Are we truly ready for Cybersecurity ?

Official Summary

11/7/2009--Introduced.Cybersecurity Enhancement Act of 2009 - Directs specified federal agencies participating in the National High-Performance Computing Program to:

(1) transmit to Congress a cybersecurity strategic research and development plan and triennial updates; and

(2) develop and annually update an implementation roadmap for such plan. Provides for the award of computer and network security research grants by the National Science Foundation (NSF) in the research areas of social and behavioral factors, including human-computer interactions, and identity management. Instructs that applications for the establishment of Computer and Network Security Research Centers include how such Centers will partner with government laboratories, for-profit entities, other institutions of higher education, or nonprofit research institutions. Requires the NSF Director to carry out a program of awarding fellowships to encourage young scientists and engineers to conduct postdoctoral research in the fields of cybersecurity and information assurance, including the research areas under which computer and network security research grants are awarded. Requires the Office of Science and Technology Policy (OSTP) Director to convene a cybersecurity university-industry task force to explore mechanisms for carrying out collaborative R&D activities. Requires (currently, permits) the National Institute of Standards and Technology (NIST) Director to establish priorities for the development of checklists of settings and options that minimize security risks associated with computer systems that are, or are likely to become, widely used within the federal government. Requires:

1) development or identification and revision or adaptation as necessary, of checklists, configuration profiles, and deployment recommendations for products and protocols that minimize such risks; and

(2) development of automated security specifications respecting checklist content and associated security related data. Ensures that any products developed under the National Checklist Program for any information systems, including the Security Content Automation Protocol, be disseminated to federal agencies Requires conducting of intramural security research activities under NIST's computing standards program. Instructs the NIST Director to:

(1) ensure coordination of U.S. government representation in the international development of technical standards related to cybersecurity;

(2) implement a cybersecurity awareness and education program through the Manufacturing Extension Partnership program; and

(3) establish a program to support development of technical standards, metrology, testbeds, and conformance criteria with regard to identity management research and development.