H.R. 2096 (112th): Cybersecurity Enhancement Act of 2012

Introduced:
Jun 02, 2011 (112th Congress, 2011–2013)
Sponsor:
Rep. Michael McCaul [R-TX10]
Status:
Died (Passed House)
See Instead:
This bill was re-introduced as H.R. 756 on Feb 15, 2013. See H.R. 756 for current action on this subject.

The bill’s title was written by the bill’s sponsor. H.R. stands for House of Representatives bill.

(About Ads | Advertise Here)
Status

This bill was introduced in a previous session of Congress and was passed by the House on April 27, 2012 but was never passed by the Senate.

Progress
Introduced Jun 02, 2011
Referred to Committee Jun 02, 2011
Reported by Committee Jul 21, 2011
Passed House Apr 27, 2012
Votes

House Vote on Passage
Apr 27, 2012 12:04 p.m.
Passed 395/10

Cosponsors
7 cosponsors (4R, 3D) (show)
Committees

House Science, Space, and Technology

Senate Commerce, Science, and Transportation

The committee chair determines whether a bill will move past the committee stage.

Full Title

To advance cybersecurity research, development, and technical standards, and for other purposes.

Summary

No summaries available.

Text

Read Bill Text »

Last updated May 07, 2012.
32 pages

Primary Source

View on THOMAS (The Library of Congress)

GovTrack gets most information from THOMAS, which is updated generally one day after events occur. Activity since the last update may not be reflected here.

Citation

Click a format for a citation suggestion:

GovTrack’s Bill Summary

We don’t have a summary available yet.

Library of Congress Summary

The summary below was written by the Congressional Research Service, which is a nonpartisan division of the Library of Congress.

4/27/2012.
Title I - Research and Development
Section 103 -
Directs specified federal agencies participating in the National High-Performance Computing Program to:
(1) transmit to Congress a cybersecurity strategic research and development plan and triennial updates, and
(2) develop and annually update an implementation roadmap for such plan.
Instructs the participating agencies, in developing and updating the strategic plan, to solicit recommendations and advice from the advisory committee on high-performance computing and a wide range of specified stakeholders.
Section 104 -
Provides for the award of computer and network security research grants by the National Science Foundation (NSF) in the research areas of social and behavioral factors, including human-computer interactions, identity management, as well as the detection, investigation, and prosecution of cyber-crimes involving organized crime and crimes against children. Authorizes appropriations for FY2013-FY2015 for such grants.
Section 105 -
Requires applications for the establishment of Computer and Network Security Research Centers to include a description of how such Centers will partner with government laboratories, for-profit entities, other institutions of higher education, or nonprofit research institutions.
Authorizes appropriations for FY2013-FY2015 for such Centers. Authorizes appropriations to NSF for FY2013-FY2015 for:
(1) computer and network security capacity building grants,
(2) grants under the Scientific and Advanced Technology Act for the national advanced scientific and technical education program and national centers of scientific and technical education, and
(3) grants for graduate traineeships programs in computer and network security research.
Repeals the Cyber Security Faculty Development Traineeship Program.
Section 106 -
Requires the NSF Director to continue carrying out a Scholarship for Service program under the Cyber Security Research and Development Act to recruit and train the next generation of federal cybersecurity professionals and to increase the capacity of the higher education system to produce an information technology workforce with the skills necessary to enhance the security of the nation's communications and information infrastructure.
Requires the program to:
(1) provide scholarships for tuition, fees, and a stipend for up to two years to students pursuing a bachelor's or master's degree and up to three years to students pursuing a doctoral degree in a cybersecurity field upon condition that a scholarship recipient, upon the completion of the degree, serves as a cybersecurity professional within the federal workforce (or in another specified cybersecurity capacity) for a specified period of time;
(2) provide scholarship recipients with summer internships or other temporary appointments in the federal information technology workforce; and
(3) increase, through competitive grants, the capacity of U.S. higher education institutions to produce highly qualified cybersecurity professionals.
Section 107 -
Directs the President to transmit a report to Congress addressing the cybersecurity workforce needs of the federal government.
Section 108 -
Requires the Director of the Office of Science and Technology Policy to convene a cybersecurity university-industry task force to explore mechanisms for carrying out collaborative R&D activities through a consortium or other appropriate entity. Terminates the task force upon transmittal of a report to Congress.
Section 109 -
Revises provisions under the Cyber Security Research and Development Act concerning the development and dissemination by the National Institute of Standards and Technology (NIST) of security risk checklists associated with computer systems that are, or are likely to become, widely used within the federal government.
Requires the NIST Director to establish priorities for the development, and revision as necessary, of security automation standards, associated reference materials (including protocols), and checklists associated with such systems in order to enable standardized and interoperable technologies, architectures, and frameworks to continuously monitor information security within the federal government.
Instructs the NIST Director to ensure that federal agencies are informed of the availability of any standard, reference material, checklist, or other item developed pursuant to this section.
Section 110 -
Requires NIST to conduct intramural security research activities under its computing standards program.
Title II - Advancement of Cybersecurity Technical Standards
Section 202 -
Requires the NIST Director to ensure the coordination of federal agencies engaged in the development of international technical standards related to information system security. Requires the development and transmittal to Congress of a plan to ensure coordination by such federal agencies. Instructs the Director to ensure consultation with appropriate private sector stakeholders.
Section 203 -
Requires the NIST Director, in collaboration with the federal Chief Information Officers Council, to continue to develop and encourage implementation of a comprehensive strategy for the use and adoption of cloud computing services by the federal government.
Requires consideration to be given to activities that:
(1) accelerate the development, in collaboration with the private sector, of standards that address the interoperability and portability of cloud computing services;
(2) advance the development of conformance testing performed by the private sector in support of cloud computing standardization; and
(3) support, in consultation with the private sector, the development of appropriate security frameworks and reference materials, and the identification of best practices, for federal agencies to use in addresssing security and privacy requirements.
Section 204 -
Requires the NIST Director, in collaboration with the National Coordination Office of the Networking and Information Technology Research and Development program, to continue the coordination of a cybersecurity awareness and education program for increasing the knowledge, skills, and awareness of cybersecurity risks, consequences, and best practices through:
(1) the widespread dissemination of cybersecurity technical standards and best practices identified by NIST;
(2) efforts to make cybersecurity best practices usable by individuals, small to medium-sized businesses, state, local, and tribal governments, and educational institutions; and
(3) efforts to attract, recruit, and retain qualified professionals to the federal cybersecurity workforce.
Requires the NIST Director to implement and transmit a strategic plan to Congress to guide federal programs and activities in support of a specified comprehensive cybersecurity awareness and education program.
Section 205 -
Requires the NIST Director to continue a program to support the development of technical standards, metrology, testbeds, and conformance criteria with regard to identity management research and development.
Section 206 -
Prohibits the authorization of any additional funds to carry out this title, the amendments made by this title, or to carry out amendments made by sections 109 and 110 of this Act. Requires this title and the amendments made by this title and such sections to be carried out using otherwise authorized or appropriated amounts.

