[Congressional Record (Bound Edition), Volume 148 (2002), Part 15]
[Senate]
[Pages 20959-20961]
[From the U.S. Government Publishing Office, www.gpo.gov]




            THE CYBER SECURITY RESEARCH AND DEVELOPMENT ACT

  Mr. ALLEN. Mr. President, I rise today to thank my colleagues for 
their unanimous support for S. 2182, the Cyber Security Research and 
Development Act. I share the concerns and worries of Senator Bond and 
Senator Grassley on many pieces of legislation and important matters 
that have not been passed due to various obstructions and problems. 
However, I am here to say we actually have done something

[[Page 20960]]

very constructive which will soon be helping our country, and that is 
the passage of the Cyber Security Research and Development Act.
  An extraordinary amount of hard work that went into this legislation. 
I thank my colleague from Oregon, Senator Wyden, for his leadership and 
continued work in pushing this important measure through the 
legislative process.
  Our bill, S. 2182, addresses the important issue of cyber and 
computer security. It is a truly historic piece of legislation because, 
for the first time, it assures and solidifies the Federal Government's 
commitment to basic, fundamental, long-term research in computer 
security as well as much needed graduate and postgraduate doctoral 
fellowships in computer security.
  America must act now to protect our security on many fronts. As our 
reliance on technology and the Internet has grown over the past decade, 
our vulnerability to attacks on the Nation's critical infrastructure 
and network systems has also grown exponentially. The high degree of 
interdependence between information systems exposes America's network 
infrastructure to both benign and destructive disruptions.
  Such cyber-attacks can take several forms, including the defacement 
of Web sites, denial of service, virus infection throughout the 
computer network, and the unauthorized intrusions and sabotage of 
systems and networks resulting in critical infrastructure outages and 
corruption of vital data. These are just some examples of the problems 
that could arise and have previously arisen.
  In fact, we have seen past attacks, such as the Code Red virus, that 
show the types of dangers and potential disruption cyber-attacks can 
have on our Nation's infrastructure. The cyber-threats before this 
country are significant and are, unfortunately, only getting more 
complicated and sophisticated as time goes on.
  A survey last year by the Computer Security Institute and the FBI 
found that 85 percent of 538 respondents experienced computer 
intrusions. Carnegie Mellon University's Computer Emergency Response 
Team (CERT) Coordination Center, which serves as a reporting center for 
Internet security problems, received 2,437 vulnerability reports in 
calendar year 2001, almost six times the number that were reported in 
1999, just 2 years previously. Similarly, the number of specific 
incidents reported to CERT exploded from 9,589 in 1999 to 52,658 in 
2001. Again, in 1999, about 9,500, to 52,000-plus incidents reported 
just 2 years later.
  What is alarming is that CERT estimates that these statistics may 
represent only 20 percent of the incidents that have actually occurred.
  A recent public opinion survey indicates that over 70 percent of 
Americans are concerned about computer security and 74 percent are 
concerned about terrorists using the Internet to launch a cyber-attack 
against our country's infrastructure. One survey shows that half--
half--of all information technology professionals believe a major 
attack will be launched against the Federal Government in the next 12 
months. Indeed, cyber-security is essential to both homeland security 
and national security. The Internet's security and reliability support 
commerce and information transfer of vital data in our economy, they 
support our critical infrastructures and, obviously, systems that 
protect our national defense. At a time when uncertainty threatens the 
confidence of our Nation's preparedness, the Federal Government needs 
to make the information and cyber-security issue a top priority.
  Currently, federally funded research on cyber-security is less than 
$60 million a year. Experts believe that fewer than 100 U.S. 
researchers have the experience and expertise to conduct cutting-edge 
research in cyber-security. In this past academic year, there were 
fewer than 30 U.S. citizens enrolled in Ph.D. cyber-security programs. 
Our legislation will encourage the kind of research and programs that 
will motivate students to pursue Ph.D. degrees in cyber-security 
because students will have the opportunity to receive research grants 
with the National Science Foundation.
  The Cyber Security Research and Development Act will play a major 
role in fostering greater research in methods to prevent future cyber-
attacks and design more secure networks. Our legislation will harness 
and link the intellectual power of the National Science Foundation, the 
National Institute of Science and Technology, our Nation's 
universities, and the most creative minds in the private sector to 
develop new and improved computer cryptography and authentication, 
firewalls, computer forensics, intrusion detection, wireless security, 
and systems management.
  In addition, our bill is designed to draw more college undergraduate 
and graduate students into the field of cyber-security research.
  It establishes programs to use internships, research opportunities, 
and better equipment to engage students in this field. America is a 
leader in the computer hardware and software development fields. To 
preserve America's technological edge, we must continue to have new 
students involved in computer science study and research.
  S. 2182 highlights the role the Federal Government will play in 
helping prepare and prevent against cyber-attacks, but only if we can 
ensure the cutting edge research and technology funded in this 
legislation is made commercially available. Clearly, there is an urgent 
need for the private sector, academic, and individual users, as well as 
the Federal and State governments, to deploy innovative security 
measures.
  I am confident the Federal investment for long-term projects outlined 
in this legislation will yield significant results to enhance the 
security and reliability of cyberspace.
  I am glad to see the Senate, in a rare moment in these last few weeks 
and months, has come together and passed this important legislation. 
Again, I thank my colleague from Oregon, Senator Wyden, for his 
leadership. I have enjoyed working with him on successful passage of 
this positive and constructive legislation that will improve the 
security of Americans.
  I am also grateful to the ranking member of the Judiciary Committee, 
Senator Orrin Hatch of Utah, who thoughtfully suggested we add an 
assurance that the grants provided in this legislation will go to 
individuals who are in full compliance with all immigration laws.
  I thank all my colleagues. It was a good team effort. In the future, 
our Internet and our cyber-security will be stronger for it.
  I ask unanimous consent to print the following letter in the Record.
  There being no objection, the material was ordered to be printed in 
the Record, as follows:

