House Slates Vote on Cybersecurity BillProvisions Include Skills Assessments, Scholarship-for-Work Program The House of Representatives is scheduled Wednesday to debate and vote on the Cybersecurity Enhancement Act, the first major information security bill to reach the floor of either house in the 111th Congress.
HR 4061, if enacted, would require the president to assess the government's cybersecurity workforce, including an agency-by-agency skills assessment, and provide scholarship to students who agree to work as cybersecurity specialists for the government after graduation.
The House Science and Technology Committee combined two measures - the Cybersecurity Coordination and Awareness Act and the Cybersecurity Research and Development Amendments Act - in November and then unanimously approved the merged bill.
Among the bill's key provisions:
- Increase the role of the National Institute of Standards and Technology in developing international cybersecurity technical standards. The measure also charges NIST with creating IT security awareness and education campaigns for the public, improving the interoperability of identity management systems to encourage more widespread use and developing an IT security checklist for agencies to use before acquiring IT wares.
- Order agencies to develop, update and implement a strategic plan for cybersecurity research and development based on an assessment of cybersecurity risk, and that it specify and prioritize near-term, mid-term and long-term research objectives, describing how the near-term objectives complement R&D occurring in the private sector.
- Establish a scholarship fund, administrated by the National Science Foundation, in which student recipients promise to work as IT security professionals in government in an equal number of years in which they received the grant.
- Direct the National Science Foundation to support research on the social and behavioral aspects of cybersecurity as part of their total cybersecurity research portfolio.
Further reading related to the Cybersecurity Enhancement Act: