H.R. 4061 (111th): Cybersecurity Enhancement Act of 2010

Introduced:
Nov 07, 2009 (111th Congress, 2009–2010)
Sponsor:
Rep. Daniel Lipinski [D-IL3]
Status:
Died (Passed House)

The bill’s title was written by the bill’s sponsor. H.R. stands for House of Representatives bill.

(About Ads | Advertise Here)
Status

This bill was introduced in a previous session of Congress and was passed by the House on February 4, 2010 but was never passed by the Senate.

Progress
Introduced Nov 07, 2009
Referred to Committee Nov 07, 2009
Reported by Committee Nov 18, 2009
Passed House Feb 04, 2010
Votes

On Agreeing to the Amendment: Amendment 1 to H R 4061
Feb 03, 2010 4:11 p.m.
Agreed to 417/5

On Agreeing to the Amendment: Amendment 3 to H R 4061
Feb 03, 2010 4:22 p.m.
Agreed to 396/31

On Agreeing to the Amendment: Amendment 8 to H R 4061
Feb 03, 2010 4:30 p.m.
Agreed to 419/3

On Agreeing to the Amendment: Amendment 14 to H R 4061
Feb 03, 2010 4:38 p.m.
Agreed to 416/4

On Agreeing to the Amendment: Amendment 18 to H R 4061
Feb 03, 2010 4:45 p.m.
Agreed to 417/4

On Agreeing to the Amendment: Amendment 19 to H R 4061
Feb 04, 2010 10:49 a.m.
Agreed to 424/0

On Agreeing to the Amendment: Amendment 20 to H R 4061
Feb 04, 2010 10:58 a.m.
Agreed to 419/4

On Agreeing to the Amendment: Amendment 21 to H R 4061
Feb 04, 2010 11:06 a.m.
Agreed to 423/6

On Agreeing to the Amendment: Amendment 24 to H R 4061
Feb 04, 2010 11:15 a.m.
Agreed to 430/0

House Vote on Passage
Feb 04, 2010 11:35 a.m.
Passed 422/5

Cosponsors
9 cosponsors (5D, 4R) (show)
Committees

House Homeland Security

House Science, Space, and Technology

Senate Commerce, Science, and Transportation

The committee chair determines whether a bill will move past the committee stage.

Full Title

To advance cybersecurity research, development, and technical standards, and for other purposes.

Summary

No summaries available.

Text

Read Bill Text »

Last updated Feb 09, 2010.
36 pages

Primary Source

View on THOMAS (The Library of Congress)

GovTrack gets most information from THOMAS, which is updated generally one day after events occur. Activity since the last update may not be reflected here.

Citation

Click a format for a citation suggestion:

GovTrack’s Bill Summary

We don’t have a summary available yet.

Library of Congress Summary

The summary below was written by the Congressional Research Service, which is a nonpartisan division of the Library of Congress.

