Introduced by George Allen (R.-Va.) and Ron Wyden (D-Ore.), the Cyber Security Research and Development Act (S. 2182) represents a compromise with a similar measure passed earlier this year in the House of Representatives.
Matt Raymond, communications director and senior policy advisor for Allen, said the Senate version authorizes a higher level of funding than the House bill. Raymond said that although the House concluded business Wednesday night, the Senate compromise version is expected to easily pass the House when it reconvenes for a lame duck session after the mid-term elections in November.
"America must act now to protect our security on many fronts," Allen said. "As our reliance on technology and the Internet have grown over the past decade, our vulnerability to attacks on the nation's critical infrastructure and networked systems has also grown exponentially. The cyber threats in our nation are significant, and are unfortunately only becoming more complicated and sophisticated as time goes on."
The legislation authorizes grants and programs through the National Science Foundation (NSF) and National Institute of Standards and Technology (NIST) to encourage cybersecurity research and education efforts at institutions of higher learning and other entities.
It also establishes in NIST an Office for Information Security Programs and requires a NIST report on recommended basic levels of cybersecurity protection for federal government information systems.
Other provisions of the bill require a study and report to Congress on critical infrastructure weaknesses, and requires the Office of Science and Technology Policy to develop strategies for greater coordination of federal research and development activities, and to promote cybersecurity cooperation between the federal government, education institutions, and private industry.
A survey last year by the Computer Security Institute and FBI found that 85 percent of 538 respondents experienced computer intrusions. Carnegie Mellon University's CERT Coordination Center, which services as a reporting center for Internet security problems, last year received 2,437 vulnerability reports, almost six times the number in 1999. CERT estimates these statistics may represent only 20 percent of the incidents that actually have occurred.