15 U.S.C. § 278h : US Code - Section 278H: Research program on security of computer systems

Search 15 U.S.C. § 278h : US Code - Section 278H: Research program on security of computer systems

(a) Establishment
The Director shall establish a program of assistance to
institutions of higher education that enter into partnerships with
for-profit entities to support research to improve the security of
computer systems. The partnerships may also include government
laboratories and nonprofit research institutions. The program shall
-
(1) include multidisciplinary, long-term research;
(2) include research directed toward addressing needs
identified through the activities of the Computer System Security
(!1) and Privacy Advisory Board under section 278g-3(f) (!2) of
this title; and
(3) promote the development of a robust research community
working at the leading edge of knowledge in subject areas
relevant to the security of computer systems by providing support
for graduate students, post-doctoral researchers, and senior
researchers.
(b) Fellowships
(1) Post-doctoral research fellowships
The Director is authorized to establish a program to award post-
doctoral research fellowships to individuals who are citizens,
nationals, or lawfully admitted permanent resident aliens of the
United States and are seeking research positions at institutions,
including the Institute, engaged in research activities related
to the security of computer systems, including the research areas
described in section 7403(a)(1) of this title.
(2) Senior research fellowships
The Director is authorized to establish a program to award
senior research fellowships to individuals seeking research
positions at institutions, including the Institute, engaged in
research activities related to the security of computer systems,
including the research areas described in section 7403(a)(1) of
this title. Senior research fellowships shall be made available
for established researchers at institutions of higher education
who seek to change research fields and pursue studies related to
the security of computer systems.
(3) Eligibility
(A) In general
To be eligible for an award under this subsection, an
individual shall submit an application to the Director at such
time, in such manner, and containing such information as the
Director may require.
(B) Stipends
Under this subsection, the Director is authorized to provide
stipends for post-doctoral research fellowships at the level of
the Institute's Post Doctoral Research Fellowship Program and
senior research fellowships at levels consistent with support
for a faculty member in a sabbatical position.
(c) Awards; applications
(1) In general
The Director is authorized to award grants or cooperative
agreements to institutions of higher education to carry out the
program established under subsection (a) of this section. No
funds made available under this section shall be made available
directly to any for-profit partners.
(2) Eligibility
To be eligible for an award under this section, an institution
of higher education shall submit an application to the Director
at such time, in such manner, and containing such information as
the Director may require. The application shall include, at a
minimum, a description of -
(A) the number of graduate students anticipated to
participate in the research project and the level of support to
be provided to each;
(B) the number of post-doctoral research positions included
under the research project and the level of support to be
provided to each;
(C) the number of individuals, if any, intending to change
research fields and pursue studies related to the security of
computer systems to be included under the research project and
the level of support to be provided to each; and
(D) how the for-profit entities, nonprofit research
institutions, and any other partners will participate in
developing and carrying out the research and education agenda
of the partnership.
(d) Program operation
(1) Management
The program established under subsection (a) of this section
shall be managed by individuals who shall have both expertise in
research related to the security of computer systems and
knowledge of the vulnerabilities of existing computer systems.
The Director shall designate such individuals as program
managers.
(2) Managers may be employees
Program managers designated under paragraph (1) may be new or
existing employees of the Institute or individuals on assignment
at the Institute under the Intergovernmental Personnel Act of
1970 [42 U.S.C. 4701 et seq.], except that individuals on
assignment at the Institute under the Intergovernmental Personnel
Act of 1970 shall not directly manage such employees.
(3) Manager responsibility
Program managers designated under paragraph (1) shall be
responsible for -
(A) establishing and publicizing the broad research goals for
the program;
(B) soliciting applications for specific research projects to
address the goals developed under subparagraph (A);
(C) selecting research projects for support under the program
from among applications submitted to the Institute, following
consideration of -
(i) the novelty and scientific and technical merit of the
proposed projects;
(ii) the demonstrated capabilities of the individual or
individuals submitting the applications to successfully carry
out the proposed research;
(iii) the impact the proposed projects will have on
increasing the number of computer security researchers;
(iv) the nature of the participation by for-profit entities
and the extent to which the proposed projects address the
concerns of industry; and
(v) other criteria determined by the Director, based on
information specified for inclusion in applications under
subsection (c) of this section; and
(D) monitoring the progress of research projects supported
under the program.
(4) Reports
The Director shall report to the Senate Committee on Commerce,
Science, and Transportation and the House of Representatives
Committee on Science annually on the use and responsibility of
individuals on assignment at the Institute under the
Intergovernmental Personnel Act of 1970 [42 U.S.C. 4701 et seq.]
who are performing duties under subsection (d) of this section.
(e) Review of program
(1) Periodic review
The Director shall periodically review the portfolio of
research awards monitored by each program manager designated in
accordance with subsection (d) of this section. In conducting
those reviews, the Director shall seek the advice of the Computer
System Security (!1) and Privacy Advisory Board, established
under section 278g-4 of this title, on the appropriateness of the
research goals and on the quality and utility of research
projects managed by program managers in accordance with
subsection (d) of this section.
(2) Comprehensive 5-year review
The Director shall also contract with the National Research
Council for a comprehensive review of the program established
under subsection (a) of this section during the 5th year of the
program. Such review shall include an assessment of the
scientific quality of the research conducted, the relevance of
the research results obtained to the goals of the program
established under subsection (d)(3)(A) of this section, and the
progress of the program in promoting the development of a
substantial academic research community working at the leading
edge of knowledge in the field. The Director shall submit to
Congress a report on the results of the review under this
paragraph no later than 6 years after the initiation of the
program.
(f) Definitions
In this section:
(1) Computer system
The term "computer system" has the meaning given that term in
section 278g-3(d)(1) (!2) of this title.
(2) Institution of higher education
The term "institution of higher education" has the meaning
given that term in section 1001(a) of title 20.