“Twenty-two years ago, this Committee paved the way for federal cybersecurity efforts with the Computer Security Act of 1987, which charged NIST with developing technical standards to protect non-classified information on federal computer systems and was the first of 13 major laws related to cybersecurity,” stated Subcommittee Chairman David Wu (D-OR).
The Cybersecurity Coordination and Awareness Act requires the National Institute of Standards and Technology (NIST) to: develop and implement a plan to ensure coordination within the U.S. government with regard to the development of international cybersecurity technical standards; develop and implement a cybersecurity awareness and education program; and engage in research and development (R&D) to improve identity management systems. Lastly, this Committee print amends the Cybersecurity R&D Act of 2002 (PL 107-305) to update technical terms to reflect the extant technologies and networked systems.
“The Cyberspace Policy Review recommended coordination of U.S. government representation in international cybersecurity technical standards development. The convergence of telecommunication, internet, and video devices requires a corresponding convergence in cybersecurity technical standards development. A coordinated policy will ensure that these representatives operate with the overarching need of the U.S. infrastructure in mind,” added Wu. “Two weeks ago, witnesses testified in front of this Subcommittee that NIST is suited for the role of coordinator due to its extensive technical expertise, established relationships with international bodies, and existence as a non-regulatory body, so today’s print tasks NIST with developing and implementing a cybersecurity coordination plan.”
“The manager’s amendment, which we worked with the Minority to develop, notably makes explicit the inclusion of health information technology systems as part of NIST’s work on identity management research and standards development,” said Wu. “As we work to increase adoption of health IT in our medical system, it is important to recognize that the increased digitization and sharing of records must be accompanied by adequate privacy safeguards. Ensuring that we advance technologies and methods used to protect privacy should be central to NIST’s work in health IT.”
For more information, including on the Committee’s work on cybersecurity, please see the Committee’s website.