                                   Business Software Alliance,

                                                 October 17, 2002.
     Sen. Ron Wyden,
     Chairman,
     Sen. George Allen,
     Ranking Member,
     Subcommittee on Science, Technology & Space, Committee on 
         Commerce, U.S. Senate, Washington, DC.
       Dear Chairman Wyden and Ranking Member Allen: We are 
     writing to express our support of the Business Software 
     Alliance (BSA) and the Information Technology Association of 
     America (ITAA) for S. 2182, the Cyber Security Research and 
     Development Act, and to urge quick Senate passage of the 
     bill.
       Our associations represent the world's leading research-
     based software and hardware developers and manufacturers. As 
     builders of many of the products, networks and systems that 
     power the world's information infrastructures, and of the 
     leading security tools used to protect them, our members are 
     extremely committed to cyber security.
       S. 2182 authorizes federal expenditures on fundamental 
     basic, long-term research into computer security, as well as 
     much-needed graduate and post-doctoral fellowships in 
     computer security. The bill complements the hundreds of 
     millions of dollars spent each year by the information 
     technology industry on cyber security R&D. Government-funded 
     research, undertaken in close partnership with industry, is a 
     critical component of an effective government strategy to 
     advance cyber security, and we commend your efforts to 
     further the Federal Government's work in this area.
       We also appreciate the efforts you and your staffs have 
     undertaken to address concerns that were raised by industry 
     earlier in this process with regard to provisions of the

[[Page 20961]]

     legislation pertaining to Federal computer systems. Your 
     receptivity to these concerns has resulted, in our view, in a 
     stronger bill, and we commend you for your efforts in this 
     regard.
       We are pleased to offer you our support of this legislation 
     and to encourage its swift passage by the full Senate.
           Sincerely,
     Robert W. Holleyman II,
       President and CEO,
       Business Software Alliance (BSA).
     Harris N. Miller,
       President,
       Information Technology Association of America (ITAA).

  The PRESIDING OFFICER (Mr. Corzine). Who yields time?
  The Senator from Hawaii.

                          ____________________