[Congressional Record Volume 148, Number 136 (Wednesday, October 16, 2002)]
[Senate]
[Pages S10588-S10593]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




                           TEXT OF AMENDMENTS

  SA 4886. Mr. CONRAD (for himself, Mr. Domenici, Mr. Feingold, and Mr. 
Gregg) proposed an amendment to the bill S. Res. 304, encouraging the 
Senate Committee on Appropriations to report thirteen, fiscally 
responsible, bipartisan appropriations bills to the Senate not later 
than July 31, 2002; as follows:

       Strike all after the resolved clause and insert the 
     following:
     That the Senate encourages the Senate Committee on 
     Appropriations to report thirteen, fiscally responsible, 
     bipartisan appropriations bills to the Senate not later than 
     July 31, 2002.

     SEC. __. BUDGET ENFORCEMENT.

       (a) Extension of Supermajority Enforcement.--
       (1) In general.--Notwithstanding any provision of the 
     Congressional Budget Act of 1974, subsections (c)(2) and 
     (d)(3) of section 904 of the Congressional Budget Act of 1974 
     shall remain in effect for purposes of Senate enforcement 
     through September 30, 2003.
       (2) Exception.--Paragraph (1) shall not apply to the 
     enforcement of section 302(f)(2)(B) of the Congressional 
     Budget Act of 1974.
       (b) Pay-As-You-Go Rule in the Senate.--
       (1) In general.--For purposes of Senate enforcement, 
     section 207 of H. Con. Res. 68 (106th Congress, 1st Session) 
     shall be construed as follows:
       (A) In subsection (b)(6), by inserting after ``paragraph 
     (5)(A)'' the following: ``, except that direct spending or 
     revenue effects resulting in net deficit reduction enacted 
     pursuant to reconciliation instructions since the beginning 
     of that same calendar year shall not be available''.
       (B) In subsection (g), by striking ``2002'' and inserting 
     ``2003''.
       (2) Scorecard.--For purposes of enforcing section 207 of 
     House Concurrent Resolution 68 (106th Congress), upon the 
     adoption of this section the Chairman of the Committee on the 
     Budget of the Senate shall adjust balances of direct spending 
     and receipts for all fiscal years to zero.
       (3) Application to appropriations.--For the purposes of 
     enforcing this resolution, notwithstanding rule 3 of the 
     Budget Scorekeeping Guidelines set forth in the joint 
     explanatory statement of the committee of conference 
     accompanying Conference Report 105-217, during the 
     consideration of any appropriations Act, provisions of an 
     amendment (other than an amendment reported by the Committee 
     on Appropriations including routine and ongoing direct 
     spending or receipts), a motion, or a conference report 
     thereon (only to the extent that such provision was not 
     committed to conference), that would have been estimated as 
     changing direct spending or receipts under section 252 of the 
     Balanced Budget and Emergency Deficit Control Act of 1985 (as 
     in effect prior to September 30, 2002) were they included in 
     an Act other than an appropriations Act shall be treated as 
     direct spending or receipts legislation, as appropriate, 
     under section 207 of H. Con. Res. 68 (106th Congress, 1st 
     Session) as amended by this resolution.
                                 ______
                                 
  SA 4887. Mr. SMITH of New Hampshire submitted an amendment intended 
to be proposed to amendment SA 4471 proposed by Mr. LIEBERMAN to the 
bill H.R. 5005, to establish the Department of Homeland Security, and 
for other purposes; which was ordered to lie on the table; as follows:

       Insert at the appropriate place, relating to the 
     responsibilities of the Directorate of Emergency Preparedness 
     and Response, the following:
       (  ) Developing plans for ensuring the ability to 
     expeditiously move people and goods to and from densely 
     populated areas and critical infrastructure in the United 
     States in the event of an actual or threatened terrorist 
     attack.
                                 ______
                                 
  SA 4888. Mr. REID (for Mr. Kohl) submitted an amendment intended to 
be proposed by Mr. Reid to the bill H.R. 2621, to amend title 18, 
United States Code, with respect to consumer product protection; as 
follows:

       Strike all after the enacting clause and insert the 
     following:

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Product Packaging Protection 
     Act of 2002''.

     SEC. 2. TAMPERING WITH CONSUMER PRODUCTS.

       Section 1365 of title 18, United States Code, is amended--
       (1) by redesignating subsections (f) and (g) as subsections 
     (g) and (h), respectively; and
       (2) by inserting after subsection (e) the following:
       ``(f)(1) Whoever, without the consent of the manufacturer, 
     retailer, or distributor, intentionally tampers with a 
     consumer product

[[Page S10589]]

     that is sold in interstate or foreign commerce by knowingly 
     placing or inserting any writing in the consumer product, or 
     in the container for the consumer product, before the sale of 
     the consumer product to any consumer shall be fined under 
     this title, imprisoned not more than 1 year, or both.
       ``(2) Notwithstanding the provisions of paragraph (1), if 
     any person commits a violation of this subsection after a 
     prior conviction under this section becomes final, such 
     person shall be fined under this title, imprisoned for not 
     more than 3 years, or both.
       ``(3) In this subsection, the term `writing' means any form 
     of representation or communication, including hand-bills, 
     notices, or advertising, that contain letters, words, or 
     pictorial representations.''.
                                 ______
                                 
  SA 4889. Mr. REID (for Mr. Kohl) proposed an amendment to the bill S. 
1233, to provide penalties for certain unauthorized writing with 
respect to consumer products; as follows:

       Strike all after the enacting clause and insert the 
     following:

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Product Packaging Protection 
     Act of 2002''.

