§278h — Title 15 Commerce and Trade | U.S. Code

Summary

Sets up a program that gives grants to colleges and universities that team up with for‑profit companies (and can include government labs and nonprofits) to do long-term, multi‑discipline research to make computer systems more secure. The program must focus on research needs the Advisory Board identifies and must help train more computer security researchers by supporting graduate students, post‑docs, and senior researchers. The Director can fund post‑doctoral and senior research fellowships for U.S. citizens, nationals, or lawful permanent residents. Grant money goes to the schools, not directly to the for‑profit partners. School applications must say how many grad students, post‑docs, and researchers changing fields will take part and how much support each will get, and explain how partners will help with the research and training. People chosen to run the program must have computer security research experience and know current system weaknesses. They can be Institute staff or temporary assignees, though assignees cannot directly manage Institute employees. Managers set research goals, ask for project proposals, pick projects based on factors like novelty, team ability, impact on growing the field, and industry involvement, and they monitor progress. The Director must review the award portfolio regularly, get advice from the Advisory Board, and hire the National Research Council to do a full program review in the 5th year. A report on that review must go to Congress no later than 6 years after the program starts, and the Director must report yearly to the Senate Commerce Committee and the House Science Committee about the use of temporary assignees. The terms "computer system" and "institution of higher education" are defined elsewhere.

Title 15, §278h

Commerce and Trade — Source: USLM XML via OLRC

(a)The Director shall establish a program of assistance to institutions of higher education that enter into partnerships with for-profit entities to support research to improve the security of computer systems. The partnerships may also include government laboratories and nonprofit research institutions. The program shall—

(1)include multidisciplinary, long-term research;

(2)include research directed toward addressing needs identified through the activities of the Computer System Security 11 So in original. Probably should be “Information Security”. and Privacy Advisory Board under section 278g–3(f) 22 See References in Text note below. of this title; and

(3)promote the development of a robust research community working at the leading edge of knowledge in subject areas relevant to the security of computer systems by providing support for graduate students, post-doctoral researchers, and senior researchers.

(b)(1)The Director is authorized to establish a program to award post-doctoral research fellowships to individuals who are citizens, nationals, or lawfully admitted permanent resident aliens of the United States and are seeking research positions at institutions, including the Institute, engaged in research activities related to the security of computer systems, including the research areas described in section 7403(a)(1) of this title.

(2)The Director is authorized to establish a program to award senior research fellowships to individuals seeking research positions at institutions, including the Institute, engaged in research activities related to the security of computer systems, including the research areas described in section 7403(a)(1) of this title. Senior research fellowships shall be made available for established researchers at institutions of higher education who seek to change research fields and pursue studies related to the security of computer systems.

(3)(A)To be eligible for an award under this subsection, an individual shall submit an application to the Director at such time, in such manner, and containing such information as the Director may require.

(B)Under this subsection, the Director is authorized to provide stipends for post-doctoral research fellowships at the level of the Institute’s Post Doctoral Research Fellowship Program and senior research fellowships at levels consistent with support for a faculty member in a sabbatical position.

(c)(1)The Director is authorized to award grants or cooperative agreements to institutions of higher education to carry out the program established under subsection (a). No funds made available under this section shall be made available directly to any for-profit partners.

(2)To be eligible for an award under this section, an institution of higher education shall submit an application to the Director at such time, in such manner, and containing such information as the Director may require. The application shall include, at a minimum, a description of—

(A)the number of graduate students anticipated to participate in the research project and the level of support to be provided to each;

(B)the number of post-doctoral research positions included under the research project and the level of support to be provided to each;

(C)the number of individuals, if any, intending to change research fields and pursue studies related to the security of computer systems to be included under the research project and the level of support to be provided to each; and

(D)how the for-profit entities, nonprofit research institutions, and any other partners will participate in developing and carrying out the research and education agenda of the partnership.

(d)(1)The program established under subsection (a) shall be managed by individuals who shall have both expertise in research related to the security of computer systems and knowledge of the vulnerabilities of existing computer systems. The Director shall designate such individuals as program managers.

