The U.S. House of Representatives is scheduled to vote Wednesday on a proposed bill that is designed to bolster federal cyber security research and development activities, and stimulate the growth of a cyber security workforce in the country.
The bill is called the cyber security Enhancement Act of 2009 (HR 4061) and was introduced by Rep. Daniel Lipinski (D-IL) last year. It was passed by the House Science and Technology Committee last November. The bill is the first major cyber security legislation to come up for consideration before the 111th Congress.
[ InfoWorld's Roger Grimes explains how to stop data leaks in an enlightening 30-minute webcast, Data Loss Prevention, which covers the tools and techniques used by experienced security pros. ]
If passed, the bill would reauthorize several cyber security grant program the National Science Foundation (NSF). The NSF will get up to $396 million over the next four years to fund research and development programs that are focused on cyber security.
The bill also sets aside another $94 million in scholarships over the same period for students who pursue cyber security studies, so long as they commit to the public sector after graduating. In addition, about another $120 million will be available to the NSF for funding activities related to improving cyber security, including constructing research facilities and offering training programs in colleges and universities.
The bill would require the National Institute of Standards and Technology (NIST) to work with other standards bodies to develop internationally accepted cyber security standards. It also charges NIST with creating and promoting public awareness of IT security, and best practices campaigns in conjunction with relevant federal agencies, industry and educational institutions. It calls on NIST to work on developing standards for better interoperability between identity management and user authentication systems.
If passed, HR 4061 would require federal agencies to conducted a detailed assessment of their cyber security risks, and develop a strategic research and development plan for addressing those risks.
Each plan would need to specify near-term, mid-term and long-term objectives and estimate the funding required to meet those objectives. The plans would also need to detail any complimentary research activity that may be going on in the private sector and describe how the R&D work can be used to create new cyber security technologies and services.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld . Follow Jaikumar on Twitter at @jaivijayan , send e-mail to email@example.com or subscribe to Jaikumar's RSS feed .
Read more about security in Computerworld's Security Knowledge Center.