House Cybersecurity Bill Passes

There is little doubt that President Obama and the 111th congress are prioritizing cybersecurity intiatives. The President outlined his pla last May and appointed Howard Schmidt as his Cybersecurity Coordinator late last year. As for the 111 congress, it passed the Federal Data Breach Bill (H.R. 2221) earlier this year and just last week the House passed the Cybersecurity Enhancement Act (H.R. 4061) by an overwhelming vote of 422 to 5. Just what is the Cybersecurity Enhancement Act? The bill is really focused on cybersecurity research, development, and training. Agencies participating in the National High-Performance Computing Program must provide the congress with a cybersecurity research plan, update an R&D implementation plan annually, and create new plans every three years. Additionally, the bill funds NSF cybersecurity scholarships in exchange for post graduation government service. The bill also seeks to build cybersecurity collaboration between academic, government, and International institutions and pushes the development of technology standards for cybersecurity.On balance, this is a good bill that certainly heads in the right direction. That said, I have a few suggestions for fine-tuning this bill as it moves along:1. Start earlier. In South Korea, 2nd graders receive training on how to be a good Internet citizen. A cybersecurity bill (either this one or a follow-on) should fund K-12 cybersecurity programs as well. Young children on the network are at least as vulnerable as adults.2. Push for continuing education. It is ironic that with the unemployment rate as high as it is, many security positions remain unfilled. Unemployed or underemployed adults with mortgages and children would enthusiastically participate in cybersecurity training if it were available. Note to the President: This should be a funding priority as it is all about 21st century job creation.3. Broaden cybersecurity training. Yes, we need firewall administrators and security researchers but we also need security professionals who also have strong business, legal, and social sciences skills. This thesis was well articulated to Congress in June of 2009 by Cornell Professor Fred B. Schneider. We need to create a holistic security program like Dr. Schneider suggests and produce a new type of security professional who understand security technologies and its implication on business, law, and society.One other note about the legislation: The stipulation that calls for a new R&D plan every 3 years is mis-guided. Security threats change on a weekly basis so three years is far too long a timeframe. With all of my suggestions aside, I applaud the 111th congress for truly collaborating on this important legislation. I strongly urge the Senate and President to fast track this bill.