1.This Act may be cited as the
Cybersecurity Enhancement Act of
2010
.
<enum>I</enum><header display-inline="yes-display-inline">Research and Development</header>
<section commented="no" display-inline="no-display-inline" id="H4256C1F900B64E6F8B670D402EA0D6E3" section-type="subsequent-section"><enum>101.</enum><header display-inline="yes-display-inline">Definitions</header><text display-inline="no-display-inline">In this title:</text>
<paragraph commented="no" display-inline="no-display-inline" id="HD115B8B1439D4DBBB653A773712FE905"><enum>(1)</enum><header display-inline="yes-display-inline">National coordination office</header><text display-inline="yes-display-inline">The term National Coordination Office means
the National Coordination Office for the Networking and Information Technology
Research and Development program.</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H104E9F93220B4CC2B0FD6AF2E2E081C5"><enum>(2)</enum><header display-inline="yes-display-inline">Program</header><text display-inline="yes-display-inline">The term Program means the Networking and
Information Technology Research and Development program which has been
established under section 101 of the High-Performance Computing Act of 1991
(<external-xref legal-doc="usc" parsable-cite="usc/15/5511">15 U.S.C.
5511</external-xref>).</text>
</paragraph></section><section commented="no" display-inline="no-display-inline" id="HE0714BE6731F4988B3F7D04C5E367E25" section-type="subsequent-section"><enum>102.</enum><header display-inline="yes-display-inline">Findings</header><text display-inline="no-display-inline">Section 2 of the Cyber Security Research and
Development Act (<external-xref legal-doc="usc" parsable-cite="usc/15/7401">15
U.S.C. 7401</external-xref>) is amended—</text>
<paragraph commented="no" display-inline="no-display-inline" id="H0C4DB36CDEE545F7A73805472EF6A5D6"><enum>(1)</enum><text display-inline="yes-display-inline">by amending paragraph (1) to read as
follows:</text>
<quoted-block display-inline="no-display-inline" id="H7F0071823F4F4716AD8B546B06F28877" style="OLC">
<paragraph commented="no" display-inline="no-display-inline" id="H85C9F99DC73B4A6F871D9BB8583BFF16"><enum>(1)</enum><text display-inline="yes-display-inline">Advancements in information and
communications technology have resulted in a globally interconnected network of
government, commercial, scientific, and education infrastructures, including
critical infrastructures for electric power, natural gas and petroleum
production and distribution, telecommunications, transportation, water supply,
banking and finance, and emergency and government
services.</text>
</paragraph><after-quoted-block>;</after-quoted-block></quoted-block>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="HA2FBF1500C3F4D809592777E18EB8D57"><enum>(2)</enum><text display-inline="yes-display-inline">in paragraph (2), by striking
<quote>Exponential increases in interconnectivity have facilitated enhanced
communications, economic growth,</quote> and inserting <quote>These
advancements have significantly contributed to the growth of the United States
economy</quote>;</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H59C8965E506341CBA0C14886220483FF"><enum>(3)</enum><text display-inline="yes-display-inline">by amending paragraph (3) to read as
follows:</text>
<quoted-block display-inline="no-display-inline" id="H00C232D1114C4036858FD3C529ED9DBC" style="OLC">
<paragraph commented="no" display-inline="no-display-inline" id="HA5AA2BB0BF9E4511BDB495453438EF33"><enum>(3)</enum><text display-inline="yes-display-inline">The Cyberspace Policy Review published by
the President in May, 2009, concluded that our information technology and
communications infrastructure is vulnerable and has <quote>suffered intrusions
that have allowed criminals to steal hundreds of millions of dollars and
nation-states and other entities to steal intellectual property and sensitive
military
information</quote>.</text>
</paragraph><after-quoted-block>;</after-quoted-block></quoted-block>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H93277B14258349BFA4C554B52A655C39"><enum>(4)</enum><text display-inline="yes-display-inline">by redesignating paragraphs (4) through (6)
as paragraphs (5) through (7), respectively;</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H642F5E3E186E479094C77859C3304404"><enum>(5)</enum><text display-inline="yes-display-inline">by inserting after paragraph (3) the
following new paragraph:</text>
<quoted-block display-inline="no-display-inline" id="HBFA13C9F278A4F339EC1EE8767B7DD63" style="OLC">
<paragraph commented="no" display-inline="no-display-inline" id="HA641DA5D700F43739135DFFBC6F6E599"><enum>(4)</enum><text display-inline="yes-display-inline">In a series of hearings held before
Congress in 2009, experts testified that the Federal cybersecurity research and
development portfolio was too focused on short-term, incremental research and
that it lacked the prioritization and coordination necessary to address the
long-term challenge of ensuring a secure and reliable information technology
and communications infrastructure.</text>
</paragraph><after-quoted-block>;
and</after-quoted-block></quoted-block>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H0DFF0904DC9B414399CE53F0CDC50586"><enum>(6)</enum><text display-inline="yes-display-inline">by amending paragraph (7), as so
redesignated by paragraph (4) of this section, to read as follows:</text>
<quoted-block display-inline="no-display-inline" id="HA94839EBBF43410CAE5F18CD084D8907" style="OLC">
<paragraph commented="no" display-inline="no-display-inline" id="H12B7820E03094A8599242812A6130444"><enum>(7)</enum><text display-inline="yes-display-inline">While African-Americans, Hispanics, and
Native Americans constitute 33 percent of the college-age population, members
of these minorities comprise less than 20 percent of bachelor degree recipients
in the field of computer
sciences.</text>
</paragraph><after-quoted-block>.</after-quoted-block></quoted-block>
</paragraph></section><section commented="no" display-inline="no-display-inline" id="H003B5B5A7D1244F5B29EE9DAD603A221" section-type="subsequent-section"><enum>103.</enum><header display-inline="yes-display-inline">Cybersecurity strategic research and
development plan</header>
<subsection commented="no" display-inline="no-display-inline" id="HCEC5C28CF02A4348ABAA0C42E880FDDF"><enum>(a)</enum><header display-inline="yes-display-inline">In general</header><text display-inline="yes-display-inline">Not later than 12 months after the date of
enactment of this Act, the agencies identified in subsection 101(a)(3)(B)(i)
through (x) of the High-Performance Computing Act of 1991 (<external-xref legal-doc="usc" parsable-cite="usc/15/5511">15 U.S.C.
