House approves S&T legislation to improve cybersecurity R&D
WASHINGTON, DC, Feb. 4, 2010 -- The House of Representatives has passed H.R. 4061, the Cybersecurity Enhancement Act, which aims to improve cybersecurity within the federal government as well as the public and private sectors...
WASHINGTON, DC, Feb. 4, 2010 -- Today, the House of Representatives passed H.R. 4061, the Cybersecurity Enhancement Act, by a vote of 422 to 5. This bill will improve cybersecurity within the federal government as well as the public and private sectors by: helping to develop a skilled cybersecurity workforce; coordinating and prioritizing the federal research and development (R&D) portfolio; improving the transfer of cybersecurity technologies to the marketplace; and promoting cybersecurity education and awareness for the general public.
"The Internet does not stop at our borders; the consequences of poor cybersecurity measures can greatly impact our national security and economy," stated bill cosponsor and Science and Technology Committee Chairman Bart Gordon (D-TN). "Improving cybersecurity will require a collaborative effort both domestically and internationally. H.R. 4061 accomplishes this by coordinating U.S. representation in the development of international cybersecurity technical standards and best practices and by creating a strategic vision for federal cybersecurity R&D."
H.R. 4061 was introduced by Research and Science Education (R&SE) Subcommittee Chairman Daniel Lipinski (D-IL) on November 7, 2009. This bipartisan legislation addresses recommendations from the Administration's Cyberspace Policy Review, released May 29, 2009, and input from the four hearings on cybersecurity the House Science and Technology Committee held in 2009. H.R. 4061 is a combination of two Committee discussion drafts: the Cybersecurity Research and Development Act of 2009, which passed the R&SE Subcommittee on September 23, 2009, and the Cybersecurity Coordination and Awareness Act of 2009, which passed the Technology and Innovation Subcommittee on November 4, 2009.
"As our reliance on information technology has increased, so has our vulnerability to cyber attacks, as news reports indicate on a near daily basis," said Lipinski. "Cybercrime is a major problem for the government, for businesses, and indeed for every American. This bill will increase the security of vital and personal information by strengthening research partnerships among the federal government, the private sector, and colleges and universities, and supporting the transfer of promising technologies from researchers to the wider marketplace. We need to get the best ideas of our scientists and engineers out of the lab so they can contribute to our collective security and generate economic growth."
"Securing cyberspace is vitally important to both our safety and our national economy," stated Technology and Innovation Subcommittee Chairman David Wu (D-OR). "We cannot stand by and let the most powerful tool for connecting Americans with each other and the world remain the Wild West of technology. Today's legislation will help our communities and our constituents be secure in the knowledge that they are safe when they go online."
The federal government's cybersecurity activities are divided among several agencies and programs, including the National Science Foundation (NSF), the National Institute of Standards and Technology (NIST), and the Networking and Information Technology Research and Development (NITRD) program:
• NSF is the main agency supporting non-classified cybersecurity R&D and education. Specifically, the Cybersecurity Enhancement Act reauthorizes NSF's cybersecurity research program, the Trustworthy Computing program, and formally establishes the Scholarship for Service program, which provides funding to colleges and universities to award scholarships to students in the information assurance and computer security fields in exchange for their service in the federal government after they have completed their training.
• NIST has two key cybersecurity responsibilities: developing federal information processing standards; and testing the effectiveness of security requirements. Because the vast majority of cybersecurity breaches are the result of current best practices not being followed, H.R. 4061 requires NIST to develop and implement a public cybersecurity awareness and education program to encourage the more widespread adoption of best practices (i.e. using unique passwords for different logons, not keeping passwords written next to the computer). Also, U.S. federal government representation in the development of international cybersecurity technical standards is incomplete and uncoordinated. Consistent with the recommendations made in the President's Cyberspace Policy Review, this bill requires NIST to develop a plan to ensure representation in all important international cybersecurity technical standards development initiatives and that this representation works from one coordinated U.S. federal government strategy.
• The NITRD program is the primary mechanism by which the federal government coordinates its unclassified networking and IT R&D investments. Thirteen federal agencies, including all of the large science and technology agencies, are formal members of the NITRD Program; other federal organizations also participate in NITRD activities. H.R. 4061 requires the NITRD participating federal agencies to create and implement a strategic plan to guide their cybersecurity R&D efforts.
This bill would also require the Administration to conduct an assessment of cybersecurity workforce needs across the federal government. Lastly, H.R. 4061 requires the Administration's Office of Science and Technology Policy (OSTP) Director to assemble a university-industry task force to discover new models for implementing collaborative R&D.
"H.R. 4061 is a good bipartisan bill that strengthens public-private partnerships, ensures an overall vision for the federal cybersecurity R&D portfolio, trains the next generation of cybersecurity professionals, and improves cybersecurity technical standards," added Gordon.
The following Members are co-sponsors of H.R. 4061: Committee Chairman Bart Gordon (D-TN), Ranking Member Ralph Hall (R-TX), Research and Science Education Subcommittee Ranking Member Vernon Ehlers (R-MI), Technology and Innovation Subcommittee Chairman David Wu (D-OR), Technology and Innovation Subcommittee Vice Chairman Ben Ray Luján (D-NM), Technology and Innovation Subcommittee Ranking Member Adrian Smith (R-NE), Rep. Eddie Bernice Johnson (D-TX), Rep. Steven Rothman (D-NJ), and Rep. Michael McCaul (R-TX).
The following groups have endorsed H.R. 4061: U.S. Chamber of Commerce, Business Software Alliance, University of Illinois, Software and Information Industry Association, Applied Visions Inc., VeriSign, Georgia Tech College of Computing, CA Inc., Symantec Corporation, U.S. Telecom, NCTA, McAfee Inc., Computing Research Association, Association for Computing Machinery's U.S. Public Policy Council, and TechAmerica.
More information about the Committee's work on Cybersecurity >
More information about H.R. 4061 >
Visit the Committee's website at science.house.gov.