencies, there needs to be some centralized 
entity that has the ability to control agency budgets, thus, ensuring 
that agencies do not focus only on their needs or ``pet projects.''

Q2.  The PCAST Report calls for a number of ways to improve interagency 
coordination. Do all of you agree with those recommendations? Do you 
have additional ideas on how coordination could be improved?

A2. For the most part these recommendations are good. However, there 
doesn't appear to be significant coordination between OSTP and the NCO 
and this is then not reflected to the interagency working groups of the 
NITRD.
                              Appendix 2:

                              ----------                              


                   Additional Material for the Record


                    Prepared Statement of Amit Yoran

    Mr. Chairman and Ranking Member, thank you for the opportunity to 
testify before the House Committee on Science and Technology on 
``Networking and Information Technology Research and Development.''
    My name is Amit Yoran and I am the CEO of the NetWitness 
Corporation, a company providing next generation cyber security 
monitoring technologies to the U.S. Government and the private sector, 
and in delivering critical infrastructure cyber protection to the 
Nation. I also serve as a member of the CSIS Cyber Commission advising 
the 44th Presidency and on numerous security industry advisory bodies.
    I have served as the first Director of the National Cyber Security 
Division (NCSD) in standing up the United States Computer Emergency 
Readiness Team (US-CERT) and Einstein program at the Department of 
Homeland Security (DHS), as CEO and advisor to In-Q-Tel, as founder and 
CEO of Riptech, an innovative cyber security company, and as manager of 
the Vulnerability Analysis Program (VAP) of the U.S. Department of 
Defense's Computer Emergency Response Team (DOD CERT). I received a 
Bachelor of Science degree in Computer Science from the United States 
Military Academy at West Point and a Master of Science in Computer 
Science from The George Washington University.
    Over the past fifteen years, automation and the use of computer 
systems has permeated every aspect of modern life. Our nation is 
entirely reliant upon computer systems and networked technologies in 
everything from national security and intelligence activities to 
commerce and business operations to power production and transmission 
to personal communications and correspondences.
    Today's Internet has become one of the unifying fabrics driving 
globalization at an increasingly accelerated pace. Beyond its role as 
the pervasive communications medium, computer based automation and 
technology are the driving forces behind every major industrial and 
economic base in the world. Simply put, computer technologies and 
communications represent the greatest threat to and opportunity for our 
nation.

Networking and Information Technology Research and Development (NITRD)

    The United States leads the world in networking and information 
technology (NIT). In recent years competitors in China and India have 
been investing strategically in large scale NIT research and 
development efforts. The U.S. leadership position is primarily driven 
by and can only be maintained by continuing with a broadly diffused and 
highly innovative industrial base in networking and information 
technologies. Simply put, we will lose if our efforts are reduced to 
long-term direct and linear competition. The competitive landscape 
overseas includes large scale, well coordinated and deliberate 
investment into NIT research, development and education programs, which 
we cannot match. It is, in fact, our innovation which is necessary for 
continued leadership in technology. The NITRD program, which invests 
approximately $3.5 billion, is a key component by which the U.S. 
Government contributes to defining the federal need and contributing to 
national efforts in these areas.

Research or Development Balance and Focus

    In order for NITRD to provide the maximum benefit to the government 
and the Nation, it must work hand in glove with industry ingenuity and 
entrepreneurship. Every year through corporate programs and private 
industry, billions of dollars are invested in improving network and 
information technologies. According to the National Venture Capital 
Association, ``Since 1970 venture capitalists have invested more than 
$466 Billion into more than 60,700 companies.'' Most of these 
investments are iterative improvements to technologies and methods 
which are known and are intended to develop and commercialize them, 
thereby making them broadly available. U.S. Government networking and 
information technology needs align very closely with those of private 
industry. These areas of alignment are broad, including large scale 
processing, networking and storage platforms, human computer 
interaction, data and knowledge management, software and systems 
design, cyber security and information assurance (which include 
resiliency, integrity and confidentiality), and workforce issues. Only 
in isolated instances are Government needs unique or do they differ 
from those of industry. In cases where they differ slightly or in cases 
where the government-specific requirements represent a significant 
enough commercial opportunity, private industry will evolve to meet 
those unique needs as well. Technologies developed by private industry 
not only fuel economic growth, they provide for technologies better 
supported in the field, more nimble to evolve as requirements change 
and ultimately lower the total cost of ownership. However, only in rare 
instances does the private sector invest in fundamental or long-term 
research activities, which must remain the focus of Federal Government 
R&D activities.

