In December , the Administration appointed the first White House Cybersecurity Coordinator, popularly called the "cyber czar," to orchestrate federal cybersecurity activities. A companion presidential policy directive PPD revised other aspects of policy relating to CI security with the aim of improving integration and efficiency, among other goals. Overview and Considerations for Congress , by [author name scrubbed] et al. In general, legislative proposals on cybersecurity in recent Congresses have focused largely on issues in 10 broad areas:.
For most of those topics, at least some of the bills addressing them have proposed changes to current laws. Despite the lack of enactment of cybersecurity legislation in previous congresses, there appeared to be considerable support in principle for significant legislation to address many of the issues identified above. The House, Senate, and White House have taken somewhat different approaches to such legislation. In recent Congresses, many bills have been introduced that would address cybersecurity issues in one or more of the areas listed above.
Several bills passed the House in both the th and th Congresses. None passed the Senate until the end of the th Congress. The four bills that eventually passed both chambers in the th Congress were relatively narrow, focusing on the protection of federal civilian information systems and on DHS workforce and information-sharing activities. A fifth bill was ordered reported out of full committee on April 18 but received no floor consideration in the th Congress: The four bills that had passed the House in the th Congress were all reintroduced and passed, with some amendments, in April In the th Congress, the Senate began working on a comprehensive cybersecurity bill synthesizing approaches proposed by the Homeland Security and Governmental Affairs Committee S.
It included features of bills from the th Congress and others from the th Congress mainly S. A revised version, S.
Votes | Congressional Chronicle | theranchhands.com
An alternative Senate bill, S. A cloture motion failed on August 2, , and again on November None of the other bills were considered on the floor. Other introduced bills would address a range of cybersecurity issues, including protection of CI and federal systems, information sharing, education and awareness, workforce, data breaches, cyberespionage, and cybercrime. Four of the cybersecurity bills debated in the th Congress were enacted, as amended, in December This bill contains a compromise defense reauthorization for Legislative proposals in recent Congresses have taken a range of approaches to address issues in cybersecurity.
The discussion below compares various approaches from proposals in the th and th Congresses that would address the following issues: Table 1 lists bills that have received committee or floor action in the th Congress. Selected Legal Issues , by [author name scrubbed] et al. The Obama Administration has identified 16 sectors of critical infrastructure CI , 33 much of which is owned by the private sector. The federal role in protection of privately held CI has been one of the most contentious issues in the debate about cybersecurity legislation.
There appears to be broad agreement that additional actions are needed to address the cybersecurity risks to CI, 34 but there is considerable disagreement about how much, if any, additional federal regulation is required. Several legislative proposals have addressed protection of privately held CI. The regulations proposed by S. The Secretary would also have been authorized to perform assessments where risks justify such actions.
The council would have been required to coordinate its activities with relevant private-sector entities. The bill would have permitted federal regulatory agencies to require use of adopted practices by CI entities they regulate, provided that such actions are authorized by existing federal law. It would have required the use of third-party assessments and authorized the council to perform assessments where risks justify such action.
The White House Proposal would have required owners and operators of covered entities, unless exempted, 37 to submit and attest to compliance plans, and certify compliance annually. Independent evaluations would have been performed on a schedule determined by the Secretary. Civil penalties, shutdown orders, and requirements for use of particular measures would have been prohibited as enforcement methods. The Task Force Report recommended that Congress consider targeted and limited additional regulation of highly regulated industries where required to improve cybersecurity, and that existing regulations be streamlined.
For most CI, however, the report recommended that Congress adopt a menu of voluntary incentives. The subcommittee version of H. It would have prohibited additional regulatory authority beyond the collected standards. The full-committee version of H. It would have permitted the Secretary to engage in risk assessments and other protective activities with respect to privately held CI only upon request by owners and operators.
It would have required the Secretary to develop a cybersecurity strategy for CI systems, and it stipulated that the bill would not have provided additional authority to DHS over federal or nonfederal entities. However, the bills would have provided criminal penalties for damage to CI computers, and, like the proposals discussed above, they contained information-sharing provisions that could be useful in CI protection.
