Two House Republicans on Tuesday introduced legislation that would require the National Institute of Standards and Technology (NIST) to help U.S. universities and non-profit research entities involved in research related to COVID-19 protect themselves from cyber security risks.
Under the NIST COVID-19 Cybersecurity Act, the director of NIST would “disseminate and make publicly available resources to help research institutions and institutions of higher education identify, assess, manage, and reduce their cybersecurity risk related to conducting research with respect to COVID-19.”
The bill was introduced by Reps. Frank Lucas (Okla.), ranking member on the Science, Space, and Technology Committee, and Andy Barr (Ky.), a member of the China Task Force, who said that NIST would base its guidance to research institutions on the Cybersecurity Framework, which the agency and other public and private sector partners initially developed during the Obama administration to provide cyber security best practices and standards for any organizations to voluntarily adopt to bolster their cyber posture.
“Congress must act to safeguard critical scientific coronavirus research being conducted at universities nationwide,” Barr said in a statement. “My bill would have the director of National Institute of Standards and Technology put forth guidance to preserve COVID-19 research and greatly reduce the threat of cyber-attacks. This includes providing best practices and guidelines that will protect our national security.”
Lucas stated that “We’ve seen disturbing evidence of state-sponsored cyber-attacks from the Chinese Communist Party directed at universities and organizations conducting vital research on combating COVID-19. This compromises our research efforts and delays our ability to identify vaccines and treatments. NIST’s Cybersecurity Framework is the gold standards for cyber protection, and tailoring these guidelines for academia and research institutions will keep our data safe from theft and manipulation by foreign actors.”
In May, the FBI and Department of Homeland Security issued a joint warning that China is using cyber means to target U.S. organizations involved in healthcare research to counter COVID-19. They said the hacking is aimed at obtaining intellectual property and other data related to vaccines, treatments and testing from networks and personnel working on COVID-19 research.