5511(a)(3)(B)(i)</external-xref> through (x)) or designated under section
101(a)(3)(B)(xi) of such Act, working through the National Science and
Technology Council and with the assistance of the National Coordination Office,
shall transmit to Congress a strategic plan based on an assessment of
cybersecurity risk to guide the overall direction of Federal cybersecurity and
information assurance research and development for information technology and
networking systems. Once every 3 years after the initial strategic plan is
transmitted to Congress under this section, such agencies shall prepare and
transmit to Congress an update of such plan.</text>
</subsection><subsection commented="no" display-inline="no-display-inline" id="HCD547A04042B4EAA920BF46F403DBE68"><enum>(b)</enum><header display-inline="yes-display-inline">Contents of plan</header><text display-inline="yes-display-inline">The strategic plan required under
subsection (a) shall—</text>
<paragraph commented="no" display-inline="no-display-inline" id="HA952ED93B3204D628241C2E22FCA4407"><enum>(1)</enum><text display-inline="yes-display-inline">specify and prioritize near-term, mid-term
and long-term research objectives, including objectives associated with the
research areas identified in section 4(a)(1) of the Cyber Security Research and
Development Act (<external-xref legal-doc="usc" parsable-cite="usc/15/7403">15
U.S.C. 7403(a)(1)</external-xref>) and how the near-term objectives complement
research and development areas in which the private sector is actively
engaged;</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H51A12500A22E44C5990318EFC4520A93"><enum>(2)</enum><text display-inline="yes-display-inline">describe how the Program will focus on
innovative, transformational technologies with the potential to enhance the
security, reliability, resilience, and trustworthiness of the digital
infrastructure, including technologies to secure sensitive information shared
among Federal agencies;</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="HA25B8B21157749D3B47DF4CE34310952"><enum>(3)</enum><text display-inline="yes-display-inline">describe how the Program will foster the
transfer of research and development results into new cybersecurity
technologies and applications for the benefit of society and the national
interest, including through the dissemination of best practices and other
outreach activities;</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="HDA77744CBBC246FE95316D2AA933A6C2"><enum>(4)</enum><text display-inline="yes-display-inline">describe how the Program will establish and
maintain a national research infrastructure for creating, testing, and
evaluating the next generation of secure networking and information technology
systems;</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H205EC9DFCC204FCCB7175C71AA85283E"><enum>(5)</enum><text display-inline="yes-display-inline">describe how the Program will facilitate
access by academic researchers to the infrastructure described in paragraph
(4), as well as to relevant data, including event data representing realistic
threats and vulnerabilities;</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H92382DC63901463AAA4BBE952AA2C77C"><enum>(6)</enum><text display-inline="yes-display-inline">describe how the Program will engage
females and individuals identified in section 33 or 34 of the Science and
Engineering Equal Opportunities Act (42 U.S.C. 1885a or 1885b) to foster a more
diverse workforce in this area;</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="HF1185CB3FE724FD1BDEE6FDF109B49F0"><enum>(7)</enum><text display-inline="yes-display-inline">outline how the United States can work
strategically with our international partners on cybersecurity research and
development issues where appropriate; and</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="HD061396206164E418689C43A525B0954"><enum>(8)</enum><text display-inline="yes-display-inline">describe how the Program will strengthen
all levels of cybersecurity education and training programs to ensure an
adequate, well-trained workforce.</text>
</paragraph></subsection><subsection commented="no" display-inline="no-display-inline" id="HFE9FB6849AC24BF7B2C3648D3D281FA1"><enum>(c)</enum><header display-inline="yes-display-inline">Development of roadmap</header><text display-inline="yes-display-inline">The agencies described in subsection (a)
shall develop and annually update an implementation roadmap for the strategic
plan required in this section. Such roadmap shall—</text>
<paragraph commented="no" display-inline="no-display-inline" id="H0B538B5427A943C0A1323F36FD338EAC"><enum>(1)</enum><text display-inline="yes-display-inline">specify the role of each Federal agency in
carrying out or sponsoring research and development to meet the research
objectives of the strategic plan, including a description of how progress
toward the research objectives will be evaluated;</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="HF30E038ACD0240028CB1974154771374"><enum>(2)</enum><text display-inline="yes-display-inline">specify the funding allocated to each major
research objective of the strategic plan and the source of funding by agency
for the current fiscal year; and</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H4622F41E5DAA439AA399291B363FC6E8"><enum>(3)</enum><text display-inline="yes-display-inline">estimate the funding required for each
major research objective of the strategic plan for the following 3 fiscal
years.</text>
</paragraph></subsection><subsection commented="no" display-inline="no-display-inline" id="H4BFA2242167B46BEAA5DF720F164826E"><enum>(d)</enum><header display-inline="yes-display-inline">Recommendations</header><text display-inline="yes-display-inline">In developing and updating the strategic
plan under subsection (a), the agencies involved shall solicit recommendations
and advice from—</text>
<paragraph commented="no" display-inline="no-display-inline" id="H868EC6E4B0E84C9DB6D5F19A2EEC8415"><enum>(1)</enum><text display-inline="yes-display-inline">the advisory committee established under
section 101(b)(1) of the High-Performance Computing Act of 1991 (<external-xref legal-doc="usc" parsable-cite="usc/15/5511">15 U.S.C.
5511(b)(1)</external-xref>); and</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H3760895486994371B1E53235E3DECA6A"><enum>(2)</enum><text display-inline="yes-display-inline">a wide range of stakeholders, including
industry, academia, including representatives of minority serving institutions
and community colleges, National Laboratories, and other relevant organizations
and institutions.</text>
</paragraph></subsection><subsection commented="no" display-inline="no-display-inline" id="H8B47F9762609447F874366641B455B23"><enum>(e)</enum><header display-inline="yes-display-inline">Appending to report</header><text display-inline="yes-display-inline">The implementation roadmap required under
subsection (c), and its annual updates, shall be appended to the report
required under section 101(a)(2)(D) of the High-Performance Computing Act of
1991 (<external-xref legal-doc="usc" parsable-cite="usc/15/5511">15 U.S.C.
5511(a)(2)(D)</external-xref>).</text>
</subsection></section><section commented="no" display-inline="no-display-inline" id="H7E8B6BA0DB4247408CDB72A74C1B5AB5" section-type="subsequent-section"><enum>104.</enum><header display-inline="yes-display-inline">Social and behavioral research in
cybersecurity</header><text display-inline="no-display-inline">Section 4(a)(1)
of the Cyber Security Research and Development Act (<external-xref legal-doc="usc" parsable-cite="usc/15/7403">15 U.S.C.
7403(a)(1)</external-xref>) is amended—</text>
<paragraph commented="no" display-inline="no-display-inline" id="HD0015D2CE5A94B369212E44A3A35DC91"><enum>(1)</enum><text display-inline="yes-display-inline">by inserting <quote>and usability</quote>
after <quote>to the structure</quote>;</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="HF22D83193AC94073843458888220AE25"><enum>(2)</enum><text display-inline="yes-display-inline">in subparagraph (H), by striking
<quote>and</quote> after the semicolon;</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H69F9FC228F5C4A3BADC5517D25E5A87B"><enum>(3)</enum><text display-inline="yes-display-inline">in subparagraph (I), by striking the period
at the end and inserting <quote>; and</quote>; and</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H2281E7594D004D4483428BEFE874324C"><enum>(4)</enum><text display-inline="yes-display-inline">by adding at the end the following new
subparagraph:</text>
<quoted-block display-inline="no-display-inline" id="HDB600E717A3A4658BC2E25BF6843D12D" style="OLC">
<subparagraph commented="no" display-inline="no-display-inline" id="HA042D6E464A8444AB73D5089D7F27F0C"><enum>(J)</enum><text display-inline="yes-display-inline">social and behavioral factors, including
human-computer interactions, usability, user motivations, and organizational
cultures.</text>
</subparagraph><after-quoted-block>.</after-quoted-block></quoted-block>
</paragraph></section><section commented="no" display-inline="no-display-inline" id="HE255553804A84E939A85C8A38FDDC89C" section-type="subsequent-section"><enum>105.</enum><header display-inline="yes-display-inline">National Science Foundation cybersecurity
research and development programs</header>
<subsection commented="no" display-inline="no-display-inline" id="H73FE350E0A5B489691DAD6ACCBDF3A41"><enum>(a)</enum><header display-inline="yes-display-inline">Computer and network security research
areas</header><text display-inline="yes-display-inline">Section 4(a)(1) of the
Cyber Security Research and Development Act (<external-xref legal-doc="usc" parsable-cite="usc/15/7403">15 U.S.C. 7403(a)(1)</external-xref>) is
amended—</text>
<paragraph commented="no" display-inline="no-display-inline" id="H9624629107E34E6BAF605BFB197F92BE"><enum>(1)</enum><text display-inline="yes-display-inline">in subparagraph (A) by inserting
<quote>identity management,</quote> after <quote>cryptography,</quote>;
and</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H0E3CF5E3CBD64E21B916F536BA608F77"><enum>(2)</enum><text display-inline="yes-display-inline">by amending subparagraph (I) to read as
follows:</text>
<quoted-block display-inline="no-display-inline" id="H4D91E0AB8686442888178F9E7863DC11" style="OLC">
<subparagraph commented="no" display-inline="no-display-inline" id="H15A7554B68F440F1974B0D141A23F81D"><enum>(I)</enum><text display-inline="yes-display-inline">enhancement of the ability of law
enforcement to detect, investigate, and prosecute cyber-crimes, including
crimes that involve piracy of intellectual property, crimes against children,
and organized
crime.</text>
</subparagraph><after-quoted-block>.</after-quoted-block></quoted-block>
</paragraph></subsection><subsection commented="no" display-inline="no-display-inline" id="H1A2CEF347C5249809BC128F892D3CEC2"><enum>(b)</enum><header display-inline="yes-display-inline">Computer and network security research
grants</header><text display-inline="yes-display-inline">Section 4(a)(3) of
such Act (<external-xref legal-doc="usc" parsable-cite="usc/15/7403">15 U.S.C.
7403(a)(3)</external-xref>) is amended by striking subparagraphs (A) through
(E) and inserting the following new subparagraphs:</text>
<quoted-block display-inline="no-display-inline" id="HD19388A4517D4AF18FEF197980A19A99" style="OLC">
<subparagraph commented="no" display-inline="no-display-inline" id="HFDC9BC30BADD4814BBD1F699E913945D"><enum>(A)</enum><text display-inline="yes-display-inline">$68,700,000 for fiscal year 2010;</text>
</subparagraph><subparagraph commented="no" display-inline="no-display-inline" id="H73D2282AE18C4D739A7969DB6F167C2A"><enum>(B)</enum><text display-inline="yes-display-inline">$73,500,000 for fiscal year 2011;</text>
</subparagraph><subparagraph commented="no" display-inline="no-display-inline" id="H050E8BFEDAD24C19B89F8995AF6CB7E4"><enum>(C)</enum><text display-inline="yes-display-inline">$78,600,000 for fiscal year 2012;</text>
</subparagraph><subparagraph commented="no" display-inline="no-display-inline" id="HB7EC358F211E4C3183033623C45F078A"><enum>(D)</enum><text display-inline="yes-display-inline">$84,200,000 for fiscal year 2013;
and</text>
</subparagraph><subparagraph commented="no" display-inline="no-display-inline" id="H8E9EA6F000124E34BD16DDE767F83D51"><enum>(E)</enum><text display-inline="yes-display-inline">$90,000,000 for fiscal year
2014.</text>
</subparagraph><after-quoted-block>.</after-quoted-block></quoted-block>
</subsection><subsection commented="no" display-inline="no-display-inline" id="HB7FCCE351BC7483DAAB3CCCDA7ECD9F0"><enum>(c)</enum><header display-inline="yes-display-inline">Computer and network security research
centers</header><text display-inline="yes-display-inline">Section 4(b) of such
Act (<external-xref legal-doc="usc" parsable-cite="usc/15/7403">15 U.S.C.
