On Tuesday, the House is scheduled to vote on a bill that would spend approximately $900 million over the next five years to recruit graduate students and faculty members in computer security and create research centers at colleges and universities.
The measure, which already has been approved by the Senate, also requires the National Institute of Standards and Technology (NIST) to create checklists for government agencies to help them with common computer security woes. Agencies are not required to abide by the checklist, but they must report whether it was followed.
"This bill is the largest step that the federal government will have taken," Heidi Tringe, a spokeswoman for the House Science committee, said Friday. "Until this point, as far as we can tell, about $60 million has been spent across federal agencies on cybersecurity."
The bill, called the Cyber Security Research and Development Act (CSRDA),into trouble in May when industry lobbyists objected to an earlier version of the bill that could have given NIST the ability to set security standards for the federal government. But the bill has been revised, and Tringe said she anticipated no serious opposition on Tuesday.
In February, the House endorsed one version of CSRDA by a vote of 400-12, with the Senate unanimously approving a second version Oct. 16. Because the two versions are different, the House must vote again, which is scheduled to take place Tuesday under a procedure requiring a two-thirds majority.
Politicians' interest in computer security comes during a newly security-conscious time. In September, the Bush administrationa draft cybersecurity report and is currently accepting comments while devising the final version.
Opponents say CSRDA's $900 million handout smacks of two traditional Washington tactics: pork barrel politics and corporate welfare. "Just as the threat of terrorism has been exploited as a way of securing passage of other pet law-enforcement projects, the cybersecurity threat can also be an occasion for shifting to the government the costs of what are or should be private sector responsibilities," said Wayne Crews, director of technology studies at the Cato Institute.
"Government funding ends up inviting a highly regulatory approach, despite claims to the contrary," Crews said. "Even if cybersecurity were a public good in collectivizing security approaches, government can worsen things by creating a false sense of security just because it's funding Ph.D.s in computer security."
CSRDA is co-sponsored by House Science Chairman Sherwood Boehlert, R-N.Y., and ranking Democrat Ralph Hall of Texas. It is supported by the Institute of Electrical and Electronics Engineers and the Association for Computing Machinery.
If approved by the House and signed by the president, CSRDA would, over a five-year period, give:
$275 million for post-doctoral research fellowships and senior research fellowships. This work must be "related to the security of computer systems."
$233 million for research grants in nine security-related areas. They include cryptography, privacy, wireless security, and "enhancement of law enforcement ability to detect, investigate and prosecute cybercrimes, including those that involve piracy of intellectual property."
$144 million to set up Computer and Network Security Research Centers that will be designed to increase "the number and quality of computer and network security researchers and other professionals."
$95 million to give grants to colleges and universities to "establish or improve undergraduate and master's degree programs in computer and network security."
$90 million to create traineeship programs for graduate students who pursue computer and network security research.
$32 million for research designed to improve the security of networks and pay for "multidisciplinary, long-term, high-risk research on ways to improve the security of computer systems."
$25 million for traineeship programs to encourage graduate students "to pursue academic careers in cybersecurity upon completion of doctoral degrees."