Bill summaries are authored by CRS.

Shown Here:
Passed House amended (02/04/2010)

Cybersecurity Enhancement Act of 2010 - Title I: Research and Development - (Sec. 103) Directs specified federal agencies participating in the National High-Performance Computing Program to: (1) transmit to Congress a cybersecurity strategic research and development plan and triennial updates; and (2) develop and annually update an implementation roadmap for such plan. Specifies the plan's contents, including that it shall: (1) specify near-term, mid-term, and long-term Program research objectives; (2) describe how the Program will establish a national research infrastructure to create next generation networking and information technology systems; (3) outline how the United States can work with our international partners on cybersecurity research and development (R&D) issues where appropriate; (4) describe how the Program will foster a more diverse workforce in this area; and (5) describe how the Program will strengthen cybersecurity education and training programs to ensure an adequate, well-trained workforce.

Instructs the participating agencies, in developing and updating the strategic plan, to solicit recommendations and advice from the advisory committee on high-performance computing and a wide range of specified stakeholders, including from industry, academia, and National Laboratories.

(Sec. 104) Provides for the award of computer and network security research grants by the National Science Foundation (NSF) in the research areas of social and behavioral factors, including human-computer interactions, and identity management, as well as in the detection, investigation, and prosecution of cyber-crimes involving organized crime, intellectual property, and crimes against children.

(Sec. 105) Authorizes appropriations for FY2010-FY2014 for such grants.

Requires applications for the establishment of Computer and Network Security Research Centers to include a description of how such Centers will partner with government laboratories, for-profit entities, other institutions of higher education, or nonprofit research institutions. Authorizes appropriations for FY2010-FY2014.

Authorizes appropriations to NSF for FY2010-FY2014 for: (1) computer and network security capacity building grants; (2) grants under the Scientific and Advanced Technology Act for the national advanced scientific and technical education program and national centers of scientific and technical education; and (3) grants for graduate traineeships programs in computer and network security research.

Authorizes the use of computer and network security capacity building grants for activities that revise curricula on the principles and techniques of designing secure software in order to better prepare undergraduate and master's degree students for careers in computer and network security.

Requires the NSF Director to carry out a program of awarding fellowships to encourage young scientists and engineers to conduct postdoctoral research in the fields of cybersecurity and information assurance, including the research areas under which computer and network security research grants are awarded. Authorizes appropriations for FY2010-FY2014.

Prohibits the use of any of the funds appropriated under this section for congressional earmarks.

Authorizes the use of computer and network security capacity building grants for activities that establish or enhance collaboration in computer and network security between community colleges, universities, and Manufacturing Extension Partnership Centers.

(Sec. 106) Requires the NSF Director to carry out a Scholarship for Service program to recruit and train the next generation of federal cybersecurity professionals and to increase the capacity of the higher education system to produce an information technology workforce with the skills necessary to enhance the security of the nation's communications and information infrastructure.

Requires the program to: (1) provide scholarships for tuition, fees, and a stipend for up to two years to students pursuing a bachelor's or master's degree and up to three years to students pursuing a doctoral degree in a cybersecurity field upon condition that a scholarship recipient, upon the completion of the degree, serves as cybersecurity professional within the federal workforce (or serves in another specified capacity if such federal employment is not offered) for a specified period of time; (2) provide scholarship recipients with summer internships or other temporary appointments in the federal information technology workforce, or at such Director's discretion, with appropriate private sector entities; and (3) increase the capacity of institutions of higher education throughout the United States to produce highly qualified cybersecurity professionals, through grants that support such activities as faculty professional development, institutional partnerships, development of cybersecurity-related courses and curricula, and outreach to secondary schools and two-year institutions to increase interest and recruitment of students into cybersecurity-related fields.

Authorizes appropriations to NSF for FY2010-FY2014 to carry out such program.

(Sec. 107) Directs the President to transmit a report to Congress addressing the cybersecurity workforce needs of the federal government, including: (1) an examination of the effectiveness of the National Centers of Academic Excellence in Information Assurance Education, Centers of Academic Excellence in Research, and Federal Cyber Scholarship for Service programs; and (2) an analysis of the capacity of the agency workforce to manage contractors who are performing cybersecurity work on behalf of the federal government.

(Sec. 108) Requires the Office of Science and Technology Policy (OSTP) Director to convene a cybersecurity university-industry task force to explore mechanisms for carrying out collaborative R&D activities through a consortium or other appropriate entity.

(Sec. 109) Requires (current law permits) the National Institute of Standards and Technology (NIST) Director to establish priorities for the development of checklists of settings and options that minimize security risks associated with computer systems that are, or are likely to become, widely used within the federal government. Requires: (1) development or identification and revision or adaptation as necessary, of checklists, configuration profiles, and deployment recommendations for products and protocols that minimize such risks; and (2) development of automated security specifications respecting checklist content and associated security related data. Instructs the NIST Director to ensure that federal agencies are informed of the availability of any products developed or identified under the National Checklist Program for any information systems, including the Security Content Automation Protocol.

(Sec. 110) Requires NIST to conduct intramural security research activities under its computing standards program.

(Sec. 111) Requires the OSTP Director to contract with the National Academy of Sciences (NAS) to complete a study describing the role of community colleges in cybersecurity education and to identify exemplary practices and partnerships related to cybersecurity education between such colleges and four-year educational institutions.

(Sec. 112) Requires the NSF Director, in coordination with other federal agencies participating in the Program, to establish a National Center of Excellence for Cybersecurity, to be awarded on a merit-reviewed, competitive basis.

Specifies the activities the National Center shall support, including activities for: (1) interaction and collaboration with Computer and Network Security Research Centers to foster the exchange of technical information and best practices; (2) performance of research in support of the development of technologies for testing hardware and software products to validate operational readiness and certify stated security levels; (3) coordination of cybersecurity education and training opportunities nationally; (4) enhancement of technology transfer and commercialization that promote cybersecurity innovation; and (5) performance of research on cybersecurity social and behavioral factors.

(Sec. 113) Directs the Comptroller General to transmit to Congress a report examining key weaknesses within the current cybersecurity infrastructure, along with recommendations on how to address such weaknesses.

Title II: Advancement of Cybersecurity Technical Standards - (Sec. 202) Requires the NIST Director to ensure coordination of U.S. government representation in the international development of technical standards related to cybersecurity. Requires the development and transmission of a plan to Congress to engage international standards bodies respecting the development of such standards.

(Sec. 203) Requires the NIST Director to implement a cybersecurity awareness and education program through the Manufacturing Extension Partnership program which shall include efforts to make cybersecurity technical standards and best practices usable by individuals, small to medium-sized businesses, state, local, and tribal governments, and educational institutions, including elderly populations, low-income populations, and populations in areas of planned broadband expansion or deployment. Requires a report to Congress containing a strategy for implementation of such program.

(Sec. 204) Requires the NIST Director to establish a program to support development of technical standards, metrology, testbeds, and conformance criteria with regard to identity management research and development.

(Sec. 205) Directs NIST to work with other federal, state, and private sector partners in the development of a framework that states may follow to achieve effective cybersecurity practices in a timely and cost-effective manner.