7403(b)</external-xref>) is amended—</text>
<paragraph commented="no" display-inline="no-display-inline" id="H7FF47248FE824598AF378E851382738B"><enum>(1)</enum><text display-inline="yes-display-inline">in paragraph (4)—</text>
<subparagraph commented="no" display-inline="no-display-inline" id="H8B92BEB0F53249468A2E099DDAF2E5FD"><enum>(A)</enum><text display-inline="yes-display-inline">in subparagraph (C), by striking
<quote>and</quote> after the semicolon;</text>
</subparagraph><subparagraph commented="no" display-inline="no-display-inline" id="H17730E3CD01148969A6406BC51F390F5"><enum>(B)</enum><text display-inline="yes-display-inline">in subparagraph (D), by striking the period
and inserting <quote>; and</quote>; and</text>
</subparagraph><subparagraph commented="no" display-inline="no-display-inline" id="HAD7DA2356D384F1293E56EDA7FAE69BA"><enum>(C)</enum><text display-inline="yes-display-inline">by adding at the end the following new
subparagraph:</text>
<quoted-block display-inline="no-display-inline" id="HCBBF83E55D1C403781E9A8346CF51A7E" style="OLC">
<subparagraph commented="no" display-inline="no-display-inline" id="H1960E46D1185425786267EFC2A44B62F"><enum>(E)</enum><text display-inline="yes-display-inline">how the center will partner with government
laboratories, for-profit entities, other institutions of higher education, or
nonprofit research institutions.</text>
</subparagraph><after-quoted-block>;
and</after-quoted-block></quoted-block>
</subparagraph></paragraph><paragraph commented="no" display-inline="no-display-inline" id="HFA6B142E65AB42198CA80D0B9A6512E8"><enum>(2)</enum><text display-inline="yes-display-inline">by amending paragraph (7) to read as
follows:</text>
<quoted-block display-inline="no-display-inline" id="H83F2702CEEB54C3E89B456B1985FD1B3" style="OLC">
<paragraph commented="no" display-inline="no-display-inline" id="H609E67376A0D4A14AFB3AE996AF0B2C8"><enum>(7)</enum><header display-inline="yes-display-inline">Authorization of
appropriations</header><text display-inline="yes-display-inline">There are
authorized to be appropriated to the National Science Foundation such sums as
are necessary to carry out this subsection for each of the fiscal years 2010
through
2014.</text>
</paragraph><after-quoted-block>.</after-quoted-block></quoted-block>
</paragraph></subsection><subsection commented="no" display-inline="no-display-inline" id="HFD8E81E77FAE44CBBF4C48A1F543FCCC"><enum>(d)</enum><header display-inline="yes-display-inline">Computer and network security capacity
building grants</header><text display-inline="yes-display-inline">Section 5(a)
of such Act (<external-xref legal-doc="usc" parsable-cite="usc/15/7404">15
U.S.C. 7404(a)</external-xref>) is amended—</text>
<paragraph commented="no" display-inline="no-display-inline" id="H753F52EC347E472E936620F480B4FD81"><enum>(1)</enum><text display-inline="yes-display-inline">in paragraph (3)(A), by inserting <quote>,
including curriculum on the principles and techniques of designing secure
software</quote> after <quote>network security</quote>; and</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H067AD18133A24245B44D8D066A3E66A8"><enum>(2)</enum><text display-inline="yes-display-inline">by amending paragraph (6) to read as
follows:</text>
<quoted-block display-inline="no-display-inline" id="H6BAA45D83B44468184DE779F32618F5F" style="OLC">
<paragraph commented="no" display-inline="no-display-inline" id="H1FFBBC9EA7A64E8198163452315C16C1"><enum>(6)</enum><header display-inline="yes-display-inline">Authorization of
appropriations</header><text display-inline="yes-display-inline">There are
authorized to be appropriated to the National Science Foundation such sums as
are necessary to carry out this subsection for each of the fiscal years 2010
through
2014.</text>
</paragraph><after-quoted-block>.</after-quoted-block></quoted-block>
</paragraph></subsection><subsection commented="no" display-inline="no-display-inline" id="H7DA409FD86064F3098DC72EC0242D1E6"><enum>(e)</enum><header display-inline="yes-display-inline">Scientific and advanced technology act
grants</header><text display-inline="yes-display-inline">Section 5(b)(2) of
such Act (<external-xref legal-doc="usc" parsable-cite="usc/15/7404">15 U.S.C.
7404(b)(2)</external-xref>) is amended to read as follows:</text>
<quoted-block display-inline="no-display-inline" id="HE3CD3CE30258494BBDD3C65AE5391C4D" style="OLC">
<paragraph commented="no" display-inline="no-display-inline" id="H1EAE88F643E94E8EA37F087926378D00"><enum>(2)</enum><header display-inline="yes-display-inline">Authorization of
appropriations</header><text display-inline="yes-display-inline">There are
authorized to be appropriated to the National Science Foundation such sums as
are necessary to carry out this subsection for each of the fiscal years 2010
through
2014.</text>
</paragraph><after-quoted-block>.</after-quoted-block></quoted-block>
</subsection><subsection commented="no" display-inline="no-display-inline" id="H810DEDC4DB5F4EEFA82CAB5574E2690E"><enum>(f)</enum><header display-inline="yes-display-inline">Graduate traineeships in computer and
network security</header><text display-inline="yes-display-inline">Section
5(c)(7) of such Act (<external-xref legal-doc="usc" parsable-cite="usc/15/7404">15 U.S.C. 7404(c)(7)</external-xref>) is amended to
read as follows:</text>
<quoted-block display-inline="no-display-inline" id="HBDC56880496041678E2EF77BF0831B45" style="OLC">
<paragraph commented="no" display-inline="no-display-inline" id="HCA299C4503984EDEACB449936697B00F"><enum>(7)</enum><header display-inline="yes-display-inline">Authorization of
appropriations</header><text display-inline="yes-display-inline">There are
authorized to be appropriated to the National Science Foundation such sums as
are necessary to carry out this subsection for each of the fiscal years 2010
through
2014.</text>
</paragraph><after-quoted-block>.</after-quoted-block></quoted-block>
</subsection><subsection commented="no" display-inline="no-display-inline" id="H9C66373BB3AC4397A3AC720E43301064"><enum>(g)</enum><header display-inline="yes-display-inline">Postdoctoral research fellowships in
cybersecurity</header><text display-inline="yes-display-inline">Section 5(e) of
such Act (<external-xref legal-doc="usc" parsable-cite="usc/15/7404">15 U.S.C.