     SEC. 2. TAMPERING WITH CONSUMER PRODUCTS.

       Section 1365 of title 18, United States Code, is amended--
       (1) by redesignating subsections (f) and (g) as subsections 
     (g) and (h), respectively; and
       (2) by inserting after subsection (e) the following:
       ``(f)(1) Whoever, without the consent of the manufacturer, 
     retailer, or distributor, intentionally tampers with a 
     consumer product that is sold in interstate or foreign 
     commerce by knowingly placing or inserting any writing in the 
     consumer product, or in the container for the consumer 
     product, before the sale of the consumer product to any 
     consumer shall be fined under this title, imprisoned not more 
     than 1 year, or both.
       ``(2) Notwithstanding the provisions of paragraph (1), if 
     any person commits a violation of this subsection after a 
     prior conviction under this section becomes final, such 
     person shall be fined under this title, imprisoned for not 
     more than 3 years, or both.
       ``(3) In this subsection, the term `writing' means any form 
     of representation or communication, including hand-bills, 
     notices, or advertising, that contain letters, words, or 
     pictorial representations.''.
                                 ______
                                 
  SA 4890. Mr. REID (for Mr. Wyden (for himself and Mr. Allen)) 
proposed an amendment to the bill S. 2182, to authorize funding for 
computer and network security research and development and research 
fellowship programs, and for other purposes; as follows:

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Cyber Security Research and 
     Development Act''.

     SEC. 2. FINDINGS.

       The Congress finds the following:
       (1) Revolutionary advancements in computing and 
     communications technology have interconnected government, 
     commercial, scientific, and educational infrastructures--
     including critical infrastructures for electric power, 
     natural gas and petroleum production and distribution, 
     telecommunications, transportation, water supply, banking and 
     finance, and emergency and government services--in a vast, 
     interdependent physical and electronic network.
       (2) Exponential increases in interconnectivity have 
     facilitated enhanced communications, economic growth, and the 
     delivery of services critical to the public welfare, but have 
     also increased the consequences of temporary or prolonged 
     failure.
       (3) A Department of Defense Joint Task Force concluded 
     after a 1997 United States information warfare exercise that 
     the results ``clearly demonstrated our lack of preparation 
     for a coordinated cyber and physical attack on our critical 
     military and civilian infrastructure''.
       (4) Computer security technology and systems implementation 
     lack--
       (A) sufficient long term research funding;
       (B) adequate coordination across Federal and State 
     government agencies and among government, academia, and 
     industry; and
       (C) sufficient numbers of outstanding researchers in the 
     field.
       (5) Accordingly, Federal investment in computer and network 
     security research and development must be significantly 
     increased to--
       (A) improve vulnerability assessment and technological and 
     systems solutions;
       (B) expand and improve the pool of information security 
     professionals, including researchers, in the United States 
     workforce; and
       (C) better coordinate information sharing and collaboration 
     among industry, government, and academic research projects.
       (6) While African-Americans, Hispanics, and Native 
     Americans constitute 25 percent of the total United States 
     workforce and 30 percent of the college-age population, 
     members of these minorities comprise less than 7 percent of 
     the United States computer and information science workforce.

     SEC. 3. DEFINITIONS.

       In this Act:
       (1) Director.--The term ``Director'' means the Director of 
     the National Science Foundation.
       (2) Institution of higher education.--The term 
     ``institution of higher education'' has the meaning given 
     that term in section 101(a) of the Higher Education Act of 
     1965 (20 U.S.C. 1001(a)).

     SEC. 4. NATIONAL SCIENCE FOUNDATION RESEARCH.