2/4/2010.
Title I - Research and Development
Section 103 -
Directs specified federal agencies participating in the National High-Performance Computing Program to:
(1) transmit to Congress a cybersecurity strategic research and development plan and triennial updates; and
(2) develop and annually update an implementation roadmap for such plan.
Specifies the plan's contents, including that it shall:
(1) specify near-term, mid-term, and long-term Program research objectives;
(2) describe how the Program will establish a national research infrastructure to create next generation networking and information technology systems;
(3) outline how the United States can work with our international partners on cybersecurity research and development (R&D) issues where appropriate;
(4) describe how the Program will foster a more diverse workforce in this area; and
(5) describe how the Program will strengthen cybersecurity education and training programs to ensure an adequate, well-trained workforce.
Instructs the participating agencies, in developing and updating the strategic plan, to solicit recommendations and advice from the advisory committee on high-performance computing and a wide range of specified stakeholders, including from industry, academia, and National Laboratories.
Section 104 -
Provides for the award of computer and network security research grants by the National Science Foundation (NSF) in the research areas of social and behavioral factors, including human-computer interactions, and identity management, as well as in the detection, investigation, and prosecution of cyber-crimes involving organized crime, intellectual property, and crimes against children.
Section 105 -
Authorizes appropriations for FY2010-FY2014 for such grants.
Requires applications for the establishment of Computer and Network Security Research Centers to include a description of how such Centers will partner with government laboratories, for-profit entities, other institutions of higher education, or nonprofit research institutions.
Authorizes appropriations for FY2010-FY2014. Authorizes appropriations to NSF for FY2010-FY2014 for:
(1) computer and network security capacity building grants;
(2) grants under the Scientific and Advanced Technology Act for the national advanced scientific and technical education program and national centers of scientific and technical education; and
(3) grants for graduate traineeships programs in computer and network security research.
Authorizes the use of computer and network security capacity building grants for activities that revise curricula on the principles and techniques of designing secure software in order to better prepare undergraduate and master's degree students for careers in computer and network security.
Requires the NSF Director to carry out a program of awarding fellowships to encourage young scientists and engineers to conduct postdoctoral research in the fields of cybersecurity and information assurance, including the research areas under which computer and network security research grants are awarded.
Authorizes appropriations for FY2010-FY2014. Prohibits the use of any of the funds appropriated under this section for congressional earmarks.
Authorizes the use of computer and network security capacity building grants for activities that establish or enhance collaboration in computer and network security between community colleges, universities, and Manufacturing Extension Partnership Centers.
Section 106 -
Requires the NSF Director to carry out a Scholarship for Service program to recruit and train the next generation of federal cybersecurity professionals and to increase the capacity of the higher education system to produce an information technology workforce with the skills necessary to enhance the security of the nation's communications and information infrastructure.
Requires the program to:
(1) provide scholarships for tuition, fees, and a stipend for up to two years to students pursuing a bachelor's or master's degree and up to three years to students pursuing a doctoral degree in a cybersecurity field upon condition that a scholarship recipient, upon the completion of the degree, serves as cybersecurity professional within the federal workforce (or serves in another specified capacity if such federal employment is not offered) for a specified period of time;
(2) provide scholarship recipients with summer internships or other temporary appointments in the federal information technology workforce, or at such Director's discretion, with appropriate private sector entities; and
(3) increase the capacity of institutions of higher education throughout the United States to produce highly qualified cybersecurity professionals, through grants that support such activities as faculty professional development, institutional partnerships, development of cybersecurity-related courses and curricula, and outreach to secondary schools and two-year institutions to increase interest and recruitment of students into cybersecurity-related fields.
Authorizes appropriations to NSF for FY2010-FY2014 to carry out such program.
Section 107 -
Directs the President to transmit a report to Congress addressing the cybersecurity workforce needs of the federal government, including:
(1) an examination of the effectiveness of the National Centers of Academic Excellence in Information Assurance Education, Centers of Academic Excellence in Research, and Federal Cyber Scholarship for Service programs; and
(2) an analysis of the capacity of the agency workforce to manage contractors who are performing cybersecurity work on behalf of the federal government.
Section 108 -
Requires the Office of Science and Technology Policy (OSTP) Director to convene a cybersecurity university-industry task force to explore mechanisms for carrying out collaborative R&D activities through a consortium or other appropriate entity.
Section 109 -
Requires (current law permits) the National Institute of Standards and Technology (NIST) Director to establish priorities for the development of checklists of settings and options that minimize security risks associated with computer systems that are, or are likely to become, widely used within the federal government.
Requires:
(1) development or identification and revision or adaptation as necessary, of checklists, configuration profiles, and deployment recommendations for products and protocols that minimize such risks; and
(2) development of automated security specifications respecting checklist content and associated security related data.
Instructs the NIST Director to ensure that federal agencies are informed of the availability of any products developed or identified under the National Checklist Program for any information systems, including the Security Content Automation Protocol.
Section 110 -
Requires NIST to conduct intramural security research activities under its computing standards program.
Section 111 -
Requires the OSTP Director to contract with the National Academy of Sciences (NAS) to complete a study describing the role of community colleges in cybersecurity education and to identify exemplary practices and partnerships related to cybersecurity education between such colleges and four-year educational institutions.
Section 112 -
Requires the NSF Director, in coordination with other federal agencies participating in the Program, to establish a National Center of Excellence for Cybersecurity, to be awarded on a merit-reviewed, competitive basis.
Specifies the activities the National Center shall support, including activities for:
(1) interaction and collaboration with Computer and Network Security Research Centers to foster the exchange of technical information and best practices;
(2) performance of research in support of the development of technologies for testing hardware and software products to validate operational readiness and certify stated security levels;
(3) coordination of cybersecurity education and training opportunities nationally;
(4) enhancement of technology transfer and commercialization that promote cybersecurity innovation; and
(5) performance of research on cybersecurity social and behavioral factors.
Section 113 -
Directs the Comptroller General to transmit to Congress a report examining key weaknesses within the current cybersecurity infrastructure, along with recommendations on how to address such weaknesses.
Title II - Advancement of Cybersecurity Technical Standards
Section 202 -
Requires the NIST Director to ensure coordination of U.S. government representation in the international development of technical standards related to cybersecurity. Requires the development and transmission of a plan to Congress to engage international standards bodies respecting the development of such standards.
Section 203 -
Requires the NIST Director to implement a cybersecurity awareness and education program through the Manufacturing Extension Partnership program which shall include efforts to make cybersecurity technical standards and best practices usable by individuals, small to medium-sized businesses, state, local, and tribal governments, and educational institutions, including elderly populations, low-income populations, and populations in areas of planned broadband expansion or deployment.
Requires a report to Congress containing a strategy for implementation of such program.
Section 204 -
Requires the NIST Director to establish a program to support development of technical standards, metrology, testbeds, and conformance criteria with regard to identity management research and development.
Section 205 -
Directs NIST to work with other federal, state, and private sector partners in the development of a framework that states may follow to achieve effective cybersecurity practices in a timely and cost-effective manner.

