The easiest way to email your members of CongressDonate Now
H.R.2096 - Cybersecurity Enhancement Act of 2011
To advance cybersecurity research, development, and technical standards, and for other purposes.
|Version||Word Count||Changes From Previous Version||Percent Change|
|Introduced in House||4,696||n/a||n/a|
|Reported in House||5,283||80||24%|
|Engrossed in House||5,254||52||12%|
|Referred in Senate||5,232||8 Show Changes Hide Changes||5%|
Key: changed or removed text inserted or modified text
Loading Bill Text
Rollover any line of text to comment and/or link to it.
SECTION 1. SHORT TITLE.
SEC. 101. DEFINITIONS.
(1) NATIONAL COORDINATION OFFICE- The term National Coordination Office means the National Coordination Office for the Networking and Information Technology Research and Development program.CommentsClose CommentsPermalink
(2) PROGRAM- The term Program means the Networking and Information Technology Research and Development program which has been established under section 101 of the High-Performance Computing Act of 1991 (
SEC. 102. FINDINGS.
‘(1) Advancements in information and communications technology have resulted in a globally interconnected network of government, commercial, scientific, and education infrastructures, including critical infrastructures for electric power, natural gas and petroleum production and distribution, telecommunications, transportation, water supply, banking and finance, and emergency and government services.’;CommentsClose CommentsPermalink
(2) in paragraph (2), by striking ‘Exponential increases in interconnectivity have facilitated enhanced communications, economic growth,’ and inserting ‘These advancements have significantly contributed to the growth of the United States economy’;CommentsClose CommentsPermalink
‘(3) The Cyberspace Policy Review published by the President in May, 2009, concluded that our information technology and communications infrastructure is vulnerable and has ‘suffered intrusions that have allowed criminals to steal hundreds of millions of dollars and nation-states and other entities to steal intellectual property and sensitive military information’.’; andCommentsClose CommentsPermalink
‘(6) While African-Americans, Hispanics, and Native Americans constitute 33 percent of the college-age population, members of these minorities comprise less than 20 percent of bachelor degree recipients in the field of computer sciences.’.CommentsClose CommentsPermalink
SEC. 103. CYBERSECURITY STRATEGIC RESEARCH AND DEVELOPMENT PLAN.
(a) In General- Not later than 12 months after the date of enactment of this Act, the agencies identified in subsection 101(a)(3)(B)(i) through (x) of the High-Performance Computing Act of 1991 (
(1) specify and prioritize near-term, mid-term and long-term research objectives, including objectives associated with the research areas identified in section 4(a)(1) of the Cyber Security Research and Development Act (
(2) describe how the Program will focus on innovative, transformational technologies with the potential to enhance the security, reliability, resilience, and trustworthiness of the digital infrastructure, and to protect consumer privacy;CommentsClose CommentsPermalink
(3) describe how the Program will foster the rapid transfer of research and development results into new cybersecurity technologies and applications for the timely benefit of society and the national interest, including through the dissemination of best practices and other outreach activities;CommentsClose CommentsPermalink
(4) describe how the Program will establish and maintain a national research infrastructure for creating, testing, and evaluating the next generation of secure networking and information technology systems;CommentsClose CommentsPermalink
(5) describe how the Program will facilitate access by academic researchers to the infrastructure described in paragraph (4), as well as to relevant data, including event data; andCommentsClose CommentsPermalink
(6) describe how the Program will engage females and individuals identified in section 33 or 34 of the Science and Engineering Equal Opportunities Act (
(c) Development of Roadmap- The agencies described in subsection (a) shall develop and annually update an implementation roadmap for the strategic plan required in this section. Such roadmap shall--CommentsClose CommentsPermalink
(1) specify the role of each Federal agency in carrying out or sponsoring research and development to meet the research objectives of the strategic plan, including a description of how progress toward the research objectives will be evaluated;CommentsClose CommentsPermalink
(2) a wide range of stakeholders, including industry, academia, including representatives of minority serving institutions and community colleges, National Laboratories, and other relevant organizations and institutions.CommentsClose CommentsPermalink
(e) Appending to Report- The implementation roadmap required under subsection (c), and its annual updates, shall be appended to the report required under section 101(a)(2)(D) of the High-Performance Computing Act of 1991 (
SEC. 104. SOCIAL AND BEHAVIORAL RESEARCH IN CYBERSECURITY.
SEC. 105. NATIONAL SCIENCE FOUNDATION CYBERSECURITY RESEARCH AND DEVELOPMENT PROGRAMS.
