Infosec research bill amended

The Senate Commerce, Science and Transportation Committee passed a bill May 16 that would add millions to federal information security research funding and — thanks to a last-minute amendment — establish regularly updated baseline security standards for agencies.

Researchers in industry and academia have praised the Cyber Security Research and Development Act (S. 2182) since it was introduced in the Senate this year and in the House at the end of last year.

Working through the National Science Foundation and the National Institute of Standards and Technology, the bill would inject more than $900 million into security research, grants, training and education during five years. Such investment is something educators and researchers have often called for in recent years.

The amendment, offered by Sens. Ron Wyden (D-Ore.) and John Edwards (D-N.C.), raised the level of the research funding almost $100 million from the original level. It also created a new Office of Information Security Programs within NIST to consolidate that agency's security research management.

The amendment also added a provision that caused some concern from industry: a requirement for NIST to establish "benchmark security standards" for federal agencies. Those standards would be developed in conjunction with industry, academia, the Office of Management and Budget and the federal CIO Council, and would be reviewed and updated at least every six months.

The standards would be "a baseline minimum security configuration for specific computer hardware or software components, an operational procedure or practice, or organizational structure that increases the security of the information technology assets of a department or agency," according to the amendment.

The Business Software Alliance and the Information Technology Association of America each issued a statement after the bill passed, opposing the language calling for standards. According to both organizations' statements, establishing such standards would hinder efforts to quickly respond to changing security threats and could possibly spill over to impose standards on the private sector.

However, the committee had no intention to set technology-specific standards that could stand in the way of innovation or new technologies, according to one staff member who asked not to be named.

The bill now goes to the full Senate for consideration. The House version of the bill passed the full House in February.


  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected