Bills aim at raising infosec expertise

Sen. Edwards' bills

Sen. John Edwards (D-N.C.) introduced two bills Jan. 28 aimed at raising the level of information security expertise within government and the private sector.

One piece of legislation, the Cyberterrorism Preparedness Act, would create a nonprofit group of academic and industry experts to develop a set of best practices for protecting computers and networks against cyberattacks.

This follows recommendations from the White House's Office of Science and Technology Policy and other experts, according to Edwards' office. Edwards is a member of the Senate Commerce, Science and Transportation Committee.

The bill initially would require a report on which best practices federal agencies should implement, first through pilots and then governmentwide. It then mandates a study on how to get the private sector to adopt the best practices, including an examination of whether federal contractors and grant recipients should be required to follow the best practices.

Edwards' other bill, the Cybersecurity Research and Education Act, focuses on increasing the number of security researchers and teachers available to build the overall level of security expertise in the United States.

The bill would fund information assurance fellowships for doctoral students, with further incentives for those students to teach after receiving their degrees. Currently, less than half of 1 percent of computer science doctoral candidates specialize in information security, and very few of them go into teaching.

The bill also creates a distinguished faculty sabbatical program that would bring top security professors to research-oriented universities and colleges to work on innovative projects. It also would establish an Internet-based security university and information clearinghouse to enable researchers to share information and expertise.

The senator's office did not specify any funding levels for the initiatives included in the bill.

Last month, the House Science Committee passed similar legislation, the Cyber Security Research and Development Act, which would provide almost $1.2 billion over the next five years for research, grants and education through the National Science Foundation and the National Institute of Standards and Technology.

The National Science Foundation already is working with colleges and universities to offer security scholarships and build security education programs through the Scholarship for Service initiative created by the Clinton administration.