(Washington, DC) – Today, the House Committee on Science and Technology passed H.R. 4061, the Cybersecurity Enhancement Act of 2009, by a voice vote. H.R. 4061 will improve the security of cyberspace by ensuring federal investments in cybersecurity are better focused, more effective, and that research into innovative, transformative technologies is supported. H.R. 4061 does this by reauthorizing and expanding the Cyber Security Research and Development Act (P.L. 107-305) passed by the Committee on Science and Technology in 2002. In addition to promoting cybersecurity R&D, the legislation addresses cybersecurity workforce concerns and advances the development of technical standards. H.R. 4061 is a combination of two Committee discussion drafts: the Cybersecurity Research and Development Amendments Act of 2009 and the Cybersecurity Coordination and Awareness Act of 2009.
“As many of you know, October was Cybersecurity Awareness Month. I think it’s timely that we are considering this legislation on the heels of that effort to encourage people to protect their computers and the nation’s critical cyberinfrastructure. The theme of the recent awareness campaign was ‘Our Shared Responsibility.’ I find the theme particularly fitting as it also reflects an overarching recommendation in this year’s Administration review of cyberspace policy. The common thread through all of the recommendations of the review was the importance of partnerships between the federal government and the private sector in achieving a more secure cyberspace,” stated Chairman Bart Gordon (D-TN). “H.R. 4061 is based on the concept that, in order to improve the security of our networked systems, the federal government must work in concert with the private sector.”
“This bill will help to ensure an overall vision for the federal cybersecurity R&D portfolio, will help train the next generation of cybersecurity professionals, will improve cybersecurity technical standards and will strengthen public-private partnerships in cybersecurity,” said bill author Research and Science Education Subcommittee Chairman Daniel Lipinski (D-IL).
The Cybersecurity Research and Development Amendments Act of 2009 was approved by the Research and Science Education Subcommittee on September 23. The Committee discussion draft requires federal agencies to develop, update, and implement a strategic plan for cybersecurity research and development (R&D). Specifically, the plan requires federal agencies to create a roadmap detailing each agency’s role and the level of funding required to fulfill their research objectives. Also, the Cybersecurity Research and Development Amendments Act of 2009 would require the National Science Foundation (NSF) to support research on the social and behavioral aspects of cybersecurity and reauthorize NSF’s cybersecurity related programs.
The Cybersecurity Coordination and Awareness Act of 2009 was approved by the Technology and Innovation Subcommittee on November 4. Specifically, the Committee discussion draft requires the National Institute of Standards and Technology (NIST) to:
· Develop and implement a plan to ensure coordination within the federal government with regard to the development of international cybersecurity technical standards;
· Develop and implement a cybersecurity awareness and education program; and
· Engage in R&D to improve identity management systems.
The Committee approved amendments from Research and Science Education Subcommittee Chairman Lipinski, Technology and Innovation Subcommittee Vice Chairman Ben Ray Luján (D-NM), Rep. Michael McCaul (R-TX), and Technology and Innovation Subcommittee Chairman David Wu (D-OR).
“My amendment takes steps toward addressing growing cybersecurity workforce concerns,” added Lipinski. “It will help make sure that the federal government can secure its own computer systems, addressing the estimated shortfall in cybersecurity professionals through a number of measures, including the Federal Cyber Scholarship for Service program at the NSF. This program provides two or three year scholarships to undergraduate and graduate students pursuing degrees in cybersecurity. It requires them, in return, to serve an equal number of years in the federal IT workforce. That’s a win for our students, for the government and for the IT profession as a whole.”
“My amendment will address any potential regional disparities in the Federal Cyber Scholarship for Service Program, providing local companies, organizations and government agencies in New Mexico and throughout the southwest with access to locally trained talent. The amendment will also help to educate tribal communities about the risks of cyber attacks and how they can keep themselves safe from cyber criminals,” stated Luján.
“My amendment directs NIST to improve the usability of identity management systems, which will help simplify how these systems are installed, set up, and used,” said Wu. “Improving usability is a crucial element in the widespread adoption of these important security systems.”
The following groups have endorsed the legislation: Computing Research Association (CRA), Association for Computing Machinery’s U.S. Public Policy Council (USACM), Business Software Alliance (BSA), and Sun Microsystems.