House Republican Conference Summary

The summary below was written by the House Republican Conference, which is the caucus of Republicans in the House of Representatives.

This summary can be found at http://www.gop.gov/bill/112/2/hr2096.

Background

According to Committee Report 112-264, the purpose of H.R. 2096 is to improve cybersecurity in the federal, private, and public sectors through: coordination and prioritization of federal cybersecurity research and development activities; strengthening of the cybersecurity workforce; coordination of federal agency engagement in international cybersecurity technical standards development; and the reauthorization of cybersecurity related programs at the NSF and the NIST.

As our reliance on information technology expands, so do our vulnerabilities.  Protecting the nation’s cyber infrastructure is a responsibility shared by different federal agencies, including the NSF and the NIST.

Summary

H.R. 2096 would amend the Cyber Security Research Development Act and the National Institute of Standards and Technology to do the following:

 

  • Provide strategic planning for cybersecurity research and development needs across the federal government;
  • Reauthorize funding for established cybersecurity basic research and education grants at the National Science Foundation (NSF);
  • Enhance NSF scholarships to increase the size and skills of the cybersecurity workforce;
  • Repeal unused programs;
  • Provide for an assessment of the federal government’s current and future cybersecurity workforce needs;
  • Establish a university-industry task force to explore mechanisms and models for carrying out public-private cybersecurity research partnerships; and
  • Strengthen research and development, standards development and coordination, and public outreach at the National Institute of Standards and Technology (NIST) related to cybersecurity. 

 

Six existing NSF grant programs in statute would be reauthorized for three years (FY13-FY15) in the bill.  Authorizations for these programs expired in 2007, but NSF has been utilizing appropriations to conduct them under their general authorities.

 

In FY10, NSF spent $148.6 million dollars on these activities.  H.R. 2096 would authorize these activities for FY13 at $140 million, a savings of $8.6 million (5.8 percent) over FY10 spending.  These activities would be flat-lined for FY14 and FY15, for a total authorization in the bill of $420 million, or $508 million less than the 111th Congress’s version of the bill.

Cost

Based on information from NSF and NIST and assuming appropriation of the necessary amounts, CBO estimates that implementing H.R. 2096 would cost $382 million over the 2012-2016 period and $39 million after 2016.  Enacting the legislation would not affect direct spending or revenues; therefore, pay-as-you-go procedures do not apply.

House Democratic Caucus Summary

The House Democratic Caucus does not provide summaries of bills.

So, yes, we display the House Republican Conference’s summaries when available even if we do not have a Democratic summary available. That’s because we feel it is better to give you as much information as possible, even if we cannot provide every viewpoint.

We’ll be looking for a source of summaries from the other side in the meanwhile.

The bill contains the following citations to other parts of U.S. law:

United States Code

The United States Code is the compilation of permanent laws enacted by Congress. Temporary and other non-permanent laws do not appear in the United States Code. (About half of the United States Code is the law itself, called positive law. The other half is merely a compilation of the laws but has no legal significance.)