Information security needs its own National Institutes of Health

Originally published at:

1 Like

If it gives citizens better security and not a bunch of back doors, I wholeheartedly agree!


Unfortunately, the area of medicine that seems most similar to ‘information security’ is the wonderful world of ‘tropical medicine’, where gruesome parasitic infections are considered normal; massive morbidity and mortality from easily treatable conditions are just background noise; local state actors tend to be either ineffectual or actively killing the patients; and the nastier pathogens continue to defy attempts at vaccination or cure.

That said, security research as a public good seems like a very plausible proposal(so long as you can keep it from turning into ‘the government paying vendors to do the QA they should be doing themselves’); but it isn’t going to be pretty.


per usual, Kaminsky is right on the money.

one very big obstacle is that an entire sector of our government (and other governments) has developed infosec into an offensive weapon, and they are very happy with the current state of things. they view any effort to lower infosec risk, as lowering the effectiveness of their “weapons”.


Isn’t this supposed to be one of the jobs of the NSA? You know, an Agency dedicated to Securing the Nation?

I’d rather see it privately funded, and using Tim Cook’s definition of security, not the FBI’s.

That mainly applies to government networks. US Cyber Command, under the NSA, specifically military networks. Cybercom split off the defensive aspect to DISA, about 3 years ago. NSA should probably do the same, as the split offensive / defensive roll is proving problematic.

NIST has always proposed standards, but this seems outside that realm as well.

1 Like

This topic was automatically closed after 5 days. New replies are no longer allowed.