The Endless Frontier bill championed by Senate Majority Leader Chuck Schumer, D-N.Y., and set for Senate floor debate over the next several days has grown by leaps and bounds this week with the addition of semiconductor manufacturing and cybersecurity components and has even gotten a new name – the U.S. Innovation and Competition Act of 2021.
A read-through of the legislation shows the measure has become a melting pot for various cybersecurity measures proposed by senators this year – including cyber response assistance and Federal workforce reskilling and rotation items – potentially increasing its already ample support from both Republican and Democratic senators.
Amendments and debate on the bill are expected to continue for days, and the final product may look different from the language on record as of today.
Here are some of the Federal IT issue high points about the new and expanded bill:
NSF Research Funding
The U.S. Innovation and Competition Act, like its predecessor, would create a Directorate of Technology and Innovation at the National Science Foundation (NSF) to support research efforts in hot-button tech issues like AI and quantum science.
A summary of the updated bill says it would provide $120 billion over five years to NSF, the Department of Commerce, Department of Energy, and NASA, geared to building U.S. science and technology leadership through investments in research and development, manufacturing, and supply chains.
Within that total, NSF would get $52 billion over five years (FY2022 to FY2026) for “major activities” such as funding R&D at “collaborative institutes,” supporting academic technology transfer and intellectual property protection, establishing technology testbeds, and building relevant workforces.
The new figure of $52 billion appears to mark a sharp reduction from earlier language that had the bill sending $100 billion of new research funding to NSF.
The bill as currently written would also create a Chief Diversity Officer at NSF and increase STEM education funding activities at the agency.
Research Security
Responding to criticisms from lawmakers in an earlier Senate committee debate, the bill also would take steps to secure research from adversaries. Those steps include authorizing an NSF research security office, providing Federal cybersecurity assistance to universities, and setting up an information sharing and analysis center (ISAC) for security research risks.
Supply Chain Program
The bill would continue to direct the Commerce Department to establish a supply chain resilience program and work with the private sector “for the purpose of identifying and recommending opportunities to mitigate or address supply chain vulnerabilities in the United States and in allied and partner countries.”
New Chip Provisions
Topping the list of new high-dollar items in the bill is $52 billion in emergency funding to implement the CHIPS Act, which was included in last year’s National Defense Authorization Act (NDAA) and which would help to build more semiconductor manufacturing operations in the U.S., and support legacy chip production for the automotive and military sectors.
The bill also includes $1.5 billion to implement the USA Telecommunications Act – also a part of last year’s NDAA – that would fund efforts to create decentralized operating systems for wireless communications including 5G services.
The updated bill said Sen. Schumer, “will jumpstart American competition and make one of the most significant government investments in American innovation and manufacturing in generations.”
“This legislation will allow the United States to out-compete countries like China in critical technologies like semiconductors, creating good-paying American jobs and help improve our country’s economic and national security,” the senator said.
Cybersecurity Provisions Added
The expanded bill also provides for a $20 million cyber response and recovery fund to coordinate response and recovery efforts among Federal, state, local, and tribal governments. The fund would cover items including vulnerability assessments and mitigation, incident mitigation, malware analysis, threat detection and hunting, and network protection.
This provision to the bill appears to wrap in the provisions of cyber response legislation introduced earlier this year by Sen. Gary Peters, D-Mich.
Incident Notification
The bill also includes a provision authorizing the Homeland Security Secretary to declare that a “significant” cybersecurity incident has occurred and establishes authorities for response and recovery. The bill says those authorities allow DHS to provide “voluntary assistance” to non-government entities that are impacted by a significant incident.
The bill further provides if the Homeland Security secretary declares a significant incident, congressional committees will receive notification, along with information about the expected duration of the incident, the impact on Federal and non-government entities, and whether amounts in the response fund are not adequate for the response.
The provisions for congressional notification appear to track with criticisms voiced in recent weeks by Sens. Peters and Rob Portman, R-Ohio, who complained that Congress did not receive adequate notification of the SolarWinds Orion cyber attack, and said they might look to change the Federal Information Security Management Act (FISMA) in response.
Federal Employee Reskilling
The bill also provides for Federal workforce reskilling programs, aimed at improving workforce technical skills.
Language of the bill defines a reskilling program as one established by the head of a Federal agency “to provide employees with the technical skill or expertise that would qualify the employees to service in a different position in the competitive service or the excepted service.”
The effectiveness of reskilling programs would be evaluated periodically.
Federal Cyber Rotation Program
Finally, the bill would establish a Federal rotational cyber workforce program along the lines of Senate legislation introduced in April that aims to grow and retain a highly-skilled Federal cyber workforce. The legislation would allow cybersecurity employees to work across multiple Federal agencies, allowing them to expand their skills and networks.
