February 2010
S M T W T F S
« Dec   Mar »
 123456
78910111213
14151617181920
21222324252627
28  

Legal Disclaimer

Your use of this Blog does not create an attorney-client relationship. Your e-mail or comments do not create an attorney-client relationship. We have no duty to keep confidential the information that is submitted to this blog. This blog is not a substitute for, nor does it constitute legal advice. Only an attorney who knows the details of your particular situation and is properly licensed in the applicable state (or states) is able to appropriately and properly address any legal issues you may have.

Blog Categories
«  
  »

Would you like to play a nice game of chess?

By Robert Hudock, on February 5th, 2010 Print This Post Print This Post

Largely in reaction to a devastating cyber attack against Google last week, and general concern about the vulnerability of the nations information superhighway, the house passes the Cybersecurity Enhancement Act of 2009 (available at http://thomas.loc.gov/cgi-bin/query/z?c111:h4061)  422 to 5.  The companion bill in the senate is Cybersecurity Act of 2009, or Senate Bill 773, will “ensure the continued free flow of commerce within the United States and with its global trading partners through secure cyber communications, to provide for the continued development and exploitation of the Internet and intranet communications for such purposes, to provide for the development of a cadre of information technology specialists to improve and maintain effective cyber security defenses against disruption, and for other purposes.” The senate bill is much broader in scope (calling for example a cybersecurity dashboard). Whether the government can hire and retain top talent remains an open question.

Directs federal agencies participating to:

  • Transmit to Congress a cybersecurity strategic research and development plan and triennial updates; and
  • Develop and annually update an implementation roadmap for such plan. Provides for the award of computer and network security research grants by the National Science Foundation (NSF) in the research areas of social and behavioral factors, including human-computer interactions, and identity management.

Instructs that applications for the establishment of Computer and Network Security Research Centers include how such Centers will partner with government laboratories, for-profit entities, other institutions of higher education, or nonprofit research institutions.

Requires the NSF Director to carry out a program of awarding fellowships to encourage young scientists and engineers to conduct postdoctoral research in the fields of cybersecurity and information assurance, including the research areas under which computer and network security research grants are awarded.

Requires the Office of Science and Technology Policy (OSTP) Director to convene a cybersecurity university-industry task force to explore mechanisms for carrying out collaborative R&D activities. Requires (currently, permits) the National Institute of Standards and Technology (NIST) Director to establish priorities for the development of checklists of settings and options that minimize security risks associated with computer systems that are, or are likely to become, widely used within the federal government.

Requires:

  • Development or identification and revision or adaptation as necessary, of checklists, configuration profiles, and deployment recommendations for products and protocols that minimize such risks; and
  • Development of automated security specifications respecting checklist content and associated security related data.  Ensures that any products developed under the National Checklist Program for any information systems, including the Security Content Automation Protocol, be disseminated to federal agencies Requires conducting of intramural security research activities under NIST’s computing standards program.

Instructs the NIST Director to:

  • Ensure coordination of U.S. government representation in the international development of technical standards related to cybersecurity;
  • Implement a cybersecurity awareness and education program through the Manufacturing Extension Partnership program; and
  • Establish a program to support development of technical standards, metrology, testbeds, and conformance criteria with regard to identity management research and development.

(Summary excerpted from http://www.govtrack.us/congress/bill.xpd?bill=h111-4061).

Related Blogs

 Digg  Facebook  StumbleUpon  Technorati  Deli.cio.us 

Related posts:

  1. Office of the National Coordinator — Time to Reorganize. On December 1st, 2009 the Office of the Secretary of...
  2. Early Salvo on Health Reform . . . The new economic stimulus law frames immediate nuts-and-bolts issues as...
  3. Evaluating Secutiy Incidents — Security Incident DOs and DON’Ts Security Incidents can be accidental incursions or deliberate attempts to...
February 5th, 2010 | Tags: , , | Category: Computer Security Law -- Federal, Cyber Security Enhancement Act of 2009, Expert Systems, Law and Technology, NIST | Leave a comment Print This Post Print This Post

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Improve the web with Nofollow Reciprocity.