§ 278h. Research program on security of computer systems
(a)
Establishment
The Director shall establish a program of assistance to institutions of higher education that enter into partnerships with for-profit entities to support research to improve the security of computer systems. The partnerships may also include government laboratories and nonprofit research institutions. The program shall—
(b)
Fellowships
(1)
Post-doctoral research fellowships
The Director is authorized to establish a program to award post-doctoral research fellowships to individuals who are citizens, nationals, or lawfully admitted permanent resident aliens of the United States and are seeking research positions at institutions, including the Institute, engaged in research activities related to the security of computer systems, including the research areas described in section
7403
(a)(1) of this title.
(2)
Senior research fellowships
The Director is authorized to establish a program to award senior research fellowships to individuals seeking research positions at institutions, including the Institute, engaged in research activities related to the security of computer systems, including the research areas described in section
7403
(a)(1) of this title. Senior research fellowships shall be made available for established researchers at institutions of higher education who seek to change research fields and pursue studies related to the security of computer systems.
(3)
Eligibility
(A)
In general
To be eligible for an award under this subsection, an individual shall submit an application to the Director at such time, in such manner, and containing such information as the Director may require.
(B)
Stipends
Under this subsection, the Director is authorized to provide stipends for post-doctoral research fellowships at the level of the Institute’s Post Doctoral Research Fellowship Program and senior research fellowships at levels consistent with support for a faculty member in a sabbatical position.
(c)
Awards; applications
(1)
In general
The Director is authorized to award grants or cooperative agreements to institutions of higher education to carry out the program established under subsection (a) of this section. No funds made available under this section shall be made available directly to any for-profit partners.
(2)
Eligibility
To be eligible for an award under this section, an institution of higher education shall submit an application to the Director at such time, in such manner, and containing such information as the Director may require. The application shall include, at a minimum, a description of—
(A)
the number of graduate students anticipated to participate in the research project and the level of support to be provided to each;
(B)
the number of post-doctoral research positions included under the research project and the level of support to be provided to each;
(d)
Program operation
(1)
Management
The program established under subsection (a) of this section shall be managed by individuals who shall have both expertise in research related to the security of computer systems and knowledge of the vulnerabilities of existing computer systems. The Director shall designate such individuals as program managers.
(2)
Managers may be employees
Program managers designated under paragraph (1) may be new or existing employees of the Institute or individuals on assignment at the Institute under the Intergovernmental Personnel Act of 1970 [42 U.S.C. 4701 et seq.], except that individuals on assignment at the Institute under the Intergovernmental Personnel Act of 1970 shall not directly manage such employees.
(3)
Manager responsibility
Program managers designated under paragraph (1) shall be responsible for—
(B)
soliciting applications for specific research projects to address the goals developed under subparagraph (A);
(C)
selecting research projects for support under the program from among applications submitted to the Institute, following consideration of—
(ii)
the demonstrated capabilities of the individual or individuals submitting the applications to successfully carry out the proposed research;
(iii)
the impact the proposed projects will have on increasing the number of computer security researchers;
(4)
Reports
The Director shall report to the Senate Committee on Commerce, Science, and Transportation and the House of Representatives Committee on Science annually on the use and responsibility of individuals on assignment at the Institute under the Intergovernmental Personnel Act of 1970 [42 U.S.C. 4701 et seq.] who are performing duties under subsection (d) of this section.
(e)
Review of program
(1)
Periodic review
The Director shall periodically review the portfolio of research awards monitored by each program manager designated in accordance with subsection (d) of this section. In conducting those reviews, the Director shall seek the advice of the Computer System Security [1] and Privacy Advisory Board, established under section
278g–4 of this title, on the appropriateness of the research goals and on the quality and utility of research projects managed by program managers in accordance with subsection (d) of this section.
(2)
Comprehensive 5-year review
The Director shall also contract with the National Research Council for a comprehensive review of the program established under subsection (a) of this section during the 5th year of the program. Such review shall include an assessment of the scientific quality of the research conducted, the relevance of the research results obtained to the goals of the program established under subsection (d)(3)(A) of this section, and the progress of the program in promoting the development of a substantial academic research community working at the leading edge of knowledge in the field. The Director shall submit to Congress a report on the results of the review under this paragraph no later than 6 years after the initiation of the program.
[1] So in original. Probably should be “Information Security”.
[2] See References in Text note below.