Cybercrime and the Law: Computer Fraud and Abuse Act (CFAA) and the 116th Congress

"The Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030, is a civil and criminal cybercrime law prohibiting a variety of computer-related conduct. Although sometimes described as an anti-hacking law, the CFAA is much broaderin scope. Indeed, it prohibits seven categories of conduct including, with certain exceptions and conditions:

1. Obtaining national security information through unauthorized computer access and sharing or retaining it; 2. Obtaining certain types of information through unauthorized computer access;
3. Trespassing in a government computer;
4. Engaging in computer-based frauds through unauthorized computer access;
5. Knowingly causing damage to certain computers by transmission of a program, information, code, or command;
6. Trafficking in passwords or other means of unauthorized access to a computer; 7. Making extortionate threats to harm a computer or based on information obtained through unauthorized access to a computer..."
Cybercrime and the law 

Cybersecurity: Cybercrime and National Security Authoritative Reports and Resources

"As online attacks grow in volume and sophistication, the United States is expanding its cybersecurity efforts. Cybercriminals continue to develop new ways to ensnare victims, whereas nation-state hackers compromise companies, government agencies, and businesses to create espionage networks and steal information. Threats come from both criminals and hostile countries, especially China, Russia, Iran, and North Korea.

Much is written on this topic, and this CRS report directs the reader to authoritative sources that address many of the most prominent issues. The annotated descriptions of these sources are listed in reverse chronological order, with an emphasis on material published in the past several years. This report includes resources and studies from government agencies (federal, state, local, and international), think tanks, academic institutions, news organizations, and other sources:

Table 1—cybercrime, data breaches and security, including hacking, real-time attack maps, and statistics (such as economic estimates)
Table 2—national security, cyber espionage, and cyberwar, including Stuxnet,
Table 3—cloud computing, the Internet of Things (IoT), and FedRAMP..."
Cybercrime and national security

Cybercrime: An Overview of the Federal Computer Fraud and Abuse Statute and Related Federal Criminal Laws

"The Computer Fraud and Abuse Act (CFAA), 18 U.S.C. 1030, outlaws conduct that victimizes computer systems. It is a cyber security law. It protects federal computers, bank computers, and computers connected to the Internet. It shields them from trespassing, threats, damage, espionage, and from being corruptly used as instruments of fraud. It is not a comprehensive provision, but instead it fills cracks and gaps in the protection afforded by other federal criminal laws. This is a brief sketch of CFAA and some of its federal statutory companions, including the amendments found in the Identity Theft Enforcement and Restitution Act, P.L. 110-326, 122 Stat. 3560 (2008)..."

Cybercrime

On Cyber Monday, Don’t Let a Cyber Grinch Steal Your Holiday Spirit

"As bargain hunters take to the Web this Cyber Monday in search of holiday deals, the Stop.Think.Connect.™ Campaign reminds online shoppers to be wary of the cybersecurity risks of theft, fraud and abuse. While many businesses offer great deals during the holiday season, cyber criminals may try to take advantage of unsuspecting online shoppers..."
On Cyber Monday, Don’t Let a Cyber Grinch Steal Your Holiday Spirit

Comprehensive National Cybersecurity Initiative
"President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we as a government or as a country are not adequately prepared to counter. Shortly after taking office, the President therefore ordered a thorough review of federal efforts to defend the U.S. information and communications infrastructure and the development of a comprehensive approach to securing America’s digital infrastructure.

In May 2009, the President accepted the recommendations of the resulting Cyberspace Policy Review, including the selection of an Executive Branch Cybersecurity Coordinator who will have regular access to the President. The Executive Branch was also directed to work closely with all key players in U.S. cybersecurity, including state and local governments and the private sector, to ensure an organized and unified response to future cyber incidents; strengthen public/private partnerships to find technology solutions that ensure U.S. security and prosperity; invest in the cutting-edge research and development necessary for the innovation and discovery to meet the digital challenges of our time; and begin a campaign to promote cybersecurity awareness and digital literacy from our boardrooms to our classrooms and begin to build the digital workforce of the 21st century. Finally, the President directed that these activities be conducted in a way that is consistent with ensuring the privacy rights and civil liberties guaranteed in the Constitution and cherished by all Americans..."