The House agreed to Senate amendments to H.R. 3394, the Cybersecurity Research and Development Act, which authorize a five-year, $903 million program centered on research centers, grants and fellowships.
With terrorists demonstrating the unsettling ability to spot vulnerabilities in today's technological society, passage of the bill is one of the most important results of the lame-duck session of Congress, said Rep. Brian Baird, D-Wash., who sponsored the legislation that became H.R. 3394.
"If terrorists can find a way to disable our information or communications infrastructure at the same time they launch a more traditional attack ... we will have a synergistic combination with horrific results," Baird told a news conference. "The problem we have faced until now is that we just haven't had enough people trained to do the research necessary to secure those systems."
The U.S. academic world only produces about seven doctorates in computer security-related disciplines yearly, said Bill Wulf, president of the National Academy of Engineering. Current budget levels devote only $60 million to government cybersecurity research, said Rep. Sherwood Boehlert, R-N.Y., chairman of the House Science Committee.
Compare that effort to the billions of dollars and hundreds or thousands of advanced degrees going toward bioterror-related studies, Wulf told a news conference, and the need for a more coordinated effort, with stable funding, becomes obvious. Without at least the possibility of ongoing support for computer security research, academics will remain wary of entering the field, Wulf said.
The bill addresses this challenge by creating research and education programs within the National Science Foundation and the National Institute of Standards and Technology. The NSF efforts, including new research centers, grants and graduate traineeships, are slated for almost $600 million over the five years, while NIST's research would get $275 million. Joint research between existing agencies would get $32 million under the bill.
The NSF programs will benefit both new and existing computer security classes in schools nationwide, said Rep. Lamar Smith, R-Texas.
"With funding provided in this bill, (dozens of) universities will be able to train the next generation of cyberwarriors," Smith told reporters.
The computer hardware and software industries certainly produce new and better security products, said Harris Miller, president of the Information Technology Association of America. But those short-term developments cannot take the place of dedicated basic research, he said.
"There is a major disconnect between what the leaders of this country are saying about the need to focus on cybersecurity and what is actually being done," Miller said. "With the passage of this bill ... the connection is being established."
Industry surveys indicate computer security professionals understand the threat, said Robert Holleyman, president of the Business Software Alliance. The legislation headed to the White House is critical in solidifying a government response, he said.
President Bush is expected to sign the bill into law quickly, Boehlert, Miller and others said. Final spending levels lie in the control of House and Senate appropriators, but H.R. 3394's provisions should get significant support, Boehlert said, especially in light of the administration's current focus on homeland security. Committee staff members said reports dealing with future budgets include language favorable to funding the programs.
As soon as the effort gets rolling, it should have a "waterfall effect" of producing well-trained people for corporate cybersecurity programs, Miller said. The bill's solidification of the computer security discipline also could attract bright students looking for a challenging career, Baird said.