ISSC Security‎ > ‎

Cybersecurity Enhancement Act

posted 5 Feb 2010, 14:07 by Kanav Gupta
The first major cybersecurity bill to be passed by either house in the 111th Congress, the Cybersecurity Enhancement Act, was approved by a 422-to-5 vote in the House on Thursday. The measure, HR 4061, goes to the Senate.

Rep. Dan Lipinski, the Illinois Democrat who is the bill's main sponsor, said on the House floor that cybersecurity is an important issue that affects people in their everyday lives. "The amount of time all of us spend on the Internet, the vulnerabilities that are out there, hopefully through this work, we can really make things better, make our Internet more secure, so we have fewer problems with attacks, not just on government but on individuals," Lipinski said.

Provisions of the measure, which the Congressional Budget Office estimates would cost $639 million from fiscal years 2010 to 2014 period and $320 million thereafter, would help the federal government develop a skilled cybersecurity workforce, coordinate and prioritize federal cybersecurity research and development, improve the transfer of cybersecurity technologies to the marketplace and promote cybersecurity education and awareness for the public.

If enacted into the law, the measure also would strengthen the role of the National Institute of Standards and Technology in shaping the way the federal government and the nation address cybersecurity. The bill's sponsors contend the vast majority of cybersecurity breaches occur because current best practices aren't followed. The measure orders NIST to develop and implement a public cybersecurity awareness and education program to encourage the more widespread adoption of best practices.

Click to Get Updates on the Latest Information Security News

Also, the sponsors contend, the federal government representation in the development of international cybersecurity technical standards is incomplete and uncoordinated. As recommended in the President Obama's Cyberspace Policy Review, this bill would require NIST to develop a plan to ensure representation in all important international cybersecurity technical standards development initiatives and that this representation works from one coordinated federal government strategy.

The Cybersecurity Enhancement Act also would reauthorize the National Science Foundation's cybersecurity research program and the trustworthy computing initiative that assures safe configuration of government computers as well as formally establish the Scholarship for Service program, which provides funding to colleges and universities to award scholarships to students in the information assurance and computer security fields in exchange for their service in the federal government after they have completed their training.

In addition, the bill would require federal agencies participating in the Networking and Information Technology Research and Development program to implement a strategic plan to guide their cybersecurity research and development efforts. The Networking and Information Technology Research and Development program is the government's primary initiative to coordinate its unclassified networking and IT R&D investments. Thirteen federal agencies, including all of the large science and technology agencies, are formal members of the program while other federal organizations participate in its activities.

HR 4061 also would require the Obama administration to conduct an assessment of cybersecurity workforce needs across the federal government as well as order the director of the White Office of Science and Technology Policy to assemble a university-industry task force to discover new models for implementing collaborative R&D.