(b) Computer and Network Security Research Grants- Section 4(a)(3) of such Act (
(d) Computer and Network Security Capacity Building Grants- Section 5(a)(6) of such Act (
(e) Scientific and Advanced Technology Act Grants- Section 5(b)(2) of such Act (
(f) Graduate Traineeships in Computer and Network Security- Section 5(c)(7) of such Act (
SEC. 106. FEDERAL CYBER SCHOLARSHIP FOR SERVICE PROGRAM.
(a) In General- The Director of the National Science Foundation shall continue a Scholarship for Service program under section 5(a) of the Cyber Security Research and Development Act (
(1) provide, through qualified institutions of higher education, scholarships that provide tuition, fees, and a competitive stipend for up to 2 years to students pursing a bachelor’s or master’s degree and up to 3 years to students pursuing a doctoral degree in a cybersecurity field;CommentsClose CommentsPermalink
(2) provide the scholarship recipients with summer internship opportunities or other meaningful temporary appointments in the Federal information technology workforce; andCommentsClose CommentsPermalink
(3) increase the capacity of institutions of higher education throughout all regions of the United States to produce highly qualified cybersecurity professionals, through the award of competitive, merit-reviewed grants that support such activities as--CommentsClose CommentsPermalink
(A) faculty professional development, including technical, hands-on experiences in the private sector or government, workshops, seminars, conferences, and other professional development opportunities that will result in improved instructional capabilities;CommentsClose CommentsPermalink
(B) are full-time students in an eligible degree program, as determined by the Director, that is focused on computer security or information assurance at an awardee institution; andCommentsClose CommentsPermalink
(2) SELECTION- Individuals shall be selected to receive scholarships primarily on the basis of academic merit, with consideration given to financial need, to the goal of promoting the participation of individuals identified in section 33 or 34 of the Science and Engineering Equal Opportunities Act (
(A) served on active duty (other than active duty for training) in the Armed Forces of the United States for a period of more than 180 consecutive days, and who was discharged or released therefrom under conditions other than dishonorable; orCommentsClose CommentsPermalink
(B) served on active duty (other than active duty for training) in the Armed Forces of the United States and was discharged or released from such service for a service-connected disability before serving 180 consecutive days.CommentsClose CommentsPermalink
(3) SERVICE OBLIGATION- If an individual receives a scholarship under this section, as a condition of receiving such scholarship, the individual upon completion of their degree must serve as a cybersecurity professional within the Federal workforce for a period of time as provided in paragraph (5). If a scholarship recipient is not offered employment by a Federal agency or a federally funded research and development center, the service requirement can be satisfied at the Director’s discretion by--CommentsClose CommentsPermalink
(4) CONDITIONS OF SUPPORT- As a condition of acceptance of a scholarship under this section, a recipient shall agree to provide the awardee institution with annual verifiable documentation of employment and up-to-date contact information.CommentsClose CommentsPermalink
(5) LENGTH OF SERVICE- The length of service required in exchange for a scholarship under this subsection shall be 1 year more than the number of years for which the scholarship was received.CommentsClose CommentsPermalink
(A) enter into an agreement with the Director of the National Science Foundation to monitor the compliance of scholarship recipients with respect to their service obligation; andCommentsClose CommentsPermalink
(B) provide to the Director, on an annual basis, post-award employment information required under subsection (c)(4) for scholarship recipients through the completion of their service obligation.CommentsClose CommentsPermalink
(A) LESS THAN ONE YEAR OF SERVICE- If a circumstance described in paragraph (1) occurs before the completion of 1 year of a service obligation under this section, the total amount of awards received by the individual under this section shall be repaid or such amount shall be treated as a loan to be repaid in accordance with subparagraph (C).CommentsClose CommentsPermalink
(B) MORE THAN ONE YEAR OF SERVICE- If a circumstance described in subparagraph (D) or (E) of paragraph (1) occurs after the completion of 1 year of a service obligation under this section, the total amount of scholarship awards received by the individual under this section, reduced by the ratio of the number of years of service completed divided by the number of years of service required, shall be repaid or such amount shall be treated as a loan to be repaid in accordance with subparagraph (C). (C).CommentsClose CommentsPermalink
(C) REPAYMENTS- A loan described in subparagraph (A) or (B) shall be treated as a Federal Direct Unsubsidized Stafford Loan under part D of title IV of the Higher Education Act of 1965 (
(ii) collect such repayment amount within a period of time as determined under the agreement described in paragraph (2), or the repayment amount shall be treated as a loan in accordance with paragraph (3)(C).CommentsClose CommentsPermalink
(C) RETAIN PERCENTAGE- An institution of higher education may retain a percentage of any repayment the institution collects under this paragraph to defray administrative costs associated with the collection. The Director shall establish a single, fixed percentage that will apply to all eligible entities.CommentsClose CommentsPermalink
(5) EXCEPTIONS- The Director may provide for the partial or total waiver or suspension of any service or payment obligation by an individual under this section whenever compliance by the individual with the obligation is impossible or would involve extreme hardship to the individual, or if enforcement of such obligation with respect to the individual would be unconscionable.CommentsClose CommentsPermalink
(e) Hiring Authority- For purposes of any law or regulation governing the appointment of individuals in the Federal civil service, upon successful completion of their degree, students receiving a scholarship under this section shall be hired under the authority provided for in section 213.3102(r) of title 5, Code of Federal Regulations, and be exempted from competitive service. Upon fulfillment of the service term, such individuals shall be converted to a competitive service position without competition if the individual meets the requirements for that position.CommentsClose CommentsPermalink
SEC. 107. CYBERSECURITY WORKFORCE ASSESSMENT.
