Information technology has evolved rapidly over the last decade, leading to markedly increased connectivity and productivity. The benefits provided by these advancements have led to the widespread use and incorporation of information technologies across major sectors of our economy. The growing dependence of our critical infrastructures on IT has also increased the vulnerability of these systems. Reports of cyber criminals and possibly nation-states accessing sensitive information and disrupting services have risen steadily in the last decade, heightening concerns over the adequacy of our cybersecurity measures.
On May 29, 2009, the Obama Administration released the Cybersecurity Policy Review, a 60-day review of cyberspace policies across the Federal Government. This bill is designed to enact many of the key recommendations of the Cybersecurity Policy Review, including: advancing cybersecurity R&D, strengthening partnerships between the federal government and the private sector to guarantee a secure and reliable infrastructure, increasing public awareness of the risks associated with cybersecurity, expanding and training the cybersecurity workforce, and achieving better coordination among federal agencies.
On February 4th, by a vote of 422-5, the House passed H.R. 4061, Cybersecurity Enhancement Act, a bill introduced by Rep. Dan Lipinski (D-IL), which is a bipartisan bill that is designed to improve cybersecurity in both the private and public sectors. The bill will help ensure a strategic plan for federal cybersecurity R&D activities, strengthen public-private partnerships in cybersecurity, help train the next generation of cybersecurity professionals, and improve cybersecurity technical standards. It was reported by the Science and Technology Committee by voice vote on November 18, 2009.
The bill is supported by numerous organizations, including the U.S. Chamber of Commerce, Business Software Alliance, Software and Information Industry Association, National Cable and Telecommunications Association, U.S. Telecom, TechAmerica, and Computing Research Association.
Coordinating and Prioritizing Federal Cybersecurity R&D Activities
- Requires the National Science Foundation (NSF), National Institute of Standards and Technology (NIST), and other key federal agencies to develop, update and implement a strategic plan for federal cybersecurity research and development (R&D) activities.
- Requires that the strategic plan be based on an assessment of cybersecurity risk, that it specify and prioritize near-term, mid-term and long-term research objectives, and that it describe how the near-term objectives complement R&D occurring in the private sector.
- Requires the agencies to describe how they will promote innovation, foster technology transfer, and maintain a national infrastructure for the development of secure, reliable, and resilient networking and information technology systems.
Developing a Skilled Cybersecurity Workforce
- Formally authorizes the NSF Scholarship for Service program, which is designed to ensure a highly-qualified cybersecurity workforce in the federal government. The program provides grants to institutions of higher education for the award of scholarships to students pursuing undergraduate and graduate degrees in cybersecurity fields and requires subsequent service as a cybersecurity professional in the federal government as a condition of the scholarship.
- Requires the President to issue a report assessing the current and future cybersecurity workforce needs of the federal government.
- Reauthorizes key NSF workforce programs, including NSF graduate student fellowships and NSF graduate student traineeships in cybersecurity.
- Requires NSF to establish a postdoctoral fellowship program in cybersecurity.
Promoting Public-Private Partnerships in Cybersecurity
- Establishes a university-industry task force to explore mechanisms and models for carrying out public-private research partnerships in the area of cybersecurity.
Promoting a Cybersecurity Awareness and Education Program
- Requires NIST to develop and implement a cybersecurity awareness and education program for the dissemination of user-friendly cybersecurity best practices for the general public.
International Cybersecurity Technical Standards
- Requires NIST to develop and implement a plan to coordinate U.S. representation in the development of international cybersecurity technical standards.