House Republican Conference Summary

The summary below was written by the House Republican Conference, which is the caucus of Republicans in the House of Representatives.

This summary can be found at http://www.gop.gov/bill/111/1/hr4061.

Background

According to information provided by the Committee, the bill seeks to improve cybersecurity in the federal, private, and public sectors through coordination of federal cybersecurity research and development activities; strengthening of the cybersecurity workforce; coordination of U.S. representation in international cybersecurity technical standards development; and reauthorization of cybersecurity related programs at the NSF and the NIST.
 
Supporters of the bill site reports of cyber criminals and possibly nation-states accessing sensitive information as a reason for heightened concerns over the adequacy of cybersecurity measures.  For instance, in 2008, Rep. Smith (R-NJ) and Rep. Wolf (R-VA) reported their House computers being compromised by Chinese officials (for more on these incidents, see this news report).
 
Funding for cybersecurity research and development is approximately $350 million each year.  However, GAO testified in June, 2009 that the U.S. information technology infrastructure is vulnerable to attack and the federal agencies tasked with its protection are not fulfilling their responsibilities.
 
The NITRD program is chiefly responsible for coordinating unclassified cybersecurity research and development.  NSF’s budget of $127 million for FY 2010 makes it the principal agency supporting unclassified cybersecurity research and development and education.  NIST protects the federal information technology network by developing cybersecurity standards for federal non-classified network systems.
 
Regarding the U.S. involvement in international cybersecurity technical standards, the U.S. is currently represented by numerous organizations internationally, including the Department of State, Department of Commerce, Federal Communications Commission, and the United States Trade Representative.  However between them, there is no collective strategy. 
 
The Cyber Security Research and Development Act (P.L. 107-305) became public law in the 107th Congress.  The bill created new programs and expanded existing programs at NSF and NIST for computer and network security.  The authorizations established under the Cyber Security Research and Development Act expired in FY 2007.  This bill reauthorizes and increases the authorizations of many of those programs.

Summary

H.R. 4061 reauthorizes several National Science Foundation (NSF) programs that aim to enhance cybersecurity.  The bill would require agencies participating in the Networking and Information Technology Research and Development program (NITRD) to develop, update, and implement a plan to guide the direction of federal cybersecurity and information assurance research and development.  The bill also reauthorizes cybersecurity workforce and traineeship programs at the NSF including the Integrative Graduate Education and Research Traineeship program and the Graduate Research Fellowship program.
 
H.R. 4061 requires the President to conduct an assessment of cybersecurity workforce needs across the federal government and authorizes NSF to carry out the Scholarship for Service program (which has never been authorized but has been funded previously).  The bill reauthorizes cybersecurity research at NSF and also reauthorizes the Trustworthy Computing program.
 
H.R. 4061 requires the Director of the Office of Science and Technology Policy to convene a university-industry task force to find ways to carry out collaborative research and development on cybersecurity technology.  The bill requires the National Institute of Standards and Technology (NIST) to develop and implement a plan to include U.S. representation in the development of international cybersecurity technical standards.
 
Finally, the bill would require NIST to develop and implement a cybersecurity awareness and education program for the dissemination of user-friendly cybersecurity best practices and technical standards.

Cost

Based on information from NSF and NIST and assuming appropriation of the necessary amounts, CBO estimates that implementing H.R. 4061 would cost $639 million over the 2010-2014 period and $320 million after 2014.  Enacting the legislation would not affect direct spending or revenues.

House Democratic Caucus Summary

The House Democratic Caucus does not provide summaries of bills.

So, yes, we display the House Republican Conference’s summaries when available even if we do not have a Democratic summary available. That’s because we feel it is better to give you as much information as possible, even if we cannot provide every viewpoint.

We’ll be looking for a source of summaries from the other side in the meanwhile.

The bill contains the following citations to other parts of U.S. law:

United States Code

The United States Code is the compilation of permanent laws enacted by Congress. Temporary and other non-permanent laws do not appear in the United States Code. (About half of the United States Code is the law itself, called positive law. The other half is merely a compilation of the laws but has no legal significance.)