The Cybersecurity Enhancement Act would authorize up to $396 million over the next four years to fund cybersecurity research and $94 million over that period to provide scholarships to students pursuing cybersecurity studies, as long as they commit to public service after graduating.
The bill was passed Thursday in the House by a vote of 422 to 5.
“As our reliance on information technology has increased, so has our vulnerability to cyberattacks, as news reports indicate on a near daily basis,” Rep. Daniel Lipinski, D-Ill., chairman of the Research and Science Education Subcommittee said in a statement. “Cybercrime is a major problem for the government, for businesses and indeed for every American.”
The bill would develop a cybersecurity workforce, coordinate and prioritize federal research and development, and promote cybersecurity education and awareness for the general public, a statement from the House Committee on Science and Technology said on Thursday.
Lipinski, who introduced the bill in November, said it would strengthen research partnerships among the federal government, the private sector and colleges and universities, helping cybersecurity technologies to migrate from the research environment to the marketplace. Ultimately, this would lead to increased security of personal information, he said.
“We need to get the best ideas of our scientists and engineers out of the lab so they can contribute to our collective security and generate economic growth,” he said.
If enacted into law, the bill would also reauthorize several cybersecurity research programs within the National Science Foundation, the primary agency supporting non-classified cybersecurity research and development education.
In addition, the Cybersecurity Enhancement Act would establish a Scholarship for Service program to provide scholarships to students in information assurance and computer security fields in exchange for their service in the federal government once they have completed their education.
The bill would also require the National Institute of Standards and Technology (NIST) to implement a public cybersecurity awareness campaign to encourage best practices, such as using unique passwords for different programs. NIST would also be required to facilitate U.S. involvement in the creation of international cybersecurity standards.
And, the bill would require federal agencies to submit a long-term research-and-development plan detailing objectives of the initiative and the funding needed to carry it out.
The legislation is a combination of two draft bills that were recently approved by House subcommittees: the Cybersecurity Coordination and Awareness Act, approved in early November by the House Subcommittee on Technology and Innovation, and the Cybersecurity Research and Development Amendments Act of 2009, approved in late September by the Research and Science Education Subcommittee.
Mark Bregman, chief technology officer at Symantec, told SCMagazineUS.com in an email Thursday that the bill is a major step toward improving the security of cyberspace.
"Passage of the Cybersecurity Enhancement Act is a historic step toward ensuring cybersecurity at the national level in the United States," Bregman said. "Cybersecurity is an issue that impacts every facet of American society, be it economically, socially, in terms of education, or national security.”