Thursday, May 18, 2017

Cybersecurity: Legislation, Hearings, and Executive Branch Documents

"Cybersecurity vulnerabilities challenge governments, businesses, and individuals worldwide. Attacks have been initiated against individuals, corporations, and countries. Targets have included government networks, companies, and political organizations, depending upon whether the attacker was seeking military intelligence, conducting diplomatic or industrial espionage, engaging in cybercrime, or intimidating political activists. In addition, national borders mean little or nothing to cyberattackers, and attributing an attack to a specific location can be difficult, which may make responding problematic.

Despite many recommendations made over the past decade, most major legislative provisions relating to cybersecurity had been enacted prior to 2002. However, on December 18, 2014, five cybersecurity bills were signed by the President. These bills change federal cybersecurity programs in a number of ways:
 codifying the role of the National Institute of Standards and Technology (NIST) in developing a “voluntary, industry-led set of standards” to reduce cyber risk;
 codifying the Department of Homeland Security’s (DHS’s) National Cybersecurity and Communications Integration Center as a hub for interactions with the private sector;
 updating the Federal Information Security Management Act (FISMA) by requiring the Office of Management and Budget (OMB) to “eliminate ... inefficient and wasteful reports”; and
 requiring DHS to develop a “comprehensive workforce strategy” within a year and giving DHS new authorities for cybersecurity hiring..."

Post a Comment