Classified Versus Unclassified Research and Development Activities

    NITRD funds unclassified activities. Nearly all U.S. Government 
funding for NIT research should occur at an unclassified level. In 
certain areas government-use cases of technology must remain 
legitimately classified, but the fundamental research behind these 
networking and information technology efforts must occur at the 
unclassified level. The vast majority of promising researchers do not 
hold adequate security clearances, which serves to significantly limit 
the talent pool for classified research. Fundamental research efforts 
when classified also prevent the Nation from leveraging the innovation 
outside of the privileged few. This holds true for adoption by the 
private sector, NIT advantage and growth in private industry and 
consequently also a decrease in overall economic efficiency and 
competitiveness of the Nation. Classified research programs lack the 
adequate public review and debate necessary to assure that the programs 
are designed optimally, contain the highest level of innovation, and 
are well-aligned with and informed by the total body of knowledge of 
the NIT community. In the rare cases where R&D projects must be 
classified, The White House Office of Science and Technology Policy 
(OSTP), which has the appropriate clearances, should work to ensure 
proper coordination and non-duplication with unclassified R&D efforts.

Cyber Security R&D

    The current paradigm in cyber security is not likely to change 
significantly through private sector efforts in areas such as improved 
security products, monitoring and incident response capabilities. While 
the private sector makes significant investment in needed incremental 
product, application and protocol improvements; fundamental research is 
required to meaningfully improve the security of the cyber and critical 
infrastructures.
    According to the CSIS Commission work, ``The Federal Government 
plans to spend about $143 billion in 2009 on R&D. We estimate that two-
tenths of one percent of that will go to cyber security.'' An 
inherently government investment must drive long-term research agendas 
in cyber security, where private sector focus on shorter-term 
commercialization limits gains to those of a more tactical and 
incremental nature.
    NITRD programs will receive $3.5 billion for research and 
development, and cyber R&D will receive approximately $300 million. 
Beyond the $260 million reported by NITRD as being focused on cyber 
R&D, the Department of Homeland Security allocated an additional $19.5 
million for 2009 in S&T programs for cyber that is not included in 
NITRD figures. Funding for research and development is politically 
complex and many of the groups who should be benefiting from it are 
not. A $300 million investment in cyber security is inadequate. DHS' 
embarrassing lack of attention to cyber programs simply fails any 
semblance of judgment and mocks their role as sector specific or lead 
agency on cyber matters. As cyber R&D portfolio manager at DHS, Doug 
Maughan has been very successful given an untenable lack of resources.
    The Comprehensive National Cyber Initiative (CNCI) calls for 
increased near- and longer-term R&D activities. Care must be taken to 
not expend limited resources trying to enter the security product 
development business, especially via classified venues. Rather, the 
government must guide and assist in articulating functional 
requirements for the development of technologies that can help us best 
address the sophisticated cyber threat environment. These requirements 
must inform a broad reform of our sourcing methods for networking and 
information technologies so that they are procured, deployed and 
maintained in a more secured state. By appropriately relying on 
industry for development, we can avoid the problem of government 
development efforts stranding enterprise cyber defenders without the 
benefits of product management, maintenance or professional support. 
The resulting improvement in security technologies will not only 
benefit the government in protecting its systems, but will also benefit 
the Nation's critical infrastructure operators and rest of the shared 
Internet fabric that joins our digital world.
    A national research and development technology agenda must both 
identify the most promising ideas and describe the strategy that brings 
those ideas into fruition, recognizing that these activities must work 
hand in glove with private industry. The agenda must also jump-start a 
multi-disciplinary effort. By incorporating other disciplines that are 
greatly affected by cyber, we can better understand the security 
implications of their reliance on cyber and also help identify creative 
methods for addressing critical shortcomings.
    The INFOSEC Research Council's ``Hard Problems'' list identifies 
several areas in need of immediate funding and action;

        1.  Global-Scale Identity--Identification required to produce 
        an infrastructure capable of and reliable for commercial and 
        national security purposes

