HR 756 – Cybersecurity R&D

As I noted two weeks ago Rep. McCaul (R,TX) introduced HR 756, the Cybersecurity Enhancement Act of 2013. The GPO finally made a copy available so that we can see the actual language for the bill and it is, as I suspected, virtually identical to the version of HR 2096 adopted by the House in the last session in a bipartisan vote.  

Reauthorization

This is essentially a bill to reauthorize a number of cybersecurity R&D programs. It provides a three year authorization for spending on the following National Science Foundation (NSF) cybersecurity research and development programs:

• Computer and network security research grants, at $90,000/year {§105(b)};

• Computer and network security research centers, at $4,500,000/year {§105(c)};

• Computer and network security capacity building grants, at $19,000,000/ year {§105(d)};

• Scientific and advanced technology act grants, at $2,500,000/year {§105(e)}; and

• Graduate traineeships in computer and network security, $24,000,000/year {§105(f)};

International Standards

Title II of the bill takes on a new level of importance now that the President’s cybersecurity Executive Order has been published as it addresses coordination of federal agencies working on the development of international standards “related to information system security” {§202(a)(1)}. Since the EO emphasizes the adoption of consensus international standards where practical, the US government’s participation in the development of those standards becomes more important.

No Control System Research

While “critical infrastructures for electric power, natural gas and petroleum production and distribution, telecommunications, transportation, water supply, banking and finance, and emergency and government services” {§2 adds to 15 USC 7401(1)} is clearly mentioned in the congressional ‘findings’ that justify the bill, there is no mention of control systems anywhere within the bill. This bill is clearly focused on the larger portion of cybersecurity, information technology.

Moving Forward

HR 2096 passed easily in the House in the last session (most of the opposition came from anti-spending Republicans) and would have passed as easily in the Senate if Sen. Reid hadn’t been so focused on passing a comprehensive cybersecurity bill. With the EO in place to take the heat off in the Senate, this bill should pass as quickly as the leadership decides to bring it to the floor.