Bills in the th Congress have been more limited in scope than those in the th. Barriers to the sharing of information on threats, attacks, vulnerabilities, and other aspects of cybersecurity—both within and across sectors—have long been considered by many to be a significant hindrance to effective protection of information systems, especially those associated with CI. Proposals to reduce or remove such barriers, including provisions in legislative proposals in the last two Congresses, have raised concerns, 45 some of which are related to the purpose of barriers that currently impede sharing.
Examples include risks to individual privacy and even free speech and other rights, use of information for purposes other than cybersecurity, such as unrelated government regulatory actions, commercial exploitation of personal information, or anticompetitive collusion among businesses that would currently violate federal law see " Antitrust Laws and Section 5 of the Federal Trade Commission Act ".
Several proposals had provisions for improving information sharing and addressing privacy and other concerns: Two bills specifically focus on information sharing in the th Congress, H. It has more specific provisions relating to coordination of federal cybersecurity activities and to privacy and civil liberties, and it distinguishes between DHS's role in sharing cyberthreat information and DOJ's role in sharing cybercrime information. The provisions in S. Its provisions authorizing monitoring and countermeasures are not as restrictive as those in the previous bills, whereas its provisions on protection and use of cybersecurity information are arguably more precise.
DHS currently has very limited statutory responsibility for the protection of federal information systems. The degree to which its role should be modified has been a matter of some debate. Some legislative proposals would address DHS authorities for federal civil systems 58 by enhancing DHS authorities, although to varying degrees and in varying ways. All four proposals would have provided specific authorities and responsibilities to DHS for risk assessments, protective capabilities, and operational cybersecurity activities.
However, the White House Proposal would have required the Secretary to establish a center with responsibilities for protecting federal information systems, facilitating information sharing, and coordinating incident response. It revised the framework that had been enacted in several previous laws see Table 2. FISMA as originally enacted has been criticized for focus on procedure and reporting rather than operational security, a lack of widely accepted cybersecurity metrics, variations in agency interpretation of the mandates in the act, excessive focus on individual information systems as opposed to the agency's overall information architecture, and insufficient means to enforce compliance both within and across agencies.
The provisions in H. It would also add a section to FISMA requiring OMB to establish procedures for agencies to follow in the event of a data breach involving PII, including notification of affected individuals and other actions as appropriate. As with the earlier bills, major agency responsibilities would not be changed. However, unlike some earlier bills, S. The enacted version of S. Concerns have been raised for several years about the size, skills, and preparation of the federal and private-sector cybersecurity workforces.
Several proposals would have addressed concerns about the cybersecurity workforce in various ways:. The workforce-related provisions in S. The latter omitted some education provisions involving the Secretary of Education but added an initiative on state and local education and training. Similar provisions appear in several of the bills in the th Congress discussed above:. An amendment in the nature of a substitute to H.
The need for improvements in fundamental knowledge of cybersecurity and new solutions and approaches has been recognized for well over a decade 66 and was a factor in the passage of the Cybersecurity Research and Development Act in P. However, DHS and several other agencies make significant investments in it. Agencies for which the proposals included provisions specifying research topics or providing funding authorization were.
The Task Force Report , H. In the House, most provisions in H. In the Senate, S. Some proposals addressed additional topics not discussed in this overview.
Cybersecurity and Information Sharing (CISA/CISPA)
For example, in the th Congress, H. To the extent that such topics would have been addressed by amending current statutes, they are discussed below under the relevant laws. To identify laws that might be considered candidates for revision, CRS conducted a broad search, consulting with various experts and examining various sources, including legislative proposals in recent Congresses. That search yielded more than 50 potentially relevant statutes see Table 2 , of which proposed revisions were identified for most.
Entries are in chronological order. One example is the recommendations for statutory language on data-breach notification in the White House Proposal and the Task Force Report. Neither those two documents, nor the bills on the issue that were introduced in the th Congress, 79 specify named statutes to be revised. One of those bills, S.
Chapter 47 Fraud and False Statements by adding a new section at the end, but that provision does not modify any named statute specified either in the bill or in the U. It is therefore not included in the discussion below. However, the bill would also have revised 18 U. Another example is bills with provisions clearly related to a named statute, but that would not explicitly modify that statute.