7404(e)</external-xref>) is amended to read as follows:</text>
<quoted-block display-inline="no-display-inline" id="H5CECAFB5B2654A5F955FA4BFD9921BD7" style="OLC">
<subsection commented="no" display-inline="no-display-inline" id="HECEDC7850BA94AD7AED340B363B91083"><enum>(e)</enum><header display-inline="yes-display-inline">Postdoctoral research fellowships in
cybersecurity</header>
<paragraph commented="no" display-inline="no-display-inline" id="H4B191F532AF54B7188ACB8F80F3159BF"><enum>(1)</enum><header display-inline="yes-display-inline">In general</header><text display-inline="yes-display-inline">The Director shall carry out a program to
encourage young scientists and engineers to conduct postdoctoral research in
the fields of cybersecurity and information assurance, including the research
areas described in section 4(a)(1), through the award of competitive,
merit-based fellowships.</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H066645C07CE74F1DA466CF425FE65A92"><enum>(2)</enum><header display-inline="yes-display-inline">Authorization of
appropriations</header><text display-inline="yes-display-inline">There are
authorized to be appropriated to the National Science Foundation such sums as
are necessary to carry out this subsection for each of the fiscal years 2010
through
2014.</text>
</paragraph></subsection><after-quoted-block>.</after-quoted-block></quoted-block>
</subsection><subsection commented="no" display-inline="no-display-inline" id="H7828C041BB9C4E629C613D4154BEB70D"><enum>(h)</enum><header display-inline="yes-display-inline">Prohibition on earmarks</header><text display-inline="yes-display-inline">None of the funds appropriated under this
section, and the amendments made by this section may be used for a
Congressional earmark as defined in clause 9(d) of rule XXI of the Rules of the
House of Representatives.</text>
</subsection><subsection commented="no" display-inline="no-display-inline" id="H922F6196DC28425B9AB18B02843FC1D9"><enum>(i)</enum><header display-inline="yes-display-inline">Computer and network security capacity
building grants—Manufacturing Extension Partnership</header><text display-inline="yes-display-inline">Section 5(a)(3) of the Cyber Security
Research and Development Act (<external-xref legal-doc="usc" parsable-cite="usc/15/7404">15 U.S.C. 7404(a)(3)</external-xref>) is
amended—</text>
<paragraph commented="no" display-inline="no-display-inline" id="H76ADC3654DC44C039070E205DA5EFE1A"><enum>(1)</enum><text display-inline="yes-display-inline">by striking <quote>and</quote> at the end
of subparagraph (I);</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H5830D056C8B84A15A543F4A77222CC2E"><enum>(2)</enum><text display-inline="yes-display-inline">by redesignating subparagraph (J) as
subparagraph (K); and</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H9DC6C9DE22D14EC3A702C944F156E602"><enum>(3)</enum><text display-inline="yes-display-inline">by inserting after subparagraph (I) the
following new subparagraph:</text>
<quoted-block display-inline="no-display-inline" id="H33A4B816583A4378BEF008E2F9B7FB45" style="OLC">
<subparagraph commented="no" display-inline="no-display-inline" id="H0EB2414576004473B6138CCB2CE80BC1"><enum>(J)</enum><text display-inline="yes-display-inline">establishing or enhancing collaboration in
computer and network security between community colleges, universities, and
Manufacturing Extension Partnership Centers;
and</text>
</subparagraph><after-quoted-block>.</after-quoted-block></quoted-block>
</paragraph></subsection></section><section commented="no" display-inline="no-display-inline" id="H60A979F4D002445AA3C164D9E9D910A5" section-type="subsequent-section"><enum>106.</enum><header display-inline="yes-display-inline">Federal cyber scholarship for service
program</header>
<subsection commented="no" display-inline="no-display-inline" id="H1E564DE7280C4889858CB415E1133BA0"><enum>(a)</enum><header display-inline="yes-display-inline">In general</header><text display-inline="yes-display-inline">The Director of the National Science
Foundation shall carry out a Scholarship for Service program to recruit and
train the next generation of Federal cybersecurity professionals and to
increase the capacity of the higher education system to produce an information
technology workforce with the skills necessary to enhance the security of the
Nation’s communications and information infrastructure.</text>
</subsection><subsection commented="no" display-inline="no-display-inline" id="H0CF021893C684F70A08D1E72F9A95FC9"><enum>(b)</enum><header display-inline="yes-display-inline">Characteristics of program</header><text display-inline="yes-display-inline">The program under this section
shall—</text>
<paragraph commented="no" display-inline="no-display-inline" id="HC2E700168E884F8983DE795396309F92"><enum>(1)</enum><text display-inline="yes-display-inline">provide, through qualified institutions of
higher education, scholarships that provide tuition, fees, and a competitive
stipend for up to 2 years to students pursing a bachelor’s or master’s degree
and up to 3 years to students pursuing a doctoral degree in a cybersecurity
field;</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="HC96B57CAF6814D8DBCD8B021F5AD2BAE"><enum>(2)</enum><text display-inline="yes-display-inline">provide the scholarship recipients with
summer internship opportunities or other meaningful temporary appointments in
the Federal information technology workforce or, at the discretion of the
Director, with appropriate private sector entities; and</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H9DDA02A9CE9B4A83AB98DDDD42B511F8"><enum>(3)</enum><text display-inline="yes-display-inline">increase the capacity of institutions of
higher education throughout all regions of the United States to produce highly
qualified cybersecurity professionals, through the award of competitive,
merit-reviewed grants that support such activities as—</text>
<subparagraph commented="no" display-inline="no-display-inline" id="H655C1D9A344D4D7A9AD43119B7F4F7CB"><enum>(A)</enum><text display-inline="yes-display-inline">faculty professional development, including
technical, hands-on experiences in the private sector or government, workshops,
seminars, conferences, and other professional development opportunities that
will result in improved instructional capabilities;</text>
</subparagraph><subparagraph commented="no" display-inline="no-display-inline" id="HC5929CE092B041CAB2DFE50357145646"><enum>(B)</enum><text display-inline="yes-display-inline">institutional partnerships, including
minority serving institutions and community colleges;</text>
</subparagraph><subparagraph commented="no" display-inline="no-display-inline" id="H71290B95377342F4887E512F9B5FB175"><enum>(C)</enum><text display-inline="yes-display-inline">development of cybersecurity-related
courses and curricula; and</text>
</subparagraph><subparagraph commented="no" display-inline="no-display-inline" id="H45CE5D43286E424AAD9DD334A2E85A0A"><enum>(D)</enum><text display-inline="yes-display-inline">outreach to secondary schools and 2-year
institutions to increase the interest and recruitment of students into
cybersecurity-related fields.</text>
</subparagraph></paragraph></subsection><subsection commented="no" display-inline="no-display-inline" id="HDFC166B144514B18A608549F50CA8FE2"><enum>(c)</enum><header display-inline="yes-display-inline">Scholarship requirements</header>
<paragraph commented="no" display-inline="no-display-inline" id="HB4B498CC32B3469DA9CF4B23F416179F"><enum>(1)</enum><header display-inline="yes-display-inline">Eligibility</header><text display-inline="yes-display-inline">Scholarships under this section shall be
available only to students who—</text>
<subparagraph commented="no" display-inline="no-display-inline" id="HD1F12FD08A28402A801C79BDE0089EAE"><enum>(A)</enum><text display-inline="yes-display-inline">are citizens or permanent residents of the
United States;</text>
</subparagraph><subparagraph commented="no" display-inline="no-display-inline" id="H2103BC76EC864DBC9B1165861B5F4219"><enum>(B)</enum><text display-inline="yes-display-inline">are full-time students in an eligible
degree program, as determined by the Director, that is focused on computer
security or information assurance at an awardee institution; and</text>
</subparagraph><subparagraph commented="no" display-inline="no-display-inline" id="HEB6EFF7EC55448DF8B97A7CB6EAA822D"><enum>(C)</enum><text display-inline="yes-display-inline">accept the terms of a scholarship pursuant
to this section.</text>
</subparagraph></paragraph><paragraph commented="no" display-inline="no-display-inline" id="HB657AADD7E6B421C8ACDA01B32B1825C"><enum>(2)</enum><header display-inline="yes-display-inline">Selection</header><text display-inline="yes-display-inline">Individuals shall be selected to receive
scholarships primarily on the basis of academic merit, with consideration given
to financial need, to the goal of promoting the participation of individuals
identified in section 33 or 34 of the Science and Engineering Equal
Opportunities Act (42 U.S.C. 1885a or 1885b), and to veterans. For purposes of
this paragraph, the term <quote>veteran</quote> means a person who—</text>
<subparagraph commented="no" display-inline="no-display-inline" id="H45055DAAC33F405EA0D91B41DC37CAF1"><enum>(A)</enum><text display-inline="yes-display-inline">served on active duty (other than active
duty for training) in the Armed Forces of the United States for a period of
more than 180 consecutive days, and who was discharged or released therefrom
under conditions other than dishonorable; or</text>
</subparagraph><subparagraph commented="no" display-inline="no-display-inline" id="H57D52200A1244C9189775E9C0A9BCCA9"><enum>(B)</enum><text display-inline="yes-display-inline">served on active duty (other than active
duty for training) in the Armed Forces of the United States and was discharged
or released from such service for a service-connected disability before serving
180 consecutive days.</text>
</subparagraph><continuation-text commented="no" continuation-text-level="paragraph">For purposes of subparagraph (B), the
term <quote>service-connected</quote> has the meaning given such term under
