Cybersecurity Act of 2009 at the Open Congress

A bill to ensure the continued free flow of commerce within the United States and with its global trading partners through secure cyber communications, to provide for the continued development and exploitation of the Internet and intranet communications for such purposes, to provide for the development of a cadre of information technology specialists to improve and maintain effective cybersecurity defenses against disruption, and for other purposes

Official Summary:
Introduced.Cybersecurity Act of 2009 – Directs the President to establish or designate a Cybersecurity Advisory Panel to advise the President. Defines “cyber” as:
(1) any process, program, or protocol relating to the use of the Internet or an intranet, automatic data processing or transmission, or telecommunication via the Internet or an intranet; and
(2) any matter relating to, or involving the use of, computers or computer networks.Directs the Secretary of Commerce to:
(1) develop and implement a system to provide cybersecurity status and vulnerability information regarding all federal information systems and networks managed by the Department of Commerce; and
(2) provide financial assistance for the creation and support of Regional Cybersecurity Centers for small and medium sized U.S. businesses. Requires the National Institute of Standards and Technology (NIST) to establish cybersecurity standards for all federal government, government contractor, or grantee critical infrastructure information systems and networks. Makes NIST responsible for U.S. representation in all international cybersecurity standards development. Directs the Secretary to develop or coordinate a national licensing, certification, and recertification program for cybersecurity professionals and makes it unlawful to provide certain cybersecurity services without being licensed and certified. Requires Advisory Panel approval for renewal or modification of a contract related to the operation of the Internet Assigned Numbers Authority. Requires development of a strategy to implement a secure domain name addressing system. Requires the National Science Foundation (NSF) to support specified types of research and to establish a program of grants to higher education institutions to establish cybersecurity testbeds. Amends the Cybersecurity Research and Development Act to expand the purposes of an existing program of computer and network security research grants. Requires the NSF to establish a Federal Cyber Scholarship-for-Service program. Requires NIST to establish cybersecurity competitions and challenges to recruit talented individuals for the federal information technology workforce and stimulate innovation. Requires the Department of Commerce to serve as the clearinghouse of cybersecurity threat and vulnerability information. Grants the Secretary access to all relevant data concerning such networks notwithstanding any law or policy restricting access. Directs the President to:
(1) develop and implement a comprehensive national cybersecurity strategy;
(2) on a quadrennial basis, complete a review of the cyber posture of the United States; and
(3) work with representatives of foreign governments to develop norms, organizations, and other cooperative activities for international engagement to improve cybersecurity. Requires the Director of National Intelligence and the Secretary of Commerce to submit to Congress an annual report on cybersecurity threats to and vulnerabilities of critical national information, communication, and data network infrastructure. Establishes a Secure Products and Services Acquisitions Board to review and approve high value products and services acquisition and establish validation standards for software to be acquired by the federal government.