House OKs cybersecurity bill

Warning that the nation's computer systems are "profoundly at risk" for cyberattacks, members of the House Science Committee applauded the Feb. 7 passage of legislation that would pump $878 million into computer security education and research.

The House approved the bill on a vote of 400 to 12. It has yet to go to the Senate.

The sponsors of the Cyber Security Research and Development Act conceded that it will take years for the spending they propose to produce trained security personnel or new security products.

The money would be split between the National Science Foundation and the National Institute of Standards and Technology. The two federal agencies would use the money to sponsor computer and network security research and to fund doctoral and post-doctoral students studying cybersecurity.

Rep. Sherwood Boehlert (R-N.Y.), who is chairman of the Science Committee, said the legislation could mark "a fundamental turning point in the nation's approach to cybersecurity." He compared it to legislation passed in the 1950s after the Soviet Union beat the United States in the space race by launching the first satellite, Sputnik.

The danger posed by a cyberattack on the United States is grave, he said. "A cyberattack could knock out electricity, drinking water and sewage systems, financial institutions, assembly lines and communications — just to name a few."

The danger is growing rapidly, warned Rep. Lamar Smith (R-Texas). The number of computer viruses, attacks by hackers and computer system break-ins doubled in the past year, he said.

"The demand for expertise in network security, disaster recovery and other cyberdefense skills has never been higher, but the supply of qualified [information technology] professionals falls short," Smith said.

The bill won't address the immediate shortage, however. It is aimed at producing "a new generation of cyber warriors," Smith said.

"Everyone wants instant results," Boehlert said, "but this committee has to look at the longer range."

Funding in the cybersecurity act also is intended to advance the science of security. "We have few, if any, standards as to what constitutes a secure network," said Rep. Connie Morella (R-Md.). "Nor do we have generally accepted procedures to evaluate our current systems to upgrade them with the most current security protocols."

It could be a task for NIST, which is in Morella's district, to create such standards.

The most immediate task, however, is to prod the Senate to also pass the bill, said Rep. Ralph Hall (D-Texas). "We need to get after the Senate and let them know that we need some action over there," he said.

The bill sped through the House. It was introduced Dec. 4, 2001, shortly before Congress took a month-long break, and passed less than two weeks after lawmakers reconvened.