Would you like to play a nice game of chess?

Robert Hudock — Thu, 04 Feb 2010 20:31:32 +0000

Largely in reaction to a devastating cyber attack against Google last week, and general concern about the vulnerability of the nations information superhighway, the house passes the Cybersecurity Enhancement Act of 2009 (available at http://thomas.loc.gov/cgi-bin/query/z?c111:h4061) 422 to 5. The companion bill in the senate is Cybersecurity Act of 2009, or Senate Bill 773, will “ensure the continued free flow of commerce within the United States and with its global trading partners through secure cyber communications, to provide for the continued development and exploitation of the Internet and intranet communications for such purposes, to provide for the development of a cadre of information technology specialists to improve and maintain effective cyber security defenses against disruption, and for other purposes.” The senate bill is much broader in scope (calling for example a cybersecurity dashboard). Whether the government can hire and retain top talent remains an open question.

Directs federal agencies participating to:

Transmit to Congress a cybersecurity strategic research and development plan and triennial updates; and
Develop and annually update an implementation roadmap for such plan. Provides for the award of computer and network security research grants by the National Science Foundation (NSF) in the research areas of social and behavioral factors, including human-computer interactions, and identity management.

Instructs that applications for the establishment of Computer and Network Security Research Centers include how such Centers will partner with government laboratories, for-profit entities, other institutions of higher education, or nonprofit research institutions.

Requires the NSF Director to carry out a program of awarding fellowships to encourage young scientists and engineers to conduct postdoctoral research in the fields of cybersecurity and information assurance, including the research areas under which computer and network security research grants are awarded.

Requires the Office of Science and Technology Policy (OSTP) Director to convene a cybersecurity university-industry task force to explore mechanisms for carrying out collaborative R&D activities. Requires (currently, permits) the National Institute of Standards and Technology (NIST) Director to establish priorities for the development of checklists of settings and options that minimize security risks associated with computer systems that are, or are likely to become, widely used within the federal government.

Requires:

Development or identification and revision or adaptation as necessary, of checklists, configuration profiles, and deployment recommendations for products and protocols that minimize such risks; and
Development of automated security specifications respecting checklist content and associated security related data. Ensures that any products developed under the National Checklist Program for any information systems, including the Security Content Automation Protocol, be disseminated to federal agencies Requires conducting of intramural security research activities under NIST’s computing standards program.

Instructs the NIST Director to:

Ensure coordination of U.S. government representation in the international development of technical standards related to cybersecurity;
Implement a cybersecurity awareness and education program through the Manufacturing Extension Partnership program; and
Establish a program to support development of technical standards, metrology, testbeds, and conformance criteria with regard to identity management research and development.

(Summary excerpted from http://www.govtrack.us/congress/bill.xpd?bill=h111-4061).

Related Blogs

Would you like to play a nice game of chess? originally appeared on Law Blog 2.0 on February 5, 2010.

Law Blog 2.0 » Expert Systems

Would you like to play a nice game of chess?

Related Blogs