(2)Program managers designated under paragraph (1) may be new or existing employees of the Institute or individuals on assignment at the Institute under the Intergovernmental Personnel Act of 1970 [42 U.S.C. 4701 et seq.], except that individuals on assignment at the Institute under the Intergovernmental Personnel Act of 1970 shall not directly manage such employees.

(3)Program managers designated under paragraph (1) shall be responsible for—

(A)establishing and publicizing the broad research goals for the program;

(B)soliciting applications for specific research projects to address the goals developed under subparagraph (A);

(C)selecting research projects for support under the program from among applications submitted to the Institute, following consideration of—

(i)the novelty and scientific and technical merit of the proposed projects;

(ii)the demonstrated capabilities of the individual or individuals submitting the applications to successfully carry out the proposed research;

(iii)the impact the proposed projects will have on increasing the number of computer security researchers;

(iv)the nature of the participation by for-profit entities and the extent to which the proposed projects address the concerns of industry; and

(v)other criteria determined by the Director, based on information specified for inclusion in applications under subsection (c); and

(D)monitoring the progress of research projects supported under the program.

(4)The Director shall report to the Senate Committee on Commerce, Science, and Transportation and the House of Representatives Committee on Science annually on the use and responsibility of individuals on assignment at the Institute under the Intergovernmental Personnel Act of 1970 [42 U.S.C. 4701 et seq.] who are performing duties under subsection (d).

(e)(1)The Director shall periodically review the portfolio of research awards monitored by each program manager designated in accordance with subsection (d). In conducting those reviews, the Director shall seek the advice of the Computer System Security 1 and Privacy Advisory Board, established under section 278g–4 of this title, on the appropriateness of the research goals and on the quality and utility of research projects managed by program managers in accordance with subsection (d).

(2)The Director shall also contract with the National Research Council for a comprehensive review of the program established under subsection (a) during the 5th year of the program. Such review shall include an assessment of the scientific quality of the research conducted, the relevance of the research results obtained to the goals of the program established under subsection (d)(3)(A), and the progress of the program in promoting the development of a substantial academic research community working at the leading edge of knowledge in the field. The Director shall submit to Congress a report on the results of the review under this paragraph no later than 6 years after the initiation of the program.

(f)In this section:

(1)The term “computer system” has the meaning given that term in section 278g–3(d)(1) 2 of this title.

(2)The term “institution of higher education” has the meaning given that term in section 1001(a) of title 20.

Notes & Related Subsidiaries

Editorial Notes

References in Text

section 278g–3 of this title, referred to in subsecs. (a)(2) and (f)(1), was amended generally by Pub. L. 107–296, title X, § 1003, Nov. 25, 2002, 116 Stat. 2269, and, as so amended, did not contain a subsec. (d) defining “computer system” or a subsec. (f). A later amendment by Pub. L. 113–274, title II, § 204(1), Dec. 18, 2014, 128 Stat. 2980, redesignated subsec. (e) of section 278g–3 of this title, relating to definitions, as subsec. (f). The Intergovernmental Personnel Act of 1970, referred to in subsec. (d)(2), (4), is Pub. L. 91–648, Jan. 5, 1971, 84 Stat. 1909, which enacted sections 3371 to 3376 of Title 5, Government Organization and Employees, and chapter 62 (§ 4701 et seq.) of Title 42, The Public Health and Welfare, amended section 1304 of Title 5 and section 246 of Title 42, repealed sections 1881 to 1888 of Title 7, Agriculture, and section 869b of Title 20, Education, and enacted provisions set out as notes under section 3371 of Title 5. For complete classification of this Act to the Code, see

Short Title

note set out under section 4701 of Title 42 and Tables.

Prior Provisions

A prior section 22 of act Mar. 3, 1901, ch. 872, was renumbered section 32 and is classified to section 278q of this title.

Statutory Notes and Related Subsidiaries

Change of Name

Committee on Science of House of Representatives changed to Committee on Science and Technology of House of Representatives by House Resolution No. 6, One Hundred Tenth Congress, Jan. 5, 2007. Committee on Science and Technology of House of Representatives changed to Committee on Science, Space, and Technology of House of Representatives by House Resolution No. 5, One Hundred Twelfth Congress, Jan. 5, 2011.

§278h Research program on security of computer systems