S.1353 - Cybersecurity Act of 2013113th Congress (2013-2014)
Summary: S.1353 — 113th Congress (2013-2014)
Introduced in Senate (07/24/2013)
Cybersecurity Act of 2013 - Amends the National Institute of Standards and Technology Act to permit the Secretary of Commerce, acting through the Director of the National Institute of Standards and Technology (NIST), to facilitate and support the development of a voluntary, industry-led set of standards and procedures to reduce cyber risks to critical infrastructure.
Requires the Director, in carrying out such activities, to: (1) coordinate continuously with, and incorporate the industry expertise of, relevant private sector personnel and entities, critical infrastructure owners and operators, sector coordinating councils, Information Sharing and Analysis Centers, and other relevant industry organizations; (2) consult with the heads of agencies with national security responsibilities, sector-specific agencies, state and local governments, governments of other nations, and international organizations; (3) identify a prioritized, flexible, repeatable, performance-based, and cost-effective approach, including information security measures and controls, that may be voluntarily adopted by owners and operators of critical infrastructure to help identify, assess, and manage cyber risks; and (4) include methodologies to mitigate impacts on business confidentiality, protect individual privacy and civil liberties, incorporate voluntary consensus standards and industry best practices, align with international standards, and prevent duplication of regulatory processes.
Prohibits the Director from prescribing a specific solution or requiring that products or services be designed or manufactured in a particular manner.
Prohibits information provided to NIST for purposes of developing cyber risk standards from being used by federal, state, tribal, or local agencies to regulate the activity of any entity.
Directs the Office of Science and Technology Policy (OSTP) to develop, and update triennially, a federal cybersecurity research and development plan to meet cybersecurity objectives, including how to guarantee individual privacy, verify third-party software and hardware, address insider threats, determine the origin of messages transmitted over the Internet, and protect information stored using cloud computing or transmitted through wireless services.
Directs the National Science Foundation (NSF) to support cybersecurity research and to review cybersecurity test beds. Permits NSF, if it determines that additional test beds are necessary, to award grants to institutions of higher education or research and development nonprofit institutions to establish such additional test beds.
Requires OSTP to coordinate with other ongoing federal research initiatives.
Amends the Cyber Security Research and Development Act to permit NSF research and development grants for: (1) secure fundamental protocols that are integral to inter-network communications and data exchange; (2) secure software engineering and software assurance; (3) holistic system security to address trusted and untrusted components, reduce vulnerabilities proactively, address insider threats, and support privacy; (4) monitoring, detection, mitigation, and rapid recovery methods; and (5) secure wireless networks, mobile devices, and cloud infrastructure.
Directs specified agencies under the High-Performance Computing Act of 1991 to support research leading to a scientific foundation for the field of cybersecurity.
Expands the criteria to be considered by NSF when evaluating grant applications of institutions seeking to establish Centers for Computer and Network Security Research to include the applicant's affiliations with private sector entities and existing federal research programs, experience managing public-private partnerships, and capabilities to conduct interdisciplinary cybersecurity research in a secure environment.
Directs the Department of Commerce, NSF, and the Department of Homeland Security (DHS) to support competitions and challenges to recruit individuals to perform information infrastructure security duties or to stimulate cybersecurity innovations.
Directs NSF to continue the Federal Cyber Scholarship-for-Service program under which recipients agree to work in the cybersecurity mission of a federal, state, local, or tribal agency for a period equal to the length of their scholarship.
Requires NSF and DHS to enter arrangements with the National Academy of Sciences to conduct a comprehensive study of government, academic, and private-sector education, accreditation, training, and certification programs for the development of professionals in information infrastructure and cybersecurity.
Directs NIST to continue coordinating a national cybersecurity awareness and preparedness campaign to increase public awareness and understanding of cybersecurity risks, support education programs, and evaluate workforce needs. Requires NIST to develop a strategic plan to guide federal activities in support of such campaign.