Sec. 201. Federal cybersecurity research and development
1,099 words·~5 min read·
/bill/113/s/1353/rs/section-201A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
The Director of the Office of Science and Technology Policy, in coordination with the head of any relevant Federal agency, shall build upon programs and plans in effect as of the date of enactment of this Act to develop a Federal cybersecurity research and development plan to meet objectives in cybersecurity, such as— how to design and build complex software-intensive systems that are secure and reliable when first deployed; how to test and verify that software and hardware, whether developed locally or obtained from a third party, is free of significant known security flaws; how to test and verify that software and hardware obtained from a third party correctly implements stated functionality, and only that functionality; how to guarantee the privacy of an individual, including that individual's identity, information, and lawful transactions when stored in distributed systems or transmitted over networks; how to build new protocols to enable the Internet to have robust security as one of the key capabilities of the Internet; how to determine the origin of a message transmitted over the Internet; how to support privacy in conjunction with improved security; how to address the growing problem of insider threats; how improved consumer education and digital literacy initiatives can address human factors that contribute to cybersecurity; how to protect information processed, transmitted, or stored using cloud computing or transmitted through wireless services; and any additional objectives the Director of the Office of Science and Technology Policy, in coordination with the head of any relevant Federal agency and with input from stakeholders, including industry and academia, determines appropriate.
The Federal cybersecurity research and development plan shall identify and prioritize near-term, mid-term, and long-term research in computer and information science and engineering to meet the objectives under paragraph (1), including research in the areas described in section 4(a)(1) of the Cyber Security Research and Development Act ( 15 U.S.C. 7403(a)(1) ). In developing, implementing, and updating the Federal cybersecurity research and development plan, the Director of the Office of Science and Technology Policy shall work in close cooperation with industry, academia, and other interested stakeholders to ensure, to the extent possible, that Federal cybersecurity research and development is not duplicative of private sector efforts.
The Federal cybersecurity research and development plan shall be updated triennially. The Director of the Office of Science and Technology Policy shall submit the plan, not later than 1 year after the date of enactment of this Act, and each updated plan under this section to the Committee on Commerce, Science, and Transportation of the Senate and the Committee on Science, Space, and Technology of the House of Representatives. The Director of the National Science Foundation shall support research that— develops, evaluates, disseminates, and integrates new cybersecurity practices and concepts into the core curriculum of computer science programs and of other programs where graduates of such programs have a substantial probability of developing software after graduation, including new practices and concepts relating to secure coding education and improvement programs; and develops new models for professional development of faculty in cybersecurity education, including secure coding development.
Not later than 1 year after the date of enactment of this Act, the Director the National Science Foundation, in coordination with the Director of the Office of Science and Technology Policy, shall conduct a review of cybersecurity test beds in existence on the date of enactment of this Act to inform the grants under paragraph (2). The review shall include an assessment of whether a sufficient number of cybersecurity test beds are available to meet the research needs under the Federal cybersecurity research and development plan.
If the Director of the National Science Foundation, after the review under paragraph (1), determines that the research needs under the Federal cybersecurity research and development plan require the establishment of additional cybersecurity test beds, the Director of the National Science Foundation, in coordination with the Secretary of Commerce and the Secretary of Homeland Security, may award grants to institutions of higher education or research and development non-profit institutions to establish cybersecurity test beds.
The cybersecurity test beds under subparagraph
(A)shall be sufficiently large in order to model the scale and complexity of real-time cyber attacks and defenses on real world networks and environments. The Director of the National Science Foundation, in coordination with the Secretary of Commerce and the Secretary of Homeland Security, shall evaluate the effectiveness of any grants awarded under this subsection in meeting the objectives of the Federal cybersecurity research and development plan under subsection
(a)no later than 2 years after the review under paragraph
(1)of this subsection, and periodically thereafter. In accordance with the responsibilities under section 101 of the High-Performance Computing Act of 1991 ( 15 U.S.C. 5511 ), the Director the Office of Science and Technology Policy shall coordinate, to the extent practicable, Federal research and development activities under this section with other ongoing research and development security-related initiatives, including research being conducted by— the National Science Foundation; the National Institute of Standards and Technology; the Department of Homeland Security; other Federal agencies; other Federal and private research laboratories, research entities, and universities; institutions of higher education; relevant nonprofit organizations; and international partners of the United States. Section 4(a)(1) of the Cyber Security Research and Development Act ( 15 U.S.C. 7403(a)(1) ) is amended— in subparagraph (H), by striking and at the end; in subparagraph (I), by striking the period at the end and inserting a semicolon; and by adding at the end the following: secure fundamental protocols that are integral to inter-network communications and data exchange; secure software engineering and software assurance, including— programming languages and systems that include fundamental security features; portable or reusable code that remains secure when deployed in various environments; verification and validation technologies to ensure that requirements and specifications have been implemented; and models for comparison and metrics to assure that required standards have been met; holistic system security that— addresses the building of secure systems from trusted and untrusted components; proactively reduces vulnerabilities; addresses insider threats; and supports privacy in conjunction with improved security; monitoring and detection; mitigation and rapid recovery methods; security of wireless networks and mobile devices; and security of cloud infrastructure and services. . The head of each agency and department identified under section 101(a)(3)(B) of the High-Performance Computing Act of 1991 ( 15 U.S.C. 5511(a)(3)(B) ), through existing programs and activities, shall support research that will lead to the development of a scientific foundation for the field of cybersecurity, including research that increases understanding of the underlying principles of securing complex networked systems, enables repeatable experimentation, and creates quantifiable security metrics.
Connectionstraces to 2
Traces to 2 documents
Citation graph
cites case law
Cites 2Cited by 0 across 0 sources