Page:United States Statutes at Large Volume 116 Part 3.djvu/787

This page needs to be proofread.

PUBLIC LAW 107-305 —NOV. 27, 2002 116 STAT. 2379 (B) may treat the explanation as if it were a portion of the agenc/s annual performance plan properly classified under criteria established by an Executive Order (within the meaning of section 1115(d) of title 31, United States Code). (2) LIMITATION. — Paragraph (1) does not apply to any computer hardware or software system for which the National Institute of Standards and Technology does not have responsibility under section 20(a)(3) of the National Institute of Standards and Technology Act (15 U.S.C.278g-3(a)(3)). SEC. 9. COMPUTER SECURITY REVIEW, PUBLIC MEETINGS, AND INFORMATION. Section 20 of the National Institute of Standards and Technology Act (15 U.S.C. 278g-3) is amended by adding at the end the following new subsection: "(e) AUTHORIZATION OF APPROPRIATIONS. —There are authorized to be appropriated to the Secretary $1,060,000 for fiscal year 2003 and $1,090,000 for fiscal year 2004 to enable the Computer System Security and Privacy Advisory Board, established by section 21, to identify emerging issues, including research needs, related to computer security, privacy, and cryptography and, as appropriate, to convene public meetings on those subjects, receive presentations, and publish reports, digests, and summaries for public distribution on those subjects.". SEC. 10. INTRAMURAL SECURITY RESEARCH. Section 20 of the National Institute of Standards and Technology Act (15 U.S.C. 278g-3), as amended by this Act, is further amended by redesignating subsection (e) as subsection if), and by inserting after subsection (d) the following: "(e) INTRAMURAL SECURITY RESEARCH. — As part of the research activities conducted in accordance with subsection (b)(4), the Institute shall— "(1) conduct a research program to address emerging technologies associated with assembling a networked computer system from components while ensuring it maintains desired security properties; "(2) carry out research associated with improving the security of real-time computing and communications systems for use in process control; and "(3) carry out multidisciplinary, long-term, high-risk research on ways to improve the security of computer systems.". SEC. 11. AUTHORIZATION OF APPROPRIATIONS. 15 USC 7407. There are authorized to be appropriated to the Secretary of Commerce for the National Institute of Standards and Technology— (1) for activities under section 22 of the National Institute of Standards and Technology Act, as added by section 8 of this Act— (A) $25,000,000 for fiscal year 2003; (B) $40,000,000 for fiscal year 2004; (C) $55,000,000 for fiscal year 2005; (D) $70,000,000 for fiscal year 2006; (E) $85,000,000 for fiscal year 2007; and (2) for activities under section 20(f) of the National Institute of Standards and Technology Act, as added by section 10 of this Act—