ANSI - American National Standards Institute
 Print this article  Previous Next 

Congress Approves $903 Million in Grants to Improve Cyber Security

Standards Community Already Working on Related Projects

New York, Nov 14, 2002

On Tuesday, Congress put the final touches on the "Cyber Security Research and Development Act" (H.R. 3394), legislation aimed at improving the nation's cyber security. According to Rep. Sherwood Boehlert, R-NY, chairman of the House Science Committee and sponsor of the legislation, the Act will greatly expand federal funding for cyber security research and education. Following a voice vote in the House, the measure was authorized to go to the White House for the president's signature. It had already been approved by the Senate.

If approved by the president, the legislation will allocate more than $903 million in grants over five years to federal agencies, industry and universities to ensure that the U.S. is better prepared to prevent and combat terrorist attacks on private and government computers. The National Science Foundation (NSF) will be tasked with establishing new cyber security research centers, undergraduate program grants, community college grants and fellowships. The National Institute of Standards and Technology (NIST), an ANSI member, will be called upon to establish new programs for partnerships between academia and industry.

As an example, the InterNational Committee for Information Technology Standards (INCITS), an ANSI-accredited standards developer, recently partnered with the Communications Security Establishment of the Government of Canada to jointly produce a new work item proposal for producing an international standard specifying security requirements for cryptographic modules at one of four different levels of security. INCITS Technical Committee T4 and the Communications Security Establishment of the Government of Canada will each supply a co-editor for this international project.

According to an October 30 INCITS press release, the proposed initial Working Draft for the standard is a rewritten version of a National Institute of Standards and Technology (NIST) document called "Security Requirements for Cryptographic Modules."

"In IT, there is an ever-increasing need to use cryptographic mechanisms for the protection of data against unauthorized disclosure or modification, for entity authentication, and for non-repudiation functions," said Dr. Rowena Chester Research Professor at the University of Tennessee and Chair of T4. "The security and reliability of such mechanisms are directly dependent on the cryptographic modules in which they are implemented."

NIST officials have also reported that the agency is stepping forward with new draft guidelines to help protect federal agencies, the private sector and the military against cyberattacks.1 The NIST report, Guidelines for the Security Certification and Accreditation of Federal Information Technology Systems, details a systematic way to assess the security level of entire computer systems, including extensive computer networks.2 The guidelines create consistent, comparable evaluations of computer systems by detailing a standard process for agencies to use and include a hierarchy to organize security controls for confidentiality, data integrity and availability.

In the spring of 2003, NIST plans to hold an exploratory workshop to study the needs of federal agencies for and the feasibility of developing a voluntary testing regime to assess the technical competence of third parties in conducting the detailed computer security reviews covered in the report.

Related articles:

Standards to Play Key Role in Protecting U.S. Says Homeland Security Official

ANSI Focus on Services Standards