S 3943 Introduced

ANCHOR Act

Last month, Sen Padilla (D,CA) introduced S 3943, the Accelerating Networking, Cyberinfrastructure, and Hardware for Oceanic Research (ANCHOR) Act. The bill would require the National Science Foundation (NSF) to submit a plan to improve the cybersecurity and telecommunications of the Academic Research Fleet. No new funding is authorized by the legislation. The bill is very similar to HR 7630. That bill was adopted without amendment by the House Science, Space, and Technology Committee on March 20^th, 2024.

Differences From HR 7630

The major difference from the House bill is that Section 4 of the earlier bill is absent in the Senate version. That section authorized NSF to support cybersecurity upgrades described in the plan required in §3. Section 4 would have also required a report to Congress on progress made on the implementation of the plan.

The other changes are editorial in nature (like changing the order of listing the terms being defined in §2). The most significant of those changes is clarifying the odd wording in §3(a):

• House version: “(a) IN GENERAL.—Not later than one year after the  date of the enactment of this Act, the Director , in consultation with other Federal agency owners heads of other  Federal agencies and the head of any university or laboratory that owns or operates a vessel of the U.S. Academic Research Fleet….”

• Senate version: “(a) IN GENERAL.—Not later than 1 year after the date of enactment of this Act, the Director shall, in consultation with the head of any Federal agency, university, or laboratory that owns or operates a vessel of the U.S. Academic Research Fleet….”

Definitions

Section 2 of the bill provides the definitions of three key terms used in the bill. It does not include any technical terms related to cybersecurity.

Cybersecurity Plan

Section 3 establishes the requirement for NSF to submit to Congress a “a plan to improve the cybersecurity and telecommunications of the Academic Research Fleet.” The plan would include:

• An assessment of the telecommunications and networking needs of the U.S. Academic Research Fleet,

• An assessment of cybersecurity needs appropriate for the typical research functions and topics of such vessels,

• An assessment of the costs necessary to meet those needs,

• An assessment of the time required to implement any upgrades required to meet those needs,

• A proposal for the adoption of common solutions or consortial licensing agreements, and

• A spending plan to provide funding to cover the costs described above.

In preparing the plan, the NSF would consider the network capabilities, including speed and bandwidth targets, necessary to meet the scientific mission needs of each class of vessel within the Fleet for such purposes as:

• Executing the critical functions and communications of each vessel,

• Providing network access for the health and well-being of deployed personnel,

• Uploading any scientific data to a shoreside server,

• Conducting real-time streaming to enable shore-based observers to participate in ship-based maintenance or research activities,

• Real-time coordinated viewing of scientific instrumentation so that it is possible to conduct scientific surveys and seafloor mapping with fully remote subject matter experts,

• Real-time coordinated viewing of critical operational technology by manufacturers and vendors so that it is possible to carry out maintenance and repairs to systems with limited expertise on each vessel, and

• As appropriate, enabling video communications to allow improved outreach to, and other educational services for, K–12 students, including occasional remote classroom teaching for instructors at sea to improve oceanographic access for students.

In consultation with CISA and NIST, the plan’s cybersecurity considerations would address:

• The cybersecurity recommendations in the report on “Cybersecurity at NSF Major Facilities” (JSR–21–10E),

• Alignment with international standards and guidance for information security,

• Facilitation of access to cybersecurity personnel and training of research and support personnel, and

• The requirements for the protection of controlled unclassified or classified information.

Moving Forward

While Padilla is not a member of the Senate Commerce, Science, and Transportation Committee to which this bill was assigned for consideration, two of his three cosponsors are members. This means that there could be sufficient influence to see this bill considered in Committee. I see nothing in this bill, especially since it contains no new funding or regulatory requirements, that would engender any organized opposition to the legislation. I suspect that there would be bipartisan support for the bill. Unfortunately, this is yet another bill that is not politically important enough to take up the time to considered by the full Senate. If this bill is to move forward, it would need to be considered under the unanimous consent process (a politically fraught process) or be included in some larger, more politically necessary bill.