       (a) Computer and Network Security Research Grants.--
       (1) In general.--The Director shall award grants for basic 
     research on innovative approaches to the structure of 
     computer and network hardware and software that are aimed at 
     enhancing computer security. Research areas may include--
       (A) authentication, cryptography, and other secure data 
     communications technology;
       (B) computer forensics and intrusion detection;
       (C) reliability of computer and network applications, 
     middleware, operating systems, control systems, and 
     communications infrastructure;
       (D) privacy and confidentiality;
       (E) network security architecture, including tools for 
     security administration and analysis;
       (F) emerging threats;
       (G) vulnerability assessments and techniques for 
     quantifying risk;
       (H) remote access and wireless security; and
       (I) enhancement of law enforcement ability to detect, 
     investigate, and prosecute cybercrimes, including those that 
     involve piracy of intellectual property.
       (2) Merit review; competition.--Grants shall be awarded 
     under this section on a merit-reviewed competitive basis.
       (3) Authorization of appropriations.--There are authorized 
     to be appropriated to the National Science Foundation to 
     carry out this subsection--
       (A) $35,000,000 for fiscal year 2003;
       (B) $40,000,000 for fiscal year 2004;
       (C) $46,000,000 for fiscal year 2005;
       (D) $52,000,000 for fiscal year 2006; and
       (E) $60,000,000 for fiscal year 2007.
       (b) Computer and Network Security Research Centers.--
       (1) In general.--The Director shall award multiyear grants, 
     subject to the availability of appropriations, to 
     institutions of higher education, nonprofit research 
     institutions, or consortia thereof to establish 
     multidisciplinary Centers for Computer and Network Security 
     Research. Institutions of higher education, nonprofit 
     research institutions, or consortia thereof receiving such 
     grants may partner with 1 or more government laboratories or 
     for-profit institutions, or other institutions of higher 
     education or nonprofit research institutions.
       (2) Merit review; competition.--Grants shall be awarded 
     under this subsection on a merit-reviewed competitive basis.
       (3) Purpose.--The purpose of the Centers shall be to 
     generate innovative approaches to computer and network 
     security by conducting cutting-edge, multidisciplinary 
     research in computer and network security, including the 
     research areas described in subsection (a)(1).
       (4) Applications.--An institution of higher education, 
     nonprofit research institution, or consortia thereof seeking 
     funding under this subsection shall submit an application to 
     the Director at such time, in such manner, and containing 
     such information as the Director may require. The application 
     shall include, at a minimum, a description of--
       (A) the research projects that will be undertaken by the 
     Center and the contributions of each of the participating 
     entities;
       (B) how the Center will promote active collaboration among 
     scientists and engineers from different disciplines, such as 
     computer scientists, engineers, mathematicians, and social 
     science researchers;
       (C) how the Center will contribute to increasing the number 
     and quality of computer and network security researchers and 
     other professionals, including individuals from groups 
     historically underrepresented in these fields; and
       (D) how the center will disseminate research results 
     quickly and widely to improve cyber security in information 
     technology networks, products, and services.
       (5) Criteria.--In evaluating the applications submitted 
     under paragraph (4), the Director shall consider, at a 
     minimum--
       (A) the ability of the applicant to generate innovative 
     approaches to computer and network security and effectively 
     carry out the research program;
       (B) the experience of the applicant in conducting research 
     on computer and network security and the capacity of the 
     applicant to foster new multidisciplinary collaborations;
       (C) the capacity of the applicant to attract and provide 
     adequate support for a diverse group of undergraduate and 
     graduate students group of undergraduate and graduate 
     students and postdoctoral fellows to pursue computer and 
     network security research; and
       (D) the extent to which the applicant will partner with 
     government laboratories, for-profit entities, other 
     institutions of higher education, or nonprofit research 
     institutions, and the role the partners will play in the 
     research undertaken by the Center.
       (6) Annual meeting.--The Director shall convene an annual 
     meeting of the Centers in order to foster collaboration and 
     communication between Center participants.
       (7) Authorization of appropriations.--There are authorized 
     to be appropriated for the National Science Foundation to 
     carry out this subsection--

[[Page S10590]]

       (A) $12,000,000 for fiscal year 2003;
       (B) $24,000,000 for fiscal year 2004;
       (C) $36,000,000 for fiscal year 2005;
       (D) $26,000,000 for fiscal year 2006; and
       (E) $36,000,000 for fiscal year 2007.