<external-xref legal-doc="usc" parsable-cite="usc/38/101">section
101</external-xref> of title 38, United States Code.</continuation-text></paragraph><paragraph commented="no" display-inline="no-display-inline" id="HC427FC442BD447BD9916A2732F28635F"><enum>(3)</enum><header display-inline="yes-display-inline">Service obligation</header><text display-inline="yes-display-inline">If an individual receives a scholarship
under this section, as a condition of receiving such scholarship, the
individual upon completion of their degree must serve as a cybersecurity
professional within the Federal workforce for a period of time as provided in
paragraph (5). If a scholarship recipient is not offered employment by a
Federal agency or a federally funded research and development center, the
service requirement can be satisfied at the Director’s discretion by—</text>
<subparagraph commented="no" display-inline="no-display-inline" id="HD3F74874D01140839AB4B9E34D274D22"><enum>(A)</enum><text display-inline="yes-display-inline">serving as a cybersecurity professional in
a State, local, or tribal government agency; or</text>
</subparagraph><subparagraph commented="no" display-inline="no-display-inline" id="H4538F296D7C64020BF7E96E8F741C2DC"><enum>(B)</enum><text display-inline="yes-display-inline">teaching cybersecurity courses at an
institution of higher education.</text>
</subparagraph></paragraph><paragraph commented="no" display-inline="no-display-inline" id="H5AC8AE10FAC242D4B23E05F8E905F72F"><enum>(4)</enum><header display-inline="yes-display-inline">Conditions of support</header><text display-inline="yes-display-inline">As a condition of acceptance of a
scholarship under this section, a recipient shall agree to provide the awardee
institution with annual verifiable documentation of employment and up-to-date
contact information.</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H3D9373671CAD4DC3B16CB761C4C40F84"><enum>(5)</enum><header display-inline="yes-display-inline">Length of service</header><text display-inline="yes-display-inline">The length of service required in exchange
for a scholarship under this subsection shall be as follows:</text>
<subparagraph commented="no" display-inline="no-display-inline" id="HB2F9799A345949AB93507A91AA1CEB01"><enum>(A)</enum><text display-inline="yes-display-inline">For a recipient in a bachelor’s degree
program, 1 year more than the number of years for which the scholarship was
received.</text>
</subparagraph><subparagraph commented="no" display-inline="no-display-inline" id="HAE4DCB4FD7694A2EAD6FF2E933E91E9D"><enum>(B)</enum><text display-inline="yes-display-inline">For a recipient in a master’s degree
program, 2 years more than the number of years for which the scholarship was
received.</text>
</subparagraph><subparagraph commented="no" display-inline="no-display-inline" id="H55217DABDB2C444D8B77C6F2D48B9908"><enum>(C)</enum><text display-inline="yes-display-inline">For a recipient in a doctorate degree
program, 3 years more than the number of years for which the scholarship was
received.</text>
</subparagraph></paragraph></subsection><subsection commented="no" display-inline="no-display-inline" id="H4EE9AEEFE53D48CC922B15CCF33564C7"><enum>(d)</enum><header display-inline="yes-display-inline">Failure to complete service
obligation</header>
<paragraph commented="no" display-inline="no-display-inline" id="HEB8D3F3809294663BD82026693B2EE29"><enum>(1)</enum><header display-inline="yes-display-inline">General rule</header><text display-inline="yes-display-inline">If an individual who has received a
scholarship under this section—</text>
<subparagraph commented="no" display-inline="no-display-inline" id="H970FB0C823E941048B43B0F97A119F8C"><enum>(A)</enum><text display-inline="yes-display-inline">fails to maintain an acceptable level of
academic standing in the educational institution in which the individual is
enrolled, as determined by the Director;</text>
</subparagraph><subparagraph commented="no" display-inline="no-display-inline" id="H6E6E5AC307654A1DB4BB8C172CF5D6B9"><enum>(B)</enum><text display-inline="yes-display-inline">is dismissed from such educational
institution for disciplinary reasons;</text>
</subparagraph><subparagraph commented="no" display-inline="no-display-inline" id="HAD7DAF6F82BA49D9A97D17628C437643"><enum>(C)</enum><text display-inline="yes-display-inline">withdraws from the program for which the
award was made before the completion of such program;</text>
</subparagraph><subparagraph commented="no" display-inline="no-display-inline" id="H9E9B6DB5A2D247E9B6DB393E5A6D3681"><enum>(D)</enum><text display-inline="yes-display-inline">declares that the individual does not
intend to fulfill the service obligation under this section; or</text>
</subparagraph><subparagraph commented="no" display-inline="no-display-inline" id="HE2EC52E139E54D77B3B660C3CABB5794"><enum>(E)</enum><text display-inline="yes-display-inline">fails to fulfill the service obligation of
the individual under this section,</text>
</subparagraph><continuation-text commented="no" continuation-text-level="paragraph">such individual shall be liable to
the United States as provided in paragraph (3).</continuation-text></paragraph><paragraph commented="no" display-inline="no-display-inline" id="H15B3CF1C828F44F48CC4D2E57326399E"><enum>(2)</enum><header display-inline="yes-display-inline">Monitoring compliance</header><text display-inline="yes-display-inline">As a condition of participating in the
program, a qualified institution of higher education receiving a grant under
this section shall—</text>
<subparagraph commented="no" display-inline="no-display-inline" id="H2223AB444AFF4E378BB35D93CF2F65DC"><enum>(A)</enum><text display-inline="yes-display-inline">enter into an agreement with the Director
of the National Science Foundation to monitor the compliance of scholarship
recipients with respect to their service obligation; and</text>
</subparagraph><subparagraph commented="no" display-inline="no-display-inline" id="HB09ABE4E604E49B29A243AA84B9EBD63"><enum>(B)</enum><text display-inline="yes-display-inline">provide to the Director, on an annual
basis, post-award employment information required under subsection (c)(4) for
scholarship recipients through the completion of their service
obligation.</text>
</subparagraph></paragraph><paragraph commented="no" display-inline="no-display-inline" id="H71D9AB2B33464EE5BE1DCE360312B338"><enum>(3)</enum><header display-inline="yes-display-inline">Amount of repayment</header>
<subparagraph commented="no" display-inline="no-display-inline" id="H0EDC377058314CD891673C9451CEBF53"><enum>(A)</enum><header display-inline="yes-display-inline">Less than one year of service</header><text display-inline="yes-display-inline">If a circumstance described in paragraph
(1) occurs before the completion of 1 year of a service obligation under this
section, the total amount of awards received by the individual under this
section shall be repaid or such amount shall be treated as a loan to be repaid
in accordance with subparagraph (C).</text>
</subparagraph><subparagraph commented="no" display-inline="no-display-inline" id="H1F567A1E12F24C698AF024FD7588BE5E"><enum>(B)</enum><header display-inline="yes-display-inline">More than one year of service</header><text display-inline="yes-display-inline">If a circumstance described in subparagraph
(D) or (E) of paragraph (1) occurs after the completion of 1 year of a service
obligation under this section, the total amount of scholarship awards received
by the individual under this section, reduced by the ratio of the number of
years of service completed divided by the number of years of service required,
shall be repaid or such amount shall be treated as a loan to be repaid in
accordance with subparagraph (C).</text>
</subparagraph><subparagraph commented="no" display-inline="no-display-inline" id="H5A75BAA0F077410CB51575CBB487560F"><enum>(C)</enum><header display-inline="yes-display-inline">Repayments</header><text display-inline="yes-display-inline">A loan described in subparagraph (A) or (B)
shall be treated as a Federal Direct Unsubsidized Stafford Loan under part D of
title IV of the Higher Education Act of 1965 (20 U.S.C. 1087a and following),
and shall be subject to repayment, together with interest thereon accruing from
the date of the scholarship award, in accordance with terms and conditions
specified by the Director (in consultation with the Secretary of Education) in
regulations promulgated to carry out this paragraph.</text>
</subparagraph></paragraph><paragraph commented="no" display-inline="no-display-inline" id="H1B2BD93D68D94EF7AE95E9B67B1AB0E6"><enum>(4)</enum><header display-inline="yes-display-inline">Collection of repayment</header>
<subparagraph commented="no" display-inline="no-display-inline" id="H8F27A2C51A174F96AD76A33FD9665527"><enum>(A)</enum><header display-inline="yes-display-inline">In general</header><text display-inline="yes-display-inline">In the event that a scholarship recipient
is required to repay the scholarship under this subsection, the institution
providing the scholarship shall—</text>
<clause commented="no" display-inline="no-display-inline" id="H461D3C7C6A2E43339BD529A21611F18B"><enum>(i)</enum><text display-inline="yes-display-inline">be responsible for determining the
repayment amounts and for notifying the recipient and the Director of the
amount owed; and</text>
</clause><clause commented="no" display-inline="no-display-inline" id="H9879739A63F44CFFAE705D4578BD8EA6"><enum>(ii)</enum><text display-inline="yes-display-inline">collect such repayment amount within a
period of time as determined under the agreement described in paragraph (2), or
the repayment amount shall be treated as a loan in accordance with paragraph
(3)(C).</text>
</clause></subparagraph><subparagraph commented="no" display-inline="no-display-inline" id="H25ACDDDD6E544250AD5121153CC69F2A"><enum>(B)</enum><header display-inline="yes-display-inline">Returned to treasury</header><text display-inline="yes-display-inline">Except as provided in subparagraph (C) of
this paragraph, any such repayment shall be returned to the Treasury of the
United States.</text>
