The House Homeland Security Committee passed a bill to appropriate more than $150 million for cybersecurity research and development. The bill, H.R. 4842, states that $75 million will be given out over the next two years to fund R&D projects “aimed at improving the nation’s ability to prevent, protect, detect, respond to and recover from cyber attacks, focusing on large-scale, high-impact attacks.”
The bill requires the Department of Homeland Security’s Science and Technology Directorate to develop a plan regarding management processes and research activities for its key stakeholders: the Transportation Security Agency, Customs and Border Protection, Coast Guard and other DHS agencies as well as the nation’s first responders.
Among the cybersecurity R&D work, the bill would fund:
- More secure versions of fundamental internet protocols and architectures, including domain name systems and routing protocols
- Technologies to detect attacks or intrusions
- Mitigation and recovery methodologies, including techniques to contain attacks and develop resilient networks and systems that degrade gracefully
- Infrastructure and tools to support cybersecurity R&D efforts, including modeling, testbeds and data sets for assessment of new cybersecurity technologies
- Technologies to reduce vulnerabilities in process control systems
- Test, evaluate and facilitate the transfer of technologies associated with the engineering of less vulnerable software and securing the software development lifecycle
The bill also sets aside $500,000 to study things such as required reporting, regulation, certification, accounting practices and cybersecurity risk insurance.
“A third research project in the bill would have DHS working with national security and intelligence agencies to determine if the government-owned communications and information systems essential to the nation’s electronic grid have been compromised.”
The research would also explore the extent of any cybersecurity breach, the identity of the hacker(s), the ways in which said hacker infiltrated the inflicted system and the ramifications of such a breach.
In related news, Lt. Gen. Keith Alexander was nominated to head the Defense Department’s Cyber Command that was established last June to assume responsibility for the defense of the military’s portion of cyberspace. Alexander also heads the National Security Agency, which collects and analyzes foreign communications and foreign signals intelligence. Yesterday, Alexander was questioned by Senate Armed Services Committee about the possibility of cyber war. He expressed his doubts about a cyber war ever occurring, claiming that it would more likely be part of a larger military campaign.
“If confirmed, my main focus will be on building the capacity, the capability and the critical partnerships required to secure our military’s operational networks,” he says. “This command is not about efforts to militarize cyberspace. Rather it’s about safeguarding the integrity of our military’s critical information systems. Working with U.S. Strategic Command, department leadership and with help from this committee, my goal, if confirmed, would be to significantly improve the way we defend ourselves in this domain.”
The committee did not say when it would vote on Alexander’s nomination, but the article claims members supported him.
- New Preliminary Cybersecurity Framework Champions Risk Management
- Counterintelligence Now Riskier Than Terrorism, Intelligence Officials Report
- Citigroup Data Breach Worse Than Initially Reported; CIA Website Also Hacked
- Strength in Numbers: Internet Risk Detection and Brand Protection
- New Studies Highlight Sources, Patterns of Data Breach—And How to Do Better