(a)
Study
Not later than 3 months after November 27, 2002, the Director of the National Institute of Standards and Technology shall enter into an arrangement with the National Research Council of the National Academy of Sciences to conduct a study of the vulnerabilities of the Nation’s network infrastructure and make recommendations for appropriate improvements. The National Research Council shall—
(1)
review existing studies and associated data on the architectural, hardware, and software vulnerabilities and interdependencies in United States critical infrastructure networks;
(2)
identify and assess gaps in technical capability for robust critical infrastructure network security and make recommendations for research priorities and resource requirements; and
(3)
review any and all other essential elements of computer and network security, including security of industrial process controls, to be determined in the conduct of the study.
(b)
Report
The Director of the National Institute of Standards and Technology shall transmit a report containing the results of the study and recommendations required by subsection (a) of this section to the Senate Committee on Commerce, Science, and Transportation and the House of Representatives Committee on Science not later than 21 months after November 27, 2002.
(c)
Security
The Director of the National Institute of Standards and Technology shall ensure that no information that is classified is included in any publicly released version of the report required by this section.
(d)
Authorization of appropriations
There are authorized to be appropriated to the Secretary of Commerce for the National Institute of Standards and Technology for the purposes of carrying out this section, $700,000.