     SEC. 5. NATIONAL SCIENCE FOUNDATION COMPUTER AND NETWORK 
                   SECURITY PROGRAMS

       (a) Computer and Network Security Capacity Building 
     Grants.--
       (1) In general.--The Director shall establish a program to 
     award grants to institutions of higher education (or 
     consortia thereof) to establish, or improve undergraduate and 
     master's degree programs in computer and net work security, 
     to increase the number of students, including the number of 
     students from groups historically underrepresented in these 
     fields, who pursue undergraduate or master's degrees in 
     fields related to computer and network security, and to 
     provide students with experience in government or industry 
     related to their computer and network security studies.
       (2) Merit review.--Grants shall be awarded under this 
     subsection on a merit-reviewed competitive basis.
       (3) Use of funds.--Grants awarded under this subsection 
     shall be used for activities that enhance the ability of an 
     institution of higher education (or consortium thereof) to 
     provide high-quality undergraduate and master's degree 
     programs in computer and network security and to recruit 
     and retain increased numbers of students to such programs. 
     Activities may include--
       (A) revising curriculum to better prepare undergraduate and 
     master's degree students for careers in computer and network 
     security;
       (B) establishing degree and certificate programs in 
     computer and network security;
       (C) creating opportunities for undergraduate students to 
     participate in computer and network security research 
     projects;
       (D) acquiring equipment necessary for student instruction 
     in computer and network security, including the installation 
     of testbed networks for student use;
       (E) providing opportunities for faculty to work with local 
     or Federal Government agencies, private industry, nonprofit 
     research institutions, or other academic institutions to 
     develop new expertise or to formulate new research directions 
     in computer and network security;
       (F) establishing collaborations with other academic 
     institutions and academic departments that seek to establish, 
     expand, or enhance programs in computer and network security;
       (G) establishing student internships in computer and 
     network security at government agencies or in private 
     industry;
       (H) establishing collaborations with other academic 
     institutions to establish or enhance a web-based collection 
     of computer and network security courseware and laboratory 
     exercises for sharing with other institutions of higher 
     education, including community colleges;
       (I) establishing or enhancing bridge programs in computer 
     and network security between community colleges and 
     universities; and
       (K) any other activities the Director determines will 
     accomplish the goals of this subsection.
       (4) Selection process.--
       (A) Application.--An institution of higher education (or a 
     consortium thereof) seeking funding under this subsection 
     shall submit an application to the Director at such time, in 
     such manner, and containing such information as the Director 
     may require. The application shall include, at a minimum--
       (i) a description of the applicant's computer and network 
     security research and institutional capacity, and in the case 
     of an application from a consortium of institutions of higher 
     education, a description of the role that each member will 
     play in implementing the proposal;
       (ii) a comprehensive plan by which the institution or 
     consortium will build instructional capacity in computer and 
     information security;
       (iii) a description of relevant collaborations with 
     government agencies or private industry that inform the 
     instructional program in computer and network security;
       (iv) a survey of the applicant's historic student 
     enrollment and placement date in fields related to computer 
     and network security and a study of potential enrollment and 
     placement for students enrolled in the proposed computer and 
     network security program; and
       (v) a plan to evaluate the success of the proposed computer 
     and network security program, including post-graduation 
     assessment of graduate school and job placement and retention 
     rates as well as the relevance of the instructional 
     program to graduate study and to the workplace.
       (B) Awards.--(i) The Director shall ensure, to the extent 
     practicable, that grants are awarded under this subsection in 
     a wide range of geographic areas and categories of 
     institutions of higher education, including minority serving 
     institutions.
       (ii) The Director shall award grants under this subsection 
     for a period not to exceed 5 years.
       (5) Assessment required.--The Director shall evaluate the 
     program established under this subsection no later than 6 
     years after the establishment of the program. At a minimum, 
     the Director shall evaluate the extent to which the program 
     achieved its objectives of increasing the quality and 
     quantity of students, including students from groups 
     historically underrepresented in computer and network 
     security related disciplines, pursuing undergraduate or 
     master's degrees in computer and network security.
       (6) Authorization of appropriations.--There are authorized 
     to be appropriated to the National Science Foundation to 
     carry out this subsection--
       (A) $15,000,000 for fiscal year 2003;
       (B) $20,000,000 for fiscal year 2004;
       (C) $20,000,000 for fiscal year 2005;
       (D) $20,000,000 for fiscal year 2006; and
       (E) $20,000,000 for fiscal year 2007.
       (b) Scientific and Advanced Technology Act of 1992.--
       (1) Grants.--The Director shall provide grants under the 
     Scientific and Advanced Technology Act of 1992 (42 U.S.C. 
     1862i) for the purposes of section 3 (a) and (b) of that Act, 
     except that the activities supported pursuant to this 
     subsection shall be limited to improving education in fields 
     related to computer and network security.
       (2) Authorization of appropriations.--There are authorized 
     to be appropriated to the National Science Foundation to 
     carry out this subsection--
       (A) $1,000,000 for fiscal year 2003;
       (B) $1,250,000 for fiscal year 2004;
       (C) $1,250,000 for fiscal year 2005;
       (D) $1,250,000 for fiscal year 2006; and
       (E) $1,250,000 for fiscal year 2007.
       (c) Graduate Traineeships in Computer and Network Security 
     Research.--
       (1) In general.--The Director shall establish a program to 
     award grants to institutions of higher education to establish 
     traineeship programs for graduate students who pursue 
     computer and network security research leading to a doctorate 
     degree by providing funding and other assistance, and by 
     providing graduate students with research experience in 
     government or industry related to the students' computer and 
     network security studies.
       (2) Merit review.--Grants shall be provided under this 
     subsection on a merit-reviewed competitive basis.
       (3) Use of funds.--An institution of higher education shall 
     use grant funds for the purposes of--
       (A) providing traineeships to students who are citizens, 
     nationals, or lawfully admitted permanent resident aliens of 
     the United States and are pursuing research in computer or 
     network security leading to a doctorate degree;
       (B) paying tuition and fees for students receiving 
     traineeships under subparagraph (A);
       (C) establishing scientific internship programs for 
     students receiving traineeships under subparagraph (A) in 
     computer and network security at for-profit institutions, 
     nonprofit research institutions, or government laboratories; 
     and
       (D) other costs associated with the administration of the 
     program.
       (4) traineeship amount.--Traineeships provided under 
     paragraph (3)(A) shall be in the amount of $25,000 per year, 
     or the level of the National Science Foundation Graduate 
     Research Fellowships, whichever is greater, for up to 3 
     years.
       (5) Selection process.--An institution of higher education 
     seeking funding under this subsection shall submit an 
     application to the Director at such time, in such manner, and 
     containing such information as the Director may require. The 
     application shall include, at a minimum, a description of--
       (A) the instructional program and research opportunities in 
     computer and network security available to graduate students 
     at the applicant's institution; and
       (B) the internship program to be established, including the 
     opportunities that will be made available to students for 
     internships at for-profit institutions, nonprofit research 
     institutions, and government laboratories.
       (6) Review of applications.--In evaluating the applications 
     submitted under paragraph (5), the Director shall consider--
       (A) the ability of the applicant to effectively carry out 
     the proposed program;
       (B) the quality of the applicant's existing research and 
     education programs;
       (C) the likelihood that the program will recruit increased 
     numbers of students, including students from groups 
     historically underrepresented in computer and network 
     security related disciplines, to pursue and earn doctorate 
     degrees in computer and network security;
       (D) the nature and quality of the internship program 
     established through collaborations with government 
     laboratories, nonprofit research institutions and for-profit 
     institutions;
       (E) the integration of internship opportunities into 
     graduate students' research; and
       (F) the relevance of the proposed program to current and 
     future computer and network security needs.
       (7) Authorization of appropriations.--There are authorized 
     to be appropriated to the National Science Foundation to 
     carry out this subsection--
       (A) $10,000,000 for fiscal year 2003;
       (B) $20,000,000 for fiscal year 2004;
       (C) $20,000,000 for fiscal year 2005;
       (D) $20,000,000 for fiscal year 2006; and
       (E) $20,000,000 for fiscal year 2007.
       (d) Graduate Research Fellowships Program Support.--
     Computer and network security shall be included among the 
     fields of specialization supported by the National Science 
     Foundation's Graduate Research Fellowships program under 
     section 10 of the National Science Foundation Act of 1950 (42 
     U.S.C. 1869).
       (e) Cyber Security Faculty Development Traineeship 
     Program.--
       (1) In general.--The Director shall establish a program to 
     award grants to institutions of higher education to establish