</subparagraph><subparagraph commented="no" display-inline="no-display-inline" id="H02E752B162874860A86CF0D65B387DD6"><enum>(C)</enum><header display-inline="yes-display-inline">Retain percentage</header><text display-inline="yes-display-inline">An institution of higher education may
retain a percentage of any repayment the institution collects under this
paragraph to defray administrative costs associated with the collection. The
Director shall establish a single, fixed percentage that will apply to all
eligible entities.</text>
</subparagraph></paragraph><paragraph commented="no" display-inline="no-display-inline" id="H559A190C9E544DF6B7D139E103BD8F14"><enum>(5)</enum><header display-inline="yes-display-inline">Exceptions</header><text display-inline="yes-display-inline">The Director may provide for the partial or
total waiver or suspension of any service or payment obligation by an
individual under this section whenever compliance by the individual with the
obligation is impossible or would involve extreme hardship to the individual,
or if enforcement of such obligation with respect to the individual would be
unconscionable.</text>
</paragraph></subsection><subsection commented="no" display-inline="no-display-inline" id="HE7C553ECD20648EF84A64A801744F025"><enum>(e)</enum><header display-inline="yes-display-inline">Hiring authority</header><text display-inline="yes-display-inline">For purposes of any law or regulation
governing the appointment of individuals in the Federal civil service, upon
successful completion of their degree, students receiving a scholarship under
this section shall be hired under the authority provided for in
<external-xref legal-doc="regulation" parsable-cite="cfr/5/213.3102">section
213.3102(r)</external-xref> of title 5, Code of Federal Regulations, and be
exempted from competitive service. Upon fulfillment of the service term, such
individuals shall be converted to a competitive service position without
competition if the individual meets the requirements for that position.</text>
</subsection><subsection commented="no" display-inline="no-display-inline" id="H4A2A3FEABE9F46DCB4F58838E2946765"><enum>(f)</enum><header display-inline="yes-display-inline">Authorization of
appropriations</header><text display-inline="yes-display-inline">There are
authorized to appropriated to the National Science Foundation to carry out this
section—</text>
<paragraph commented="no" display-inline="no-display-inline" id="HF560E514A0E246EAB82B13F52680491C"><enum>(1)</enum><text display-inline="yes-display-inline">$18,700,000 for fiscal year 2010;</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="HFC95402D647745BABFC7251E86B87DBB"><enum>(2)</enum><text display-inline="yes-display-inline">$20,100,000 for fiscal year 2011;</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="HA778CCBF7F9D411E9A40632A923FF51E"><enum>(3)</enum><text display-inline="yes-display-inline">$21,600,000 for fiscal year 2012;</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H90A26824AB4F404DA328611E90383674"><enum>(4)</enum><text display-inline="yes-display-inline">$23,300,000 for fiscal year 2013;
and</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H9D1C22075D8C4E9E8DCAACBA7A14FAA5"><enum>(5)</enum><text display-inline="yes-display-inline">$25,000,000 for fiscal year 2014.</text>
</paragraph></subsection></section><section commented="no" display-inline="no-display-inline" id="H3A23A5DA12A14EF6B5543AE05E718DCE" section-type="subsequent-section"><enum>107.</enum><header display-inline="yes-display-inline">Cybersecurity workforce
assessment</header><text display-inline="no-display-inline">Not later than 180
days after the date of enactment of this Act the President shall transmit to
the Congress a report addressing the cybersecurity workforce needs of the
Federal Government. The report shall include—</text>
<paragraph commented="no" display-inline="no-display-inline" id="H4C78D8D5E2DD4AC690DB6CE1D4FB808D"><enum>(1)</enum><text display-inline="yes-display-inline">an examination of the current state of and
the projected needs of the Federal cybersecurity workforce, including a
comparison of the different agencies and departments, the extent to which
different agencies and departments rely on contractors to support the Federal
cybersecurity workforce, and an analysis of the capacity of such agencies and
departments to meet those needs;</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H24A36FAA8D2349CAA33AE99104018D16"><enum>(2)</enum><text display-inline="yes-display-inline">an analysis of the sources and availability
of cybersecurity talent, a comparison of the skills and expertise sought by the
Federal Government and the private sector, an examination of the current and
future capacity of United States institutions of higher education, including
community colleges, to provide cybersecurity professionals with those skills
sought by the Federal Government and the private sector, and a description of
how successful programs are engaging the talents of women and
African-Americans, Hispanics, and Native Americans in the cybersecurity
workforce;</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H82B47AF57C834338BD523A6FFA781B21"><enum>(3)</enum><text display-inline="yes-display-inline">an examination of the effectiveness of the
National Centers of Academic Excellence in Information Assurance Education, the
Centers of Academic Excellence in Research, and the Federal Cyber Scholarship
for Service programs in promoting higher education and research in
cybersecurity and information assurance and in producing a growing number of
professionals with the necessary cybersecurity and information assurance
expertise;</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="HF408FABD9E6D43CAA5A82D4E29687381"><enum>(4)</enum><text display-inline="yes-display-inline">an analysis of any barriers to the Federal
Government recruiting and hiring cybersecurity talent, including barriers
relating to compensation, the hiring process, job classification, job security
clearance and suitability requirements, and hiring flexibilities;</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H2B62A374BD5B41A2A9685FCEFAD5ABD5"><enum>(5)</enum><text display-inline="yes-display-inline">a specific analysis of the capacity of the
agency workforce to manage contractors who are performing cybersecurity work on
behalf of the Federal Government; and</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H8039A1E65AD542CEBFFC4B0C7320A955"><enum>(6)</enum><text display-inline="yes-display-inline">recommendations for Federal policies to
ensure an adequate, well-trained Federal cybersecurity workforce, including
recommendations on the temporary assignment of private sector cybersecurity
professionals to Federal agencies.</text>
</paragraph></section><section commented="no" display-inline="no-display-inline" id="H2FA03D2B9A7545D494089802F09DF298" section-type="subsequent-section"><enum>108.</enum><header display-inline="yes-display-inline">Cybersecurity university-industry task
force</header>
<subsection commented="no" display-inline="no-display-inline" id="HA55917949506409088105F0C05D591BE"><enum>(a)</enum><header display-inline="yes-display-inline">Establishment of university-Industry task
force</header><text display-inline="yes-display-inline">Not later than 180 days
after the date of enactment of this Act, the Director of the Office of Science
and Technology Policy shall convene a task force to explore mechanisms for
carrying out collaborative research and development activities for
cybersecurity through a consortium or other appropriate entity with
participants from institutions of higher education and industry.</text>
</subsection><subsection commented="no" display-inline="no-display-inline" id="H6C42C8301BD54D1F93DED03341DE61C1"><enum>(b)</enum><header display-inline="yes-display-inline">Functions</header><text display-inline="yes-display-inline">The task force shall—</text>
<paragraph commented="no" display-inline="no-display-inline" id="HDF5C4153E4EC4925AAE4784A21E8358B"><enum>(1)</enum><text display-inline="yes-display-inline">develop options for a collaborative model
and an organizational structure for such entity under which the joint research
and development activities could be planned, managed, and conducted
effectively, including mechanisms for the allocation of resources among the
participants in such entity for support of such activities;</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H8E7DF9D1DA8A433196F7E68983673E0A"><enum>(2)</enum><text display-inline="yes-display-inline">propose a process for developing a research
and development agenda for such entity, including guidelines to ensure an
appropriate scope of work focused on nationally significant challenges and
requiring collaboration;</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="HC924941029AE47F9A0DA6FF37DB5DDCE"><enum>(3)</enum><text display-inline="yes-display-inline">define the roles and responsibilities for
the participants from institutions of higher education and industry in such
entity;</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H76DFF82A5BC949B79FCE50698BBCBC84"><enum>(4)</enum><text display-inline="yes-display-inline">propose guidelines for assigning
intellectual property rights, for the transfer of research and development
results to the private sector, and for the sharing of lessons learned on the
effectiveness of new technologies from the private sector with the public
sector; and</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H8B8B48DBC96B4689AFD3B40795721AF5"><enum>(5)</enum><text display-inline="yes-display-inline">make recommendations for how such entity
could be funded from Federal, State, and nongovernmental sources.</text>
</paragraph></subsection><subsection commented="no" display-inline="no-display-inline" id="HCC99E0C17D6540C9B6D6B1A42411EE57"><enum>(c)</enum><header display-inline="yes-display-inline">Composition</header><text display-inline="yes-display-inline">In establishing the task force under
subsection (a), the Director of the Office of Science and Technology Policy
shall appoint an equal number of individuals from institutions of higher
education, including community colleges, and from industry with knowledge and
