Cybersecurity efforts funded

The fight against computer hackers won a battle Tuesday when US Congress approved a cybersecurity bill that funds research and workforce training.

The president is expected to sign the measure, which triples federal funding for cybersecurity research. It authorizes more than US$900 million over the next five years for programs at the National Science Foundation (NSF) and the National Institute of Standards and Technology (NIST).

Because of an "erratic funding program" only about seven students graduate with cybersecurity doctorates each year, says Bill Wulf, president of the National Academy of Engineering. "This bill takes care of that," he adds, noting that the prospect of stable long-term funding will attract more academics to the field.

Topic Draws Interest

The House overwhelmingly supported such a cybersecurity bill last February, and the Senate passed its own version just before the preelection recess. On Tuesday the House approved the Senate bill.

The most significant changes made the bill compatible with pending legislation involving homeland security. It also outlines a plan to increase the faculty who are prepared to teach college-level cybersecurity courses. NIST will get funding to develop security checklists for federal agencies.

The September 11 terrorist attacks moved the issue up on the agenda, says Representative Sherwood Boehlert (R-New York), chairman of the House Science Committee. Another incentive for action came in October when an overseas hacker launched a denial-of-service attack against 13 of the Internet's core servers.

Also, the Bush Administration is still accepting comment on its proposed National Strategy to Secure Cyberspace. The draft document consists largely of suggestions, however, and does not impose actions by force of law on individuals, corporations, academic institutions, or even government agencies.

New Weapons

"Security has to mean more than locking doors and installing metal detectors," says Representative Brian Baird (D-Washington). "This bill puts the best and brightest to work developing ways of making our computer networks impenetrable."

About 85 percent of corporations and government agencies detected computer security breaches in 2001 that cost them US$13.2 billion, says Representative Lamar Smith (R-Texas).

Technology companies are developing ways to fight cyberterrorism, but often for short-term battles, says Harris Miller, president of the Information Technology Association of America. The focus of the government should be on long-term progress.

"We must have training for a new generation of cyberwarriors whose most important weapon is not a gun, but a laptop," says Smith.

Although the bill authorizes funding, the sponsors must still work with the appropriations committees to disperse the money. Boehlert expects some funding could come from the Bush administration's office of cybersecurity, which is working on its own strategy.

If so, academics and industry leaders will compete for grants to conduct cybersecurity research. "College campuses know about this bill and they're gearing up," Boehlert says.