S.1353 - Cybersecurity Enhancement Act of 2014

A bill to provide for an ongoing, voluntary public-private partnership to improve cybersecurity, and to strengthen cybersecurity research and development, workforce development and education, and public awareness and preparedness, and for other purposes. view all titles (5)

All Bill Titles

  • Short: Cybersecurity Enhancement Act of 2014 as passed senate.
  • Short: Cybersecurity Enhancement Act of 2014 as passed house.
  • Short: Cybersecurity Act of 2013 as reported to senate.
  • Short: Cybersecurity Act of 2013 as introduced.
  • Official: A bill to provide for an ongoing, voluntary public-private partnership to improve cybersecurity, and to strengthen cybersecurity research and development, workforce development and education, and public awareness and preparedness, and for other purposes. as introduced.

This Bill currently has no wiki content. If you would like to create a wiki entry for this bill, please Login, and then select the wiki tab to create it.

Bill’s Views

  • Today: 10
  • Past Seven Days: 55
  • All-Time: 1,389
 
Introduced
 
Senate
Passed
 
House
Passed
 
President
Signed
 

 
07/24/13
 
12/11/14
 
12/11/14
 
12/18/14
 

Official Summary

Cybersecurity Act of 2013 - Title I: Public-Private Collaboration on Cybersecurity - (Sec. 101) Amends the National Institute of Standards and Technology Act to permit the Secretary of Commerce, acting through the Director of the National Institute of Standards and Technology (NIST), to fac

Official Summary

Cybersecurity Act of 2013 - Title I: Public-Private Collaboration on Cybersecurity -

(Sec. 101)

Amends the National Institute of Standards and Technology Act to permit the Secretary of Commerce, acting through the Director of the National Institute of Standards and Technology (NIST), to facilitate and support the development of a voluntary, industry-led set of standards and procedures to reduce cyber risks to critical infrastructure. Requires the Director, in carrying out such activities, to:
(1) coordinate continuously with, and incorporate the industry expertise of, relevant private sector personnel and entities, critical infrastructure owners and operators, sector coordinating councils, Information Sharing and Analysis Centers, and other relevant industry organizations;
(2) consult with the heads of agencies with national security responsibilities, sector-specific agencies, state and local governments, governments of other nations, and international organizations;
(3) identify a prioritized, flexible, repeatable, performance-based, and cost-effective approach, including information security measures and controls, that may be voluntarily adopted by owners and operators of critical infrastructure to help identify, assess, and manage cyber risks; and
(4) include methodologies to mitigate impacts on business confidentiality, protect individual privacy and civil liberties, incorporate voluntary consensus standards and industry best practices, align with international standards, and prevent duplication of regulatory processes. Prohibits the Director from prescribing a specific solution or requiring that products or services be designed or manufactured in a particular manner. Prohibits information provided to NIST for purposes of developing cyber risk standards from being used by federal, state, tribal, or local agencies to regulate the activity of any entity. Directs the Comptroller General (GAO) to submit biennial reports over a specified period concerning NIST's progress in facilitating the development of such standards and procedures. Requires such reports to address the extent to which such standards:
(1) are voluntary and led by industry representatives,
(2) have been adopted by sectors of critical infrastructure, and
(3) have protected against cyber threats. Instructs the Comptroller General to include in such reports an assessment of the reasons behind decisions of sectors to adopt or not adopt such standards. Title II: Cybersecurity Research and Development -

(Sec. 201)

Directs the Office of Science and Technology Policy (OSTP) to develop, and update triennially, a federal cybersecurity research and development plan to meet cybersecurity objectives, including how to guarantee individual privacy, verify third-party software and hardware, address insider threats, determine the origin of messages transmitted over the Internet, and protect information stored using cloud computing or transmitted through wireless services. Requires the OSTP to submit each updated plan to Congress. Directs the National Science Foundation (NSF) to support cybersecurity research and to review cybersecurity test beds. Permits the NSF, if it determines that additional test beds are necessary, to award grants to institutions of higher education or research and development nonprofit institutions to establish such additional test beds. Requires the OSTP to coordinate with other ongoing research initiatives. Amends the Cyber Security Research and Development Act to permit NSF research and development grants for:
(1) secure fundamental protocols that are integral to inter-network communications and data exchange;
(2) secure software engineering and software assurance;
(3) holistic system security to address trusted and untrusted components, reduce vulnerabilities proactively, address insider threats, and support privacy;
(4) monitoring, detection, mitigation, and rapid recovery methods; and
(5) secure wireless networks, mobile devices, and cloud infrastructure. Directs specified agencies under the High-Performance Computing Act of 1991 to support research leading to a scientific foundation for the field of cybersecurity.

(Sec. 202)

Expands the criteria to be considered by NSF when evaluating grant applications of institutions seeking to establish Centers for Computer and Network Security Research to include:
(1) the applicant's affiliations with private sector entities and existing federal research programs;
(2) experience managing public-private partnerships;
(3) capabilities to conduct interdisciplinary cybersecurity research in a secure environment; and
(4) research in areas such as systems security, wireless security, networking and protocols, formal methods and high-performance computing, nanotechnology, or industrial control systems. Title III: Education and Workforce Development -

(Sec. 301)

Directs the Department of Commerce, NSF, and the Department of Homeland Security (DHS) to support competitions and challenges to recruit individuals to perform information infrastructure security duties or to stimulate cybersecurity innovations. Authorizes the Office of Personnel Management (OPM) to support internships or other work experience in the federal government for the winners of such competitions and challenges.

(Sec. 302)

Directs NSF to continue the Federal Cyber Scholarship-for-Service program under which recipients agree to work in the cybersecurity mission of a federal, state, local, or tribal agency for a period equal to the length of their scholarship. Requires NSF to evaluate and report periodically to Congress on:
(1) the success of recruiting individuals for such scholarships, and
(2) hiring and retaining those individuals in the public sector workforce.

(Sec. 303)

Requires NSF, OPM, and DHS to enter arrangements with the National Academy of Sciences (NAS) to conduct a comprehensive study of government, academic, and private-sector education, accreditation, training, and certification programs for the development of professionals in information infrastructure and cybersecurity. Directs NAS to report to the President and Congress on study results, including findings regarding the state of, and recommendations for further research and the improvement of, information infrastructure and cybersecurity education, accreditation, training, and certification programs. Title IV: Cybersecurity Awareness and Preparedness -

(Sec. 401)

Directs NIST to continue coordinating a national cybersecurity awareness and preparedness campaign to increase public awareness and understanding of cybersecurity risks (including through use of the Internet, social media, entertainment, and other media), support education programs, and evaluate workforce needs. Requires NIST to develop a strategic plan to guide federal activities in support of such campaign. Directs NIST to transmit such plan to Congress every five years.

...Read the Rest

Organizations Supporting S.1353

  • Securities Industry and Financial Markets Association
  • American Bankers Association
  • Financial Services Roundtable
  • National Association of Manufacturers
  • EMC Corporation
  • TechAmerica
  • ...and 10 more. See all.

Organizations Opposing S.1353

  • None via MapLight at this time.


Latest Letters to Congress

See All Letters (4)
 


Vote on This Bill

29% Users Support Bill

2 in favor / 5 opposed
 

Send Your Senator a Letter

about this bill Support Oppose Tracking
Track with MyOC