Not later than 180 days after the date of enactment of this Act the President shall transmit to the Congress a report addressing the cybersecurity workforce needs of the Federal Government. The report shall include--CommentsClose CommentsPermalink
(1) an examination of the current state of and the projected needs of the Federal cybersecurity workforce, including a comparison of the different agencies and departments, and an analysis of the capacity of such agencies and departments to meet those needs;CommentsClose CommentsPermalink
(2) an analysis of the sources and availability of cybersecurity talent, a comparison of the skills and expertise sought by the Federal Government and the private sector, an examination of the current and future capacity of United States institutions of higher education, including community colleges, to provide current and future cybersecurity professionals, through education and training activities, with those skills sought by the Federal Government, State and local entities, and the private sector, and a description of how successful programs are engaging the talents of females and individuals identified in section 33 or 34 of the Science and Engineering Equal Opportunities Act (
(3) an examination of the effectiveness of the National Centers of Academic Excellence in Information Assurance Education, the Centers of Academic Excellence in Research, and the Federal Cyber Scholarship for Service programs in promoting higher education and research in cybersecurity and information assurance and in producing a growing number of professionals with the necessary cybersecurity and information assurance expertise, including individuals from States or regions in which the unemployment rate exceeds the national average;CommentsClose CommentsPermalink
(4) an analysis of any barriers to the Federal Government recruiting and hiring cybersecurity talent, including barriers relating to compensation, the hiring process, job classification, and hiring flexibilities; andCommentsClose CommentsPermalink
SEC. 108. CYBERSECURITY UNIVERSITY-INDUSTRY TASK FORCE.
(a) Establishment of University-Industry Task Force- Not later than 180 days after the date of enactment of this Act, the Director of the Office of Science and Technology Policy shall convene a task force to explore mechanisms for carrying out collaborative research, development, education, and training activities for cybersecurity through a consortium or other appropriate entity with participants from institutions of higher education and industry.CommentsClose CommentsPermalink
(1) develop options for a collaborative model and an organizational structure for such entity under which the joint research and development activities could be planned, managed, and conducted effectively, including mechanisms for the allocation of resources among the participants in such entity for support of such activities;CommentsClose CommentsPermalink
(2) propose a process for developing a research and development agenda for such entity, including guidelines to ensure an appropriate scope of work focused on nationally significant challenges and requiring collaboration;CommentsClose CommentsPermalink
(c) Composition- In establishing the task force under subsection (a), the Director of the Office of Science and Technology Policy shall appoint an equal number of individuals from institutions of higher education, including minority-serving institutions and community colleges, and from industry with knowledge and expertise in cybersecurity.CommentsClose CommentsPermalink
(d) Report- Not later than 12 months after the date of enactment of this Act, the Director of the Office of Science and Technology Policy shall transmit to the Congress a report describing the findings and recommendations of the task force.CommentsClose CommentsPermalink
SEC. 109. CYBERSECURITY AUTOMATION AND CHECKLISTS FOR GOVERNMENT SYSTEMS.
