The House of Representatives will consider H.R. 4061, the Cyber Security Enhancement Act, today. The bill, which originated in the House Science and Technology Committee, is designed to “improve the security of cyberspace by ensuring federal investments in cybersecurity are better focused, more effective, and that research into innovative, transformative technologies is supported.” It’s actually a combination of two separate S&T committee bills, the Cybersecurity Research and Development Amendments Act of 2009, which deals mainly with cybersecurity research issues and authorizes funding at NSF, and the Cybersecurity Coordination and Awareness Act of 2009, which is primarily focused on cybersecurity activities at NIST. The committee has detailed information on the bill on its website.
Most relevantly for the computing research community, the bill:
- Requires a federal cybersecurity R&D strategic plan (though this is already underway);
- Requires social and behavioral research in cybersecurity at NSF and calls out “identity management to be one of the areas NSF supports as part of its cybersecurity R&D;
- Requires NSF to establish a postdoctoral fellowship program in cybersecurity;
- Requires OSTP to assess the current and future cybersecurity wrokforce needs to the federal government, including comparison of the skills needed by each federal agency, the supply of talent, and any barriers to recruitment.
- Establishes a university-industry task force to examine public-private research partnerships in cybersecurity.
- Directs NIST’s intramural research activity to conduct research into unifying and standardized identity, privilege and access controll management frameworks for the execution of a wide variety of resource protection policies; research into improving the security of systems and networks; improving the testing, measurement, usability and assurance of systems and networks; and research associated with improving the security of industrial control systems;
- Directs NIST to develop a cybersecurity awareness and education program.
All told, the bill would authorize about $395 million in research funding at NSF over the next five years. It would then be up to congressional appropriators to actually provide NSF with that funding.
CRA joined with ACM’s U.S. Public Policy Committee in November to endorse the bill during its consideration by the committee. Here’s what we said:
Chairman Gordon and Ranking Member Hall:
As representatives of two leading organizations in the computing community — the Computing Research Association (CRA) and the Association for Computing Machinery (ACM) — we are pleased to support your efforts to bolster federal cyber security research through H.R. 4061, the Cyber Security Enhancement Act of 2009.
Information technology constitutes the “control loop” of essentially every aspect of our critical national infrastructure — the electric power grid, the financial grid, the telecommunications grid, the food distribution network — making the computers and communications systems of the nation critical infrastructure themselves. Our organizations, along with the National Research Council and the President’s Information Technology Advisory Committee, have all agreed that the most significant long-term step the Federal government can take to protect this information infrastructure is a sustained commitment to IT research and development, specifically in the areas of information and network security.
We are pleased that your legislation endorses this recommendation by providing new authorizations for a number of federal cyber security research programs. Our organizations have also, in the past, raised concerns about the balance in the federal program between short and long-term efforts, and about the level of coordination between federal agencies. Your legislation’s requirement that the participating agencies, with the assistance of the National Coordination Office, develop a strategic plan for federal cyber security research is a major step in addressing this concern.
We thank you for your work on this legislation and for your long-standing leadership of federal cyber security research efforts. We look forward to working with you and your colleagues as you endeavor to move this legislation this session.
Dr. Eric Grimson
Chair, Computing Research Association
Dr. Eugene H. Spafford
The bill is expected to pass, though it faces 25 amendments today. We’ll have details if the bill gets substantially modified in any way.
Update: (Feb 4, 2010) — The bill passed by an overwhelming majority — 422 to 5 — and will head now to the Senate, where its prospects are somewhat murky. Here’s the S&T committee’s press release.