Cybersecurity bill passes Congress, heads to White House
The House on Tuesday easily passed by voice vote a bill to boost national cybersecurity research and development by providing $903 million over five years to university and industry programs through competitive programs. The bill now heads to the White House for the president's signature.
"Cybersecurity is a problem that is even worse than it first appears," bill sponsor Sherwood Boehlert, R-N.Y., chairman of the House Science Committee, said on the House floor. "That's because not only are our nation's computers and networks vulnerable to attack, and not only could a cyberattack disrupt our economy and threaten public health and safety, but we simply don't know enough about how to design computers and networks to make them less vulnerable."
"Computers have become omnipresent-we are more and more at their mercy-without becoming any more secure," Boehlert added. "In an age of terrorism, such willful ignorance about cybersecurity has got to come to an end."
Under the bill, H.R. 3394, the National Science Foundation (NSF) and National Institute of Standards and Technology (NIST) will oversee programs to establish multidisciplinary centers for computer and network security research alone or in partnership with other universities or with businesses and government laboratories.
The federal agencies also will help colleges and universities to create or improve undergraduate or master's degree programs in cybersecurity, and doctoral students to receive fellowships toward degrees in computer and network security, and to work with industry.
"We must have training both for a new generation of cyberwarriors ... and for private sector companies," said Rep. Lamar Smith, R-Texas.
Rep. Vernon Ehlers, R-Mich., said on the floor that the bill highlights the importance of keeping the Computer Security Division within NIST, rather than transfer the division to the new Homeland Security Department as proposed.
"In today's world, security has to mean more than locking doors and installing metal detectors," said Washington Democrat Brian Baird, who drafted portions of the bill. "Our economy and homeland security relies on a vast information infrastructure that is woefully underprotected. This bill puts some of our brightest minds to work developing ways of making our computer networks impenetrable."
Baird noted that no catastrophic attack has yet been launched at the nation's computer systems, but cited White House Cyberspace Security Adviser Richard Clarke's urging that the United States address cybersecurity or face a "digital Pearl Harbor."
Industry groups hailed the bill's passage Tuesday, including the Computing Technology Industry Association, the Computing Research Association (CRA), and the U.S. Public Policy Committee of the Association for Computing Machinery. James Foley, chairman of CRA, said the rise of malicious attacks costs an estimated tens of billions of dollars a year.
The House passed the bill by a 400-12 margin last February, but the Senate on Oct. 17 made several changes in consultation with House staffers. The changes included $25 million more for faculty computer security training and a provision on tracking foreign students in the United States.