‘(1) IN GENERAL- The Director of the National Institute of Standards and Technology shall develop, and revise as necessary, security automation standards, associated reference materials (including protocols), and checklists providing settings and option selections that minimize the security risks associated with each information technology hardware or software system and security tool that is, or is likely to become, widely used within the Federal Government in order to enable standardized and interoperable technologies, architectures, and frameworks for continuous monitoring of information security within the Federal Government.CommentsClose CommentsPermalink
‘(2) PRIORITIES FOR DEVELOPMENT- The Director of the National Institute of Standards and Technology shall establish priorities for the development of standards, reference materials, and checklists under this subsection on the basis of--CommentsClose CommentsPermalink
‘(3) EXCLUDED SYSTEMS- The Director of the National Institute of Standards and Technology may exclude from the application of paragraph (1) any information technology hardware or software system or security tool for which such Director determines that the development of a standard, reference material, or checklist is inappropriate because of the infrequency of use of the system, the obsolescence of the system, or the inutility or impracticability of developing a standard, reference material, or checklist for the system.CommentsClose CommentsPermalink
‘(4) DISSEMINATION OF STANDARDS AND RELATED MATERIALS- The Director of the National Institute of Standards and Technology shall ensure that Federal agencies are informed of the availability of any standard, reference material, checklist, or other item developed under this subsection.CommentsClose CommentsPermalink
‘(5) AGENCY USE REQUIREMENTS- The development of standards, reference materials, and checklists under paragraph (1) for an information technology hardware or software system or tool does not--CommentsClose CommentsPermalink
‘(D) preclude any Federal agency from procuring or deploying other information technology hardware or software systems for which no such standard, reference material, or checklist has been developed or identified under paragraph (1).’.CommentsClose CommentsPermalink
SEC. 110. NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY CYBERSECURITY RESEARCH AND DEVELOPMENT.
Section 20 of the National Institute of Standards and Technology Act (
‘(1) conduct a research program to develop a unifying and standardized identity, privilege, and access control management framework for the execution of a wide variety of resource protection policies and that is amenable to implementation within a wide variety of existing and emerging computing environments;CommentsClose CommentsPermalink
SEC. 201. DEFINITIONS.
SEC. 202. INTERNATIONAL CYBERSECURITY TECHNICAL STANDARDS.
(b) Consultation With the Private Sector- In carrying out the activities specified in subsection (a)(1), the Director shall ensure consultation with appropriate private sector stakeholders.CommentsClose CommentsPermalink
SEC. 203. CLOUD COMPUTING STRATEGY.
(a) In General- The Director, in collaboration with the Federal CIO Council, and in consultation with other relevant Federal agencies and stakeholders from the private sector, shall continue to develop and encourage the implementation of a comprehensive strategy for the use and adoption of cloud computing services by the Federal Government.CommentsClose CommentsPermalink
(3) support, in consultation with the private sector, the development of appropriate security frameworks and reference materials, and the identification of best practices, for use by Federal agencies to address security and privacy requirements to enable the use and adoption of cloud computing services, including activities--CommentsClose CommentsPermalink
SEC. 204. PROMOTING CYBERSECURITY AWARENESS AND EDUCATION.
(a) Program- The Director, in collaboration with relevant Federal agencies, industry, educational institutions, National Laboratories, the National Coordination Office of the Networking and Information Technology Research and Development program, and other organizations, shall continue to coordinate a cybersecurity awareness and education program to increase knowledge, skills, and awareness of cybersecurity risks, consequences, and best practices through--CommentsClose CommentsPermalink
(2) efforts to make cybersecurity best practices usable by individuals, small to medium-sized businesses, State, local, and tribal governments, and educational institutions; andCommentsClose CommentsPermalink
(b) Strategic Plan- The Director shall, in cooperation with relevant Federal agencies and other stakeholders, develop and implement a strategic plan to guide Federal programs and activities in support of a comprehensive cybersecurity awareness and education program as described under subsection (a).CommentsClose CommentsPermalink
(c) Report to Congress- Not later than 1 year after the date of enactment of this Act and every 5 years thereafter, the Director shall transmit the strategic plan required under subsection (b) to the Committee on Science, Space, and Technology of the House of Representatives and the Committee on Commerce, Science, and Transportation of the Senate.CommentsClose CommentsPermalink
SEC. 205. IDENTITY MANAGEMENT RESEARCH AND DEVELOPMENT.
The Director shall continue a program to support the development of technical standards, metrology, testbeds, and conformance criteria, taking into account appropriate user concerns, to--CommentsClose CommentsPermalink
SEC. 206. AUTHORIZATIONS.
No additional funds are authorized to carry out this title and the amendments made by this title or to carry out the amendments made by sections 109 and 110 of this Act. This title and the amendments made by this title and the amendments made by sections 109 and 110 of this Act shall be carried out using amounts otherwise authorized or appropriated.CommentsClose CommentsPermalink
Vote on This Bill
OC Blog Articles Related To This Bill
- Videos from Personal Democracy Forum Conference 2012 Jun 13, 2012
- With SOPA Shelved, Congress Readies its Next Attack on the Internet Feb 13, 2012
- Anti-Web Censorship Bill Protest from Our Perspective at OC Feb 08, 2012
- Join the Public Mark-up of SOPA Nov 19, 2011
- After Weeks of Delay, Senate Small Biz Jobs Bill in Jeopardy Apr 20, 2011