"Cybersecurity vulnerabilities challenge governments, businesses, and individuals worldwide. Attacks have been initiated against individuals, corporations, and countries. Targets have included government networks, companies, and political organizations, depending upon whether the attacker was seeking military intelligence, conducting diplomatic or industrial espionage, engaging in cybercrime, or intimidating political activists. In addition, national borders mean little or nothing to cyberattackers, and attributing an attack to a specific location can be difficult, which may make responding problematic.
Despite many recommendations made over the past decade, most major legislative provisions
relating to cybersecurity had been enacted prior to 2002. However, on December 18, 2014, five
cybersecurity bills were signed by the President. These bills change federal cybersecurity
programs in a number of ways:
codifying the role of the National Institute of Standards and Technology (NIST)
in developing a “voluntary, industry-led set of standards” to reduce cyber risk;
codifying the Department of Homeland Security’s (DHS’s) National
Cybersecurity and Communications Integration Center as a hub for interactions
with the private sector;
updating the Federal Information Security Management Act (FISMA) by
requiring the Office of Management and Budget (OMB) to “eliminate ...
inefficient and wasteful reports”; and
requiring DHS to develop a “comprehensive workforce strategy” within a year
and giving DHS new authorities for cybersecurity hiring..."