[[Page S10591]]

     traineeship programs to enable graduate students to pursue 
     academic careers in cyber security upon completion of 
     doctoral degrees.
       (2) Merit review; competition.--Grants shall be awarded 
     under this section on a merit-reviewed competitive basis.
       (3) Application.--Each institution of higher education 
     desiring to receive a grant under this subsection shall 
     submit an application to the Director at such time, in such 
     manner, and containing such information as the Director shall 
     require.
       (4) Use of funds.--Funds received by an institution of 
     higher education under this paragraph shall--
       (A) be made available to individuals on a merit-reviewed 
     competitive basis and in accordance with the requirements 
     established in paragraph (7);
       (B) be in an amount that is sufficient to cover annual 
     tuition and fees for doctoral study at an institution of 
     higher education for the duration of the graduate 
     traineeship, and shall include, in addition, an annual living 
     stipend of $25,000; and
       (C) be provided to individuals for a duration of no more 
     than 5 years, the specific duration of each graduate 
     traineeship to be determined by the institution of higher 
     education, on a case-by-case basis.
       (5) Repayment.--Each graduate traineeship shall--
       (A) subject to paragraph (5)(B), be subject to full 
     repayment upon completion of the doctoral degree according to 
     a repayment schedule established and administered by the 
     institution of higher education;
       (B) be forgiven at the rate of 20 percent of the total 
     amount of the graduate traineeship assistance received under 
     this section for each academic year that a recipient is 
     employed as a full-time faculty member at an institution of 
     higher education for a period not to exceed 5 years; and
       (C) be monitored by the institution of higher education 
     receiving a grant under this subsection to ensure compliance 
     with this subsection.
       (6) Exceptions.--The Director may provide for the partial 
     or total waiver or suspension of any service obligation or 
     payment by an individual under this section whenever 
     compliance by the individual is impossible or would involve 
     extreme hardship to the individual, or if enforcement of such 
     obligation with respect to the individual would be 
     unconscionable.
       (7) Eligibility.--To be eligible to receive a graduate 
     traineeship under this section, an individual shall--
       (A) be a citizen, national, or lawfully admitted permanent 
     resident alien of the United States;
       (B) demonstrate a commitment to a career in higher 
     education.
       (8) Consideration.--In making selections for graduate 
     traineeships under this paragraph, an institution receiving a 
     grant under this subsection shall consider, to the extent 
     possible, a diverse pool of applicants whose interests are of 
     an interdisciplinary nature, encompassing the social 
     scientific as well as the technical dimensions of cyber 
     security.
       (9) Authorization of appropriations.--There are authorized 
     to be appropriated to the National Science Foundation to 
     carry out this paragraph $5,000,000 for each of fiscal years 
     2003 through 2007.

     SEC. 6. CONSULTATION.

       In carrying out sections 4 and 5, the Director shall 
     consult with other Federal agencies.

     SEC. 7. FOSTERING RESEARCH AND EDUCATION IN COMPUTER AND 
                   NETWORK SECURITY.

       Section 3(a) of the National Science Foundation Act of 1950 
     (42 U.S.C. 1862(a)) is amended--
       (1) by striking ``and'' at the end of paragraph (6);
       (2) by striking ``Congress.'' in paragraph (7) and 
     inserting ``Congress; and''; and
       (3) by adding at the end the following:
       ``(8) to take a leading role in fostering and supporting 
     research and education activities to improve the security of 
     networked information systems.''.

     SEC. 8. NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 
                   PROGRAMS.

       (a) Research Program.--The National Institute of Standards 
     and Technology Act (15 U.S.C. 271 et seq.) is amended--
       (1) by moving section 22 to the end of the Act and 
     redesignating it as section 32;
       (2) by inserting after section 21 the following new 
     section:


      ``SEC. 22. RESEARCH PROGRAM ON SECURITY OF COMPUTER SYSTEMS

       ``(a) Establishment.--The Director shall establish a 
     program of assistance to institutions of higher education 
     that enter into partnerships with for-profit entities to 
     support research to improve the security of computer systems. 
     The partnerships may also include government laboratories and 
     nonprofit research institutions. The program shall--
       ``(1) include multidisciplinary, long-term research;
       ``(2) include research directed toward addressing needs 
     identified through the activities of the Computer System 
     Security and Privacy Advisory Board under section 20(f); and
       ``(3) promote the development of a robust research 
     community working at the leading edge of knowledge in subject 
     areas relevant to the security of computer systems by 
     providing support for graduate students, post-doctoral 
     researchers, and senior researchers.
       ``(b) Fellowships.--
       ``(1) Post-doctoral research fellowships.--The Director is 
     authorized to establish a program to award post-doctoral 
     research fellowships to individuals who are citizens, 
     nationals, or lawfully admitted permanent resident aliens of 
     the United States and are seeking research positions at 
     institutions, including the Institute, engaged in research 
     activities related to the security of computer systems, 
     including the research areas described in section 4(a)(1) of 
     the Cyber Security Research and Development Act.
       ``(2) Senior research fellowships.--The Director is 
     authorized to establish a program to award senior research 
     fellowships to individuals seeking research positions at 
     institutions, including the Institute, engaged in research 
     activities related to the security of computer systems, 
     including the research areas described in section 4(a)(1) of 
     the Cyber Security Research and Development Act. Senior 
     research fellowships shall be made available for established 
     researchers at instructions of higher education who seek to 
     change research fields and pursue studies related to the 
     security of computer systems.
       ``(3) Eligibility.--
       ``(A) In general.--To be eligible for an award under this 
     subsection, an individual shall submit an application to the 
     Director at such time, in such manner, and containing such 
     information as the Director may require.
       ``(B) Stipends.--Under this subsection, the Director is 
     authorized to provide stipends for post-doctoral research 
     fellowships at the level of the Institute's Post Doctoral 
     Research Fellowship Program and senior research fellowships 
     at levels consistent with support for a faculty member in 
     a sabbatical position.
       ``(c) Awards: Applications.--
       ``(1) In general.--The Director is authorized to award 
     grants or cooperative agreements to institutions of higher 
     education to carry out the program established under 
     subsection (a). No funds made available under this section 
     shall be made available directly to any for-profit partners.
       ``(2) Eligibility.--To be eligible for an award under this 
     section, an institution of higher education shall submit an 
     application to the Director at such time, in such manner, and 
     containing such information as the Director may require. The 
     application shall include, at a minimum, a description of--
       ``(A) the number of graduate students anticipated to 
     participate in the research project and the level of support 
     to be provided to each;
       ``(B) the number of post-doctoral research positions 
     included under the research project and the level of support 
     to be provided to each;
       ``(C) the number of individuals, if any, intending to 
     change research fields and pursue studies related to the 
     security of computer systems to be included under the 
     research project and the level of support to be provided to 
     each; and
       ``(D) how the for-profit entities, nonprofit research 
     institutions, and any other partners will participate in 
     developing and carrying out the research and education agenda 
     of the partnership.
       ``(d) Program Operation.--
       ``(1) Management.--The program established under subsection 
     (a) shall be managed by individuals who shall have both 
     expertise in research related to the security of computer 
     systems and knowledge of the vulnerabilities of existing 
     computer systems. The Director shall designate such 
     individuals as program managers.
       ``(2) Managers may be employees.--Program managers 
     designated under paragraph (1) may be new or existing 
     employees of the Institute or individuals on assignment at 
     the Institute under the Intergovernmental Personnel Act of 
     1970, except that individuals on assignment at the Institute 
     under the Intergovernmental Personnel Act of 1970 shall not 
     directly manage such employees.
       ``(3) Manager responsibility.--Program managers designated 
     under paragraph (1) shall be responsible for--
       ``(A) establishing and publicizing the broad research goals 
     for the program;
       ``(B) soliciting applications for specific research 
     projects to address the goals developed under subparagraph 
     (A);
       ``(C) selecting research projects for support under the 
     program from among applications submitted to the Institute, 
     following consideration of--
       ``(i) the novelty and scientific and technical merit of the 
     proposed projects;
       ``(ii) the demonstrated capabilities of the individual or 
     individuals submitting the applications to successfully carry 
     out the proposed research;
       ``(iii) the impact the proposed projects will have on 
     increasing the number of computer security researchers;
       ``(iv) the nature of the participation by for-profit 
     entities and the extent to which the proposed projects 
     address the concerns of industry; and
       ``(v) other criteria determined by the Director, based on 
     information specified for inclusion in applications under 
     subsection; (c); and
       ``(D) monitoring the progress of research projects 
     supported under the program.
       ``(4) Reports.--The Director shall report to the Senate 
     Committee on Commerce, Science, and Transportation and the 
     House of Representatives Committee on Science annually on the 
     use and represponsibility of individuals on assignment at the 
     Institute under the Intergovernmental Personnel Act of 1970 
     who are performing duties under subsection (d).

[[Page S10592]]

