The Cybersecurity Enhancement Act of 2009 (S.773) is United States legislation intended to improve cybersecurity within the federal government and throughout the public and private sectors. To this end, the act establishes research and development (R&D) requirements for federal agencies and promotes public-private partnerships (PPPs).
The Act requires that federal agencies conduct cybersecurity risk assessments and develop and implement R&D plans to address identified risks. Such a plan must detail objectives to be addressed in the short, medium and long terms, as well as the funding required to meet each one. The plan must also explain how the agencies’ near-term objectives complement R&D in the private sector.
The Act mandates a presidential report on the federal government’s cybersecurity workforce needs. The report will identify workforce skills needed by the government to support cybersecurity. To help build a workforce with the requisite skills, the National Science Foundation has been charged with creating fellowships and providing grants for cybersecurity-related research.
According to the Act’s stipulations, the National Institute for Science and Technology (NIST) will develop a public awareness and education plan. NIST will also establish a plan to coordinate the U.S. government’s role in international cybersecurity technical standards development.