expertise in cybersecurity, and shall include representatives from
minority-serving institutions.</text>
</subsection><subsection commented="no" display-inline="no-display-inline" id="HBE66FE5E9E91467AAEF43F5A75B06626"><enum>(d)</enum><header display-inline="yes-display-inline">Report</header><text display-inline="yes-display-inline">Not later than 12 months after the date of
enactment of this Act, the Director of the Office of Science and Technology
Policy shall transmit to the Congress a report describing the findings and
recommendations of the task force.</text>
</subsection></section><section commented="no" display-inline="no-display-inline" id="HE3F96164F29940C4AECF36D174FE6553" section-type="subsequent-section"><enum>109.</enum><header display-inline="yes-display-inline">Cybersecurity checklist development and
dissemination</header><text display-inline="no-display-inline">Section 8(c) of
the Cyber Security Research and Development Act (<external-xref legal-doc="usc" parsable-cite="usc/15/7406">15 U.S.C. 7406(c)</external-xref>) is amended to
read as follows:</text>
<quoted-block display-inline="no-display-inline" id="H1EDC57E85C3E4FAEB62EA980A69B7DC1" style="OLC">
<subsection commented="no" display-inline="no-display-inline" id="H7404387F8A864E9FB5784785CF55D72A"><enum>(c)</enum><header display-inline="yes-display-inline">Checklists for government systems</header>
<paragraph commented="no" display-inline="no-display-inline" id="H112009640E3E41FCA3D90D912FA06140"><enum>(1)</enum><header display-inline="yes-display-inline">In general</header><text display-inline="yes-display-inline">The Director of the National Institute of
Standards and Technology shall develop or identify and revise or adapt as
necessary, checklists, configuration profiles, and deployment recommendations
for products and protocols that minimize the security risks associated with
each computer hardware or software system that is, or is likely to become,
widely used within the Federal Government.</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H4B004208F970483280F8119E482D4CA9"><enum>(2)</enum><header display-inline="yes-display-inline">Priorities for development</header><text display-inline="yes-display-inline">The Director of the National Institute of
Standards and Technology shall establish priorities for the development of
checklists under this subsection. Such priorities may be based on the security
risks associated with the use of each system, the number of agencies that use a
particular system, the usefulness of the checklist to Federal agencies that are
users or potential users of the system, or such other factors as the Director
determines to be appropriate.</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H0E49F32B0EB44ACFAD952BEABFC61D30"><enum>(3)</enum><header display-inline="yes-display-inline">Excluded systems</header><text display-inline="yes-display-inline">The Director of the National Institute of
Standards and Technology may exclude from the requirements of paragraph (1) any
computer hardware or software system for which the Director determines that the
development of a checklist is inappropriate because of the infrequency of use
of the system, the obsolescence of the system, or the inutility or
impracticability of developing a checklist for the system.</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H9ABBD31193694ABF8C2236E527A1A5C1"><enum>(4)</enum><header display-inline="yes-display-inline">Automation specifications</header><text display-inline="yes-display-inline">The Director of the National Institute of
Standards and Technology shall develop automated security specifications (such
as the Security Content Automation Protocol) with respect to checklist content
and associated security related data.</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H1DF7B1AFD9294D75A7BEA8B0DDEDD4C2"><enum>(5)</enum><header display-inline="yes-display-inline">Dissemination of checklists</header><text display-inline="yes-display-inline">The Director of the National Institute of
Standards and Technology shall ensure that Federal agencies are informed of the
availability of any product developed or identified under the National
Checklist Program for any information system, including the Security Content
Automation Protocol and other automated security specifications.</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="HD2C7D292B73C4C55BF747951CE0E57A0"><enum>(6)</enum><header display-inline="yes-display-inline">Agency use requirements</header><text display-inline="yes-display-inline">The development of a checklist under
paragraph (1) for a computer hardware or software system does not—</text>
<subparagraph commented="no" display-inline="no-display-inline" id="H5065FC8F8E6B45918102E2A02BEDB122"><enum>(A)</enum><text display-inline="yes-display-inline">require any Federal agency to select the
specific settings or options recommended by the checklist for the
system;</text>
</subparagraph><subparagraph commented="no" display-inline="no-display-inline" id="H4CB722F8DE3F43FD91C7C77CEE22E831"><enum>(B)</enum><text display-inline="yes-display-inline">establish conditions or prerequisites for
Federal agency procurement or deployment of any such system;</text>
</subparagraph><subparagraph commented="no" display-inline="no-display-inline" id="HD72C922714CB4ADDB4CD7AB4B41226C1"><enum>(C)</enum><text display-inline="yes-display-inline">imply an endorsement of any such system by
the Director of the National Institute of Standards and Technology; or</text>
</subparagraph><subparagraph commented="no" display-inline="no-display-inline" id="H5FCBD4CC0D774C9488F9D454B81353C1"><enum>(D)</enum><text display-inline="yes-display-inline">preclude any Federal agency from procuring
or deploying other computer hardware or software systems for which no such
checklist has been developed or identified under paragraph
(1).</text>
</subparagraph></paragraph></subsection><after-quoted-block>.</after-quoted-block></quoted-block>
</section><section commented="no" display-inline="no-display-inline" id="H3BBAEAC7D62142128A0B5625959F91C5" section-type="subsequent-section"><enum>110.</enum><header display-inline="yes-display-inline">National Institute of Standards and
Technology cybersecurity research and development</header><text display-inline="no-display-inline">Section 20 of the National Institute of
Standards and Technology Act (<external-xref legal-doc="usc" parsable-cite="usc/15/278g-3">15 U.S.C. 278g–3</external-xref>) is amended by
redesignating subsection (e) as subsection (f), and by inserting after
subsection (d) the following:</text>
<quoted-block display-inline="no-display-inline" id="HC0F711BDADED4CCFBC9D48B7684461B2" style="OLC">
<subsection commented="no" display-inline="no-display-inline" id="HEC724E0C750C4D288795569E28014EE9"><enum>(e)</enum><header display-inline="yes-display-inline">Intramural security research</header><text display-inline="yes-display-inline">As part of the research activities
conducted in accordance with subsection (d)(3), the Institute shall—</text>
<paragraph commented="no" display-inline="no-display-inline" id="HA6D9745661E144EF844C4FD80980CBB9"><enum>(1)</enum><text display-inline="yes-display-inline">conduct a research program to develop a
unifying and standardized identity, privilege, and access control management
framework for the execution of a wide variety of resource protection policies
and that is amenable to implementation within a wide variety of existing and
emerging computing environments;</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H26EAC0C752304EEF9857447347B0D27A"><enum>(2)</enum><text display-inline="yes-display-inline">carry out research associated with
improving the security of information systems and networks;</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="HE9CCF172017F4A54A69D59E5103D0CED"><enum>(3)</enum><text display-inline="yes-display-inline">carry out research associated with
improving the testing, measurement, usability, and assurance of information
systems and networks; and</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H3F3DD28AD70741278F5C4565351F43EA"><enum>(4)</enum><text display-inline="yes-display-inline">carry out research associated with
improving security of industrial control
systems.</text>
</paragraph></subsection><after-quoted-block>.</after-quoted-block></quoted-block>
</section><section commented="no" display-inline="no-display-inline" id="HBC73AECAA1B64CFA90E2000E553B1570" section-type="subsequent-section"><enum>111.</enum><header display-inline="yes-display-inline">National Academy of Sciences study on the
role of community colleges in cybersecurity education</header><text display-inline="no-display-inline">Not later than 120 days after the date of
enactment of this Act, the Director of the Office of Science and Technology
Policy, in consultation with the Director of the National Coordination Office,
shall enter into a contract with the National Academy of Sciences to conduct
and complete a study to describe the role of community colleges in
cybersecurity education and to identify exemplary practices and partnerships
related to cybersecurity education between community colleges and 4-year
educational institutions.</text>
</section><section commented="no" display-inline="no-display-inline" id="H7003E12695E543F0B75930FBDF6A9F39" section-type="subsequent-section"><enum>112.</enum><header display-inline="yes-display-inline">National Center of Excellence for
Cybersecurity</header>
<subsection commented="no" display-inline="no-display-inline" id="H2667797C57CC4E059F9CA1DE116DCEBC"><enum>(a)</enum><header display-inline="yes-display-inline">In general</header><text display-inline="yes-display-inline">As part of the Program, the Director of the
National Science Foundation shall, in coordination with other Federal agencies
participating in the Program, establish a National Center of Excellence for
Cybersecurity.</text>
</subsection><subsection commented="no" display-inline="no-display-inline" id="H9488F5C1BC0F473FA42061E2C78F8766"><enum>(b)</enum><header display-inline="yes-display-inline">Merit review</header><text display-inline="yes-display-inline">The National Center of Excellence for
