House votes to boost cybersecurity research, education
Bill would require a strategic plan for cybersecurity R & D, assessment of workforce
The House has passed a bill to bolster the country’s cybersecurity research and development (R&D) programs, workforce, education and standards.
The legislation, introduced by Rep. Daniel Lipinski (D-Ill.), would require the administration to issue an assessment the cybersecurity workforce needs of the government. The bill would also establish a task force comprised of academia and industry to look at ways to accomplish public/private partnerships for cybersecurity.
The bill, passed by a vote of 422 to 5, would require agencies that participate in the Networking and Information Technology Research and Development program to develop a strategic plan for R&D on federal cybersecurity and information assurance. The bill also reauthorizes research and development programs at the National Science Foundation (NSF) focused on the cybersecurity workforce, and it would give additional cybersecurity responsibilities to the National Institute of Standards and Technology (NIST).
New cybersecurity role for NIST?
The NSF would also be authorized to provide grants to higher education institutions to award scholarships to students pursuing degrees in cybersecurity fields and grants to improve schools’ capacities to teach related courses. The foundation would also be required to support research on the social and behavioral aspects of cybersecurity.
The Congressional Budget Office estimated in December that a version of the bill would cost $639 million between 2010 and 2014, and $320 million after 2014. The legislation has garnered support from numerous industry groups.
Meanwhile, the measure would authorize the NIST to develop a unifying and standardized identity, privilege and access control management framework. NIST would also be authorized to conduct research to bolster security of information and networked systems. The institute would also be required to develop automated security specifications with respect to checklist content.
In addition, NIST would have to develop a plan within a year to ensure that the government is coordinated regarding international cybersecurity technical standards development. NIST would also have to develop a plan for a cybersecurity public awareness and education program to disseminate cybersecurity best practices. The institute would also have to work on research and development programs to improve identity management systems.
Lawmakers adopted numerous amendments to the bill during debate on the legislation on Feb. 3. One amendment would have the NSF establish national center of excellence for cybersecurity, another would have the Government Accountability Office examine weaknesses in cybersecurity infrastructure and give recommendations on how to fix them. Another amendement that was adopted would prohibit the earmarking of funds authorized for grants in the bill.
Ben Bain is a reporter for Federal Computer Week.