       ``(e) Review of Program.--
       ``(1) Periodic review.--The Director shall periodically 
     review the portfolio of research awards monitored by each 
     program manager designated in accordance with subsection (d). 
     In conducting those reviews, the Director shall seek the 
     advice of the Computer System Security and Privacy Advisory 
     Board, established under section 21, on the appropriateness 
     of the research goals and on the quality and utility of 
     research projects managed by program managers in accordance 
     with subsection (d).
       ``(2) Comprehensive 5-year review.--The Director shall also 
     contract with the National Review Council for a comprehensive 
     review of the program established under subsection (a) during 
     the 5th year of the program. Such review shall include an 
     assessment of the scientific quality of the research 
     conducted, the relevance of the research results obtained to 
     the goals of the program established under subsection 
     (d)(3)(A), and the progress of the program in promoting the 
     development of a substantial academic research community 
     working at the leading edge of knowledge in the field. The 
     Director shall submit to Congress a report on the results of 
     the review under this paragraph no later than 6 years after 
     the initiation of the program.
       ``(f) Definitions.--In this section:
       ``(1) Computer system.--The term `computer system' has the 
     meaning given that term in section 20(d)(1).
       ``(2) Institution of higher education.--The term 
     `institution of higher education' has the meaning given that 
     term in section 101(a) of the Higher Education Act of 1965 
     (20 U.S.C. 1001(a)).''.
       ``(b) Amendment of Computer System Definition.--Section 
     20(d)(1)(B)(i) of National Institute of Standards and 
     Technology Act (15 U.S.C. 278g-3(d)(1)(B)(i)) is amended to 
     read as follows:
       ``(i) computers and computer networks;''.
       ``(c) Checklists for Government Systems.--
       ``(1) In general.--The Director of the National Institute 
     of Standards and Technology shall develop, and revise as 
     necessary, a checklist setting forth settings and option 
     selections that minimize the security risks associated with 
     each computer hardware or software system that is, or is 
     likely to become, widely used within the Federal government.
       ``(2) Priorities for development; excluded systems.--The 
     Director of the National Institute of Standards and 
     Technology may establish priorities for the development of 
     checklists under this paragraph on the basis of the security 
     risks associated with the use of the system, the number of 
     agencies that use a particular system, the usefulness of the 
     checklist of Federal agencies that are users or potential 
     users of the system, or such other factors as the Director 
     determines to be appropriate. The Director of the National 
     Institute of Standards and Technology may exclude from the 
     application of paragraph (1) any computer hardware or 
     software system for which the Director of the National 
     Institute of Standards and Technology determines that the 
     development of a checklist is inappropriate because of the 
     infrequency of use of the system, the obsolescence of the 
     system, or the inutility or impracticability of developing 
     a checklist for the system.
       (3) Dissemination of checklists.--The Director of the 
     National Institute of Standards and Technology shall make any 
     checklist developed under this paragraph for any computer 
     hardware or software system available to each Federal agency 
     that is a user or potential user of the system.
       (4) Agency use requirements.--The development of a 
     checklist under paragraph (1) for a computer hardware or 
     software system does not--
       (A) require any Federal agency to select the specific 
     settings or options recommended by the checklist for the 
     system;
       (B) establish conditions or prerequisites for Federal 
     agency procurement or deployment of any such system;
       (C) represent an endorsement of any such system by the 
     Director of the National Institute of Standards and 
     Technology; nor
       (D) preclude any Federal agency from procuring or deploying 
     other computer hardware or software systems for which no such 
     checklist has been developed.
       (d) Federal Agency Information Security Programs.--
       (1) In general.--In developing the agency-wide information 
     security program required by section 3534(b) of title 44, 
     United States Code, an agency that deploys a computer 
     hardware or software system for which the Director of the 
     National Institute of Standards and Technology has developed 
     a checklist under subsection (c) of this section--
       (A) shall include in that program an explanation of how the 
     agency has considered such checklist in deploying that 
     system; and
       (B) may treat the explanation as if it were a portion of 
     the agency's annual performance plan properly classified 
     under criteria established by an Executive Order (within the 
     meaning of section 1115(d) of title 31, United States Code).
       (2) Limitation.--Paragraph (1) does not apply to any 
     computer hardware or software system for which the National 
     Institute of Standards and Technology does not have 
     responsibility under section 20(a)(3) of the National 
     Institute of Standards and Technology Act (15 U.S.C. 278g-
     3(a)(3)).

     SEC. 9. COMPUTER SECURITY REVIEW, PUBLIC MEETINGS, AND 
                   INFORMATION.

       Section 20 of the National Institute of Standards and 
     Technology Act (15 U.S.C. 278g-3) is amended by adding at the 
     end the following new subsection:
       ``(e) Authorization of Appropriations.--There are 
     authorized to be appropriated to the Secretary $1,060,000 for 
     fiscal year 2003 and $1,090,000 for fiscal year 2004 to 
     enable the Computer System Security and Privacy Advisory 
     Board, established by section 21, to identify emerging 
     issues, including research needs, related to computer 
     security, privacy, and cryptography and, as appropriate, to 
     convene public meetings on those subjects, receive 
     presentation, and publish reports, digests, and summaries for 
     public distribution on those subjects.''.

     SEC. 10. INTRAMURAL SECURITY RESEARCH.

       Section 20 of the National Institute of Standards and 
     Technology Act (15 U.S.C. 278g-3), as amended by this Act, is 
     further amended by redesignating subsection (e) as subsection 
     (f), and by inserting after subsection (d) the following:
       ``(e) Intramural Security Research.--As part of the 
     research activities conducted in accordance with subsection 
     (b)(4), the Institute shall--
       ``(1) conduct a research program to address emerging 
     technologies associated with assembling a networked computer 
     system from components while ensuring it maintains desired 
     security properties;
       ``(2) carry out research associated with improving the 
     securing of real-time computing and communications systems 
     for use in process control; and
       ``(3) carry out multidisciplinary, long-term, high-risk 
     research on ways to improve the security of computer 
     systems.''.

     SEC. 11. AUTHORIZATION OF APPROPRIATIONS.

       There are authorized to be appropriated to the Secretary of 
     Commerce for the National Institute of Standards and 
     Technology--
       (1) for activities under section 22 of the National 
     Institute of Standards and Technology Act, as added by 
     section 8 of this Act--
       (A) $25,000,000 for fiscal year 2003;
       (B) $40,000,000 for fiscal year 2004;
       (C) $55,000,000 for fiscal year 2005;
       (D) $70,000,000 for fiscal year 2006;
       (E) $85,000,000 for fiscal year 2007; and
       (2) for activities under section 20(f) of the National 
     Institute of Standards and Technology Act, as added by 
     section 10 of this Act
       (A) $6,000,000 for fiscal year 2003;
       (B) $6,200,000 for fiscal year 2004;
       (C) $6,400,000 for fiscal year 2005;
       (D) $6,600,000 for fiscal year 2006; and
       (E) $6,800,000 for fiscal year 2007.