        2.  Insider Threat--All security technologies and approaches 
        rely practically on modeled behavior of external bad actors. 
        This runs contrary to a majority of the security data, which 
        shows damaged caused by insiders to be orders of magnitude more 
        frequent and costly

        3.  Availability of Time-Critical Systems--Implementing 
        effective security for systems where timeliness, performance 
        and availability are higher priority services than security 
        (i.e., control systems)

        4.  Scalable Secure Systems--The development of large-scale 
        secure systems where individual components or dependencies may 
        be flawed or compromised

        5.  Situational Understanding and Attack Attribution--
        Determining the current state of security for large scale and 
        complex systems and being able to conduct assessments and 
        provide attribution for security incidents

        6.  Information Provenance--Developing systems and methods to 
        determine and manage the integrity of information and 
        information systems

        7.  Security with Privacy--Designing methods and processes to 
        improve security while preserving or enhancing privacy through 
        granularity of activities and systems improvements

        8.  Enterprise-Level Security Metrics--Scalable methods to 
        determine or represent security or risk are needed in order to 
        optimize resource allocation and decision-making.

Conclusions

    In the areas of networking and information technologies Congress 
and the Obama Administration can meaningfully improve the impact of 
federal investment.

        1.  Focus on fundamental research that is currently unfunded, 
        but necessary to assure America's long-term competitiveness.

        2.  Except in rare instances, networking and information 
        technology research and development should be conducted in an 
        unclassified fashion.

        3.  While spending more on cyber security research and 
        development activities in their aggregate is desirable, a 
        redistribution of resources from government custom cyber 
        security technology development to research activities would 
        substantively increase the likelihood of discovering the 
        paradigm changing methods which might take us out of the 
        current cycle of tactical cat and mouse increments.

        4.  The Department of Homeland Security should invest 
        meaningfully in cyber security research and development. The 
        Intelligence Advanced Research Projects Activity (IARPA) should 
        focus on top intelligence community problems, such as attack 
        attribution, which may represent a hard problem, but does not 
        represent significant overlap with the research needs of many 
        other federal department and agency missions. Nor is 
        attribution a research requirement of the private sector.

        5.  In a much needed redistribution of priorities from tactical 
        government development efforts to the funding of fundamental 
        research, a series of creative and lower cost programs can help 
        the government better understand and leverage the emerging 
        development efforts of private industry. As an innovative 
        example of one such program, In-Q-Tel, a government funded, 
        non-profit, venture capital entity actively reviews hundreds of 
        innovative, venture capital-backed, emerging technologies each 
        year from around the Nation and selectively brings them to the 
        Intelligence Community. These technologies can address near-
        term requirements or solutions the IC would otherwise likely 
        fund costly development efforts to address. This innovative 
        model not only assures efforts are informed by private 
        industry, it also helps the government leverage capital already 
        invested in the development of new technologies and spurs 
        economic growth. Such innovative approaches can be used for 
        greater alignment with industry.

                        Biography for Amit Yoran

    Amit Yoran serves as the Chairman and CEO of NetWitness 
Corporation, a leading provider of network security analytic products. 
He is a Commissioner of the CSIS Commission on Cyber Security advising 
the 44th Presidency and serves on several industry and national 
advisory bodies. Prior to NetWitness Mr. Yoran served Director of the 
National Cyber Security Division at the Department of Homeland 
Security, and as CEO and advisor to In-Q-Tel, the venture capital arm 
of the CIA. Formerly he served as the Vice President of Worldwide 
Managed Security Services at the Symantec Corporation. Mr. Yoran was 
the co-founder of Riptech, a market leading IT security company, and 
served as it's CEO until the company was acquired by Symantec in 2002. 
He formerly served an officer in the United States Air Force in the 
Department of Defense's Computer Emergency Response Team.
    Mr. Yoran is an independent director on the boards of innovative 
security technology companies Boards, including; Guardium, Digital 
Sandbox, and IronKey. He previously served on the board of Cyota until 
the company's acquisition by RSA in 2006, Guidance Software (GUID) 
through the company's successful IPO in 2007 and as an advisor to 
Intruvert Networks until the company's acquisition by McAfee in 2003.
    Mr. Yoran received a Master of Science degree from the George 
Washington University and Bachelor of Science from the United States 
Military Academy at West Point.

                                   
