Infosec research bill amended

The Senate Commerce, Science and Transportation Committee passed a bill May 16 that would add millions to federal information security research funding and — thanks to a last-minute amendment — establish regularly updated baseline security standards for agencies.

Researchers in industry and academia have praised the Cyber Security Research and Development Act (S. 2182) since it was introduced in the Senate this year and in the House at the end of last year.

Working through the National Science Foundation and the National Institute of Standards and Technology, the bill would inject more than $900 million into security research, grants, training and education during five years. Such investment is something educators and researchers have often called for in recent years.

The amendment, offered by Sens. Ron Wyden (D-Ore.) and John Edwards (D-N.C.), raised the level of the research funding almost $100 million from the original level. It also created a new Office of Information Security Programs within NIST to consolidate that agency's security research management.

The amendment also added a provision that caused some concern from industry: a requirement for NIST to establish "benchmark security standards" for federal agencies. Those standards would be developed in conjunction with industry, academia, the Office of Management and Budget and the federal CIO Council, and would be reviewed and updated at least every six months.

The standards would be "a baseline minimum security configuration for specific computer hardware or software components, an operational procedure or practice, or organizational structure that increases the security of the information technology assets of a department or agency," according to the amendment.

The Business Software Alliance and the Information Technology Association of America each issued a statement after the bill passed, opposing the language calling for standards. According to both organizations' statements, establishing such standards would hinder efforts to quickly respond to changing security threats and could possibly spill over to impose standards on the private sector.

However, the committee had no intention to set technology-specific standards that could stand in the way of innovation or new technologies, according to one staff member who asked not to be named.

The bill now goes to the full Senate for consideration. The House version of the bill passed the full House in February.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.