     SEC. 12. NATIONAL ACADEMY OF SCIENCES STUDY ON COMPUTER AND 
                   NETWORK SECURITY IN CRITICAL INFRASTRUCTURES.

       (a) Study.--Not later than 3 months after the date of the 
     enactment of this Act, the Director of the National Institute 
     of Standards and Technology shall enter into an arrangement 
     with the National Research Council of the National Academy of 
     Sciences to conduct a study of the vulnerabilities of the 
     Nation's network infrastructure and make recommendations for 
     appropriate improvements. The National Research Council 
     shall--
       (1) review existing studies and associated data on the 
     architectural, hardware, and software vulnerabilities and 
     interdependencies in United States critical infrastructure 
     networks;
       (2) identify and assess gaps in technical capability for 
     robust critical infrastructure network security and make 
     recommendations for research priorities and resource 
     requirements; and
       (3) review any and all other essential elements of computer 
     and network security, including security of industrial 
     process controls, to be determined in the conduct of the 
     study.
       (b) Report.--The Director of the National Institute of 
     Standards and Technology shall transmit a report containing 
     the results of the study and recommendations required by 
     subsection (a) to the Senate Committee on Commerce, Science, 
     and Transportation and the House of Representatives Committee 
     on Science not later than 21 months after the date of 
     enactment of this Act.
       (c) Security.--The Director of the National Institute of 
     Standards and Technology shall ensure that no information 
     that is classified is included in any publicly released 
     version of the report required by this section.
       (d) Authorization of Appropriations.--There are authorized 
     to be appropriated to the Secretary of Commerce for the 
     National Institute of Standards and Technology for the 
     purposes of carrying out this section, $700,000.

     SEC. 13. COORDINATION OF FEDERAL CYBER SECURITY RESEARCH AND 
                   DEVELOPMENT

       The Director of the National Science Foundation and the 
     Director of the National Institute of Standards and 
     Technology shall coordinate the research programs authorized 
     by this Act or pursuant to amendments made by this Act. The 
     Director of the Office of Science and Technology Policy shall 
     work with the Director of the National Science Foundation and 
     the Director of the National Institute of Standards and 
     Technology to ensure that programs authorized by this Act or 
     pursuant to amendments made by this Act are taken into 
     account in any government-wide cyber security research 
     effort.

     SEC. 14. OFFICE OF SPACE COMMERCIALIZATION.

       Section 8(a) of the Technology Administration Act of 1998 
     (15 U.S.C. 1511e(a)) is amended by inserting ``the Technology 
     Administration of'' after ``within''.

[[Page S10593]]

     SEC. 15. TECHNICAL CORRECTION OF NATIONAL CONSTRUCTION SAFETY 
                   TEAM ACT.

       Section 29(c)(1)(d) of the National Construction Safety 
     Team Act is amended by striking ``section 8;'' and inserting 
     ``section 7;''.

     SEC. 16. GRANT ELIGIBILITY REQUIREMENTS AND COMPLIANCE WITH 
                   IMMIGRATION LAWS.

       (a) Immigration Status.--No grant or fellowship may be 
     awarded under this Act, directly or indirectly, to any 
     individual who is in violation of the terms of his or her 
     status as a nonimmigrant under section 101(a)(15)(F), (M), or 
     (J) of the Immigration and Nationality Act (8 U.S.C. 
     1101(a)(15)(F), (M), or (J)).
       (b) Aliens From Certain Countries.--No grant or fellowship 
     may be awarded under this Act, directly or indirectly, to any 
     alien from a country that is a state sponsor of international 
     terrorism, as defined under section 306(b) of the Enhanced 
     Border Security and VISA Entry Reform Act (8 U.S.C. 1735(b)), 
     unless the Secretary of State determines, in consultation 
     with the Attorney General and the heads of other appropriate 
     agencies, that such alien does not pose a threat to the 
     safety or national security of the United States.
       (c) Non-Complying Institutions.--No grant or fellowship may 
     be awarded under this Act, directly or indirectly, to any 
     institution of higher education or non-profit institution (or 
     consortia thereof) that has--
       (1) materially failed to comply with the recordkeeping and 
     reporting requirements to receive non-immigrant students or 
     exchange visitor program participants under section 
     101(a)(15)(F), (M), or (J) of the Immigration and Nationality 
     Act (8 U.S.C. 1101(a)(15)(F), (M), or (J)), or section 641 of 
     the Illegal Immigration Reform and Responsibility Act of 1996 
     (8 U.S.C. 1372), as required by section 502 of the Enhanced 
     Border Security and VISA Entry Reform Act (8 U.S.C. 1762); or
       (2) been suspended or terminated pursuant to section 502(c) 
     of the Enhanced Border Security and VISA Entry Reform Act (8 
     U.S.C. 1762(c)).

     SEC. 17. REPORT ON GRANT AND FELLOWSHIP PROGRAMS.

       Within 24 months after the date of enactment of this Act, 
     the Director, in consultation with the Assistant to the 
     President for National Security Affairs, shall submit to 
     Congress a report reviewing this Act to ensure that the 
     programs and fellowships are being awarded under this Act to 
     individuals and institutions of higher education who are in 
     compliance with the Immigration and Nationality Act (8 U.S.C. 
     1101 et seq.) in order to protect our national security.

                          ____________________