Cybersecurity shall be awarded on a merit-reviewed, competitive basis.</text>
</subsection><subsection commented="no" display-inline="no-display-inline" id="H077E3CF2CFF94B08920D438A9BD8007D"><enum>(c)</enum><header display-inline="yes-display-inline">Activities supported</header><text display-inline="yes-display-inline">The National Center of Excellence for
Cybersecurity shall—</text>
<paragraph commented="no" display-inline="no-display-inline" id="HA728501DAB434947B11725892BC135B1"><enum>(1)</enum><text display-inline="yes-display-inline">involve institutions of higher education or
national laboratories and other partners, which may include States and
industry;</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="HD736DC9454F1430392CA7669A298E84E"><enum>(2)</enum><text display-inline="yes-display-inline">make use of existing expertise in
cybersecurity;</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="HA1BFC2204FAD45EC989B19171ACEF6BE"><enum>(3)</enum><text display-inline="yes-display-inline">interact and collaborate with Computer and
Network Security Research Centers to foster the exchange of technical
information and best practices;</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H3DDB100A10A94C339A2C3C34D3C840BB"><enum>(4)</enum><text display-inline="yes-display-inline">perform research to support the development
of technologies for testing hardware and software products to validate
operational readiness and certify stated security levels;</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H4B54B6E668544960807EFF8E49E9515B"><enum>(5)</enum><text display-inline="yes-display-inline">coordinate cybersecurity education and
training opportunities nationally;</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H2F41D171A4484F1692EEF7FD31A837E1"><enum>(6)</enum><text display-inline="yes-display-inline">enhance technology transfer and
commercialization that promote cybersecurity innovation; and</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H5D34B6132D254EC084532A9CA7AC38BA"><enum>(7)</enum><text display-inline="yes-display-inline">perform research on cybersecurity social
and behavioral factors, including human-computer interactions, usability, user
motivations, and organizational cultures.</text>
</paragraph></subsection></section><section commented="no" display-inline="no-display-inline" id="HC5846ACC288D431BBE370B47F8DD5181" section-type="subsequent-section"><enum>113.</enum><header display-inline="yes-display-inline">Cybersecurity infrastructure
report</header><text display-inline="no-display-inline">Not later than 1 year
after the date of enactment of this Act, the Comptroller General shall transmit
to the Congress a report examining key weaknesses within the current
cybersecurity infrastructure, along with recommendations on how to address such
weaknesses in the future and on the technology that is needed to do so.</text>
</section><enum>II</enum><header display-inline="yes-display-inline">Advancement of Cybersecurity Technical
Standards</header>
<section commented="no" display-inline="no-display-inline" id="H8BAC24013FA84506B3C7A6EEAB1B9BA7" section-type="subsequent-section"><enum>201.</enum><header display-inline="yes-display-inline">Definitions</header><text display-inline="no-display-inline">In this title:</text>
<paragraph commented="no" display-inline="no-display-inline" id="H63EB16B325A6423689BE001B8910AF3B"><enum>(1)</enum><header display-inline="yes-display-inline">Director</header><text display-inline="yes-display-inline">The term <quote>Director</quote> means the
Director of the National Institute of Standards and Technology.</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H74FE5A5BE679411BBFA95C941414C5ED"><enum>(2)</enum><header display-inline="yes-display-inline">Institute</header><text display-inline="yes-display-inline">The term <quote>Institute</quote> means the
National Institute of Standards and Technology.</text>
</paragraph></section><section commented="no" display-inline="no-display-inline" id="H06967DD6C150438BBD3D7038025F118E" section-type="subsequent-section"><enum>202.</enum><header display-inline="yes-display-inline">International cybersecurity technical
standards</header><text display-inline="no-display-inline">The Director, in
coordination with appropriate Federal authorities, shall—</text>
<paragraph commented="no" display-inline="no-display-inline" id="H42954D45ABD64966958A00800BDA3E6E"><enum>(1)</enum><text display-inline="yes-display-inline">ensure coordination of United States
Government representation in the international development of technical
standards related to cybersecurity; and</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H19F88C8814594192BA5F36A72ABF7412"><enum>(2)</enum><text display-inline="yes-display-inline">not later than 1 year after the date of
enactment of this Act, develop and transmit to the Congress a proactive plan to
engage international standards bodies with respect to the development of
technical standards related to cybersecurity.</text>
</paragraph></section><section commented="no" display-inline="no-display-inline" id="H334011E0FCD14DFA9927D74EC12F90A8" section-type="subsequent-section"><enum>203.</enum><header display-inline="yes-display-inline">Promoting cybersecurity awareness and
education</header>
<subsection commented="no" display-inline="no-display-inline" id="HFC92E55AFD734740A30C082737E87FA3"><enum>(a)</enum><header display-inline="yes-display-inline">Program</header><text display-inline="yes-display-inline">The Director, in collaboration with
relevant Federal agencies, industry, educational institutions, and other
organizations, shall develop and implement a cybersecurity awareness and
education program to increase public awareness, including among children and
young adults, of cybersecurity risks, consequences, and best practices
through—</text>
<paragraph commented="no" display-inline="no-display-inline" id="H384E74A30B514FC59FFD279A7248A0EA"><enum>(1)</enum><text display-inline="yes-display-inline">the widespread dissemination of
cybersecurity technical standards and best practices identified by the
Institute; and</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="H880C4E8A106D4930897BDF9254DE072F"><enum>(2)</enum><text display-inline="yes-display-inline">efforts to make cybersecurity technical
standards and best practices usable by individuals, small to medium-sized
businesses, State, local, and tribal governments, and educational institutions,
especially with respect to novice computer users, elderly populations,
low-income populations, and populations in areas of planned broadband expansion
or deployment.</text>
</paragraph></subsection><subsection commented="no" display-inline="no-display-inline" id="HC4659AED7DB94B3CBBCE5B5AFD5B76AC"><enum>(b)</enum><header display-inline="yes-display-inline">Workshops</header><text display-inline="yes-display-inline">In carrying out activities under subsection
(a)(1), the Institute is authorized to host regional workshops to provide an
overview of cybersecurity risks and best practices to businesses, State, local,
and tribal governments, and educational institutions.</text>
</subsection><subsection commented="no" display-inline="no-display-inline" id="H8AA8C208206D42F0B9061E42867FCBF7"><enum>(c)</enum><header display-inline="yes-display-inline">Manufacturing extension
partnership</header><text display-inline="yes-display-inline">The Director
shall, to the extent appropriate, implement subsection (a) through the
Manufacturing Extension Partnership program under section 25 of the National
Institute of Standards and Technology Act (<external-xref legal-doc="usc" parsable-cite="usc/15/278k">15 U.S.C. 278k</external-xref>).</text>
</subsection><subsection commented="no" display-inline="no-display-inline" id="H99A0D3C0F7824B128CCC34DE36AF2955"><enum>(d)</enum><header display-inline="yes-display-inline">Report to Congress</header><text display-inline="yes-display-inline">Not later than 90 days after the date of
enactment of this Act, the Director shall transmit to the Congress a report
containing a strategy for implementation of this section.</text>
</subsection></section><section commented="no" display-inline="no-display-inline" id="H27E5BDE9058040668CA2239243FBF630" section-type="subsequent-section"><enum>204.</enum><header display-inline="yes-display-inline">Identity management research and
development</header><text display-inline="no-display-inline">The Director shall
establish a program to support the development of technical standards,
metrology, testbeds, and conformance criteria, taking into account appropriate
user concerns, to—</text>
<paragraph commented="no" display-inline="no-display-inline" id="H3C8987F81E0A4C3ABE5E62D2E7A844AE"><enum>(1)</enum><text display-inline="yes-display-inline">improve interoperability among identity
management technologies;</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="HB5777203DD2442148D3F446C4BDCE0F7"><enum>(2)</enum><text display-inline="yes-display-inline">strengthen authentication methods of
identity management systems;</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="HCA7A871E438245D1A8085A2019D366CE"><enum>(3)</enum><text display-inline="yes-display-inline">improve privacy protection in identity
management systems, including health information technology systems, through
authentication and security protocols; and</text>
</paragraph><paragraph commented="no" display-inline="no-display-inline" id="HF652CEA355C64C36A18E2A1A6821E706"><enum>(4)</enum><text display-inline="yes-display-inline">improve the usability of identity
management systems.</text>
</paragraph></section><section commented="no" display-inline="no-display-inline" id="H726E3F1404564EFEB690BAD834F2F31C" section-type="subsequent-section"><enum>205.</enum><header display-inline="yes-display-inline">Practices and standards</header><text display-inline="no-display-inline">The National Institute of Standards and
Technology shall work with other Federal, State, and private sector partners,
as appropriate, to develop a framework that States may follow in order to
achieve effective cybersecurity practices in a timely and cost-effective
manner.</text>
</section>
Passed the House of
Representatives February 4, 2010.
Lorraine C. Miller,
Clerk.