One example from the th Congress is H. Such provisions are not discussed in this report because their effects on specific statutes could not be determined with certainty. The approach taken in this report of focusing on statutes by their popular names is useful in many cases, but it has some significant limitations, particularly with respect to the U. Some laws, such as the USA Patriot Act of see Table 2 , may be classified across many titles and sections, 80 which may make analysis more challenging. Fortunately, that did not prove to be a significant concern for this report.
However, lack of correspondence between named laws and proposed modification of provisions in the U. Code, described above, may in some cases result in significant gaps in coverage of relevant provisions of law relating to cybersecurity by an approach such as the one taken here.
Therefore, the analysis presented here should not be regarded as complete. When referred to in statute, the term "antitrust laws" generally means the three laws listed in 15 U.
Also frequently included in the list of antitrust laws is Section 5 of the FTC Act, which prohibits unfair and deceptive trade practices. Section 5 is included because courts have found that unfair competition includes, at the least, activity that would violate the Sherman or Clayton Acts. Information-sharing agreements between private corporations may be subject to antitrust scrutiny, because the sharing of information among competitors could create opportunities for collaboration with the goal of restraining trade.
Some observers may argue that in order to develop effective and efficient information-sharing agreements to combat cybersecurity threats, an explicit exemption from the antitrust laws for those agreements is necessary. Congress has previously proposed such an exemption. The Task Force Report stated that an antitrust exemption might be required. Others may argue that the antitrust laws are flexible in nature, particularly as they relate to information-sharing agreements, and the laws are flexibly applied by the agencies of jurisdiction. DOJ has issued business review letters to companies who have developed plans to share information to combat cybersecurity threats.
The original act gave the agency responsibilities relating to technical standards. Later amendments added more generally relevant provisions and, more specifically,. Despite NIST's current authority to conduct research on computers and information security, some concerns have been raised about whether those activities should be enhanced in light of the evolving threat environment for cybersecurity. In the th Congress, H.
Similar bills passed the House in the th H. See also " Research and Development. Concerns about the vulnerability of the electric grid to cyberattack have increased substantially over the last several years. In the th Congress, S. Some observers have proposed that the act should be revised to give the FCC more of a role in cybersecurity, especially given the growing merging of information and communications technology ICT and their increasing importance in the U.
Some controversy exists about whether the Section authorities described above permit the President to shut down Internet communications during a war or national emergency, a power that has sometimes been referred to as the "Internet kill switch. That debate became acute during Senate consideration of S.
Those bills would have authorized emergency measures by the President if the operation of CI were threatened by cyberattack. A similar provision was proposed in S. A broad consensus exists that a significant barrier to improving cybersecurity is limitations on sharing of information, including classified information, about cyber-threats and attacks.
The bill also includes provisions for protection from liability for entities sharing information and exemption from disclosure of that information under the " Freedom of Information Act FOIA. Critics maintain that the law is a Cold War relic intended only to restrict the USIA, which no longer exists, from propagandizing Americans with public diplomacy and information materials that were intended for a foreign audience. Those critics argue that the restrictions were created before the advent of the Internet, and the provisions create an obsolete barrier that serves only to prevent the State Department from communicating effectively.
Some have also argued that the law has been interpreted to prohibit the military from conducting information operations in cyberspace, as some of those activities could be considered propaganda that could reach U. Yearly appropriations bills for both the State Department and Department of Defense include restrictions on use of funds for "propaganda" activities, although the word "propaganda" is not defined. As the Internet becomes increasingly international, concerns have been raised about the development and coordination of international efforts in cybersecurity by the United States.
Sharing of cybersecurity information between the federal government and nonfederal entities is widely considered to be an essential need, especially with respect to the protection of CI. However, attempts to encourage the private sector to share sensitive CI information with the federal government have, at times, been met with concerns that such records could be subject to public release under FOIA, resulting in potential economic or other harm to the source.
Among the nine exemptions that permit agencies to withhold applicable records are three that may particularly apply to cybersecurity information:. Despite these existing protections, some private-sector entities may still have concerns about public release of sensitive records—that existing laws may not be specific enough to protect particular types of records, or they may be too narrow to protect all records of concern. The White House Proposal would have addressed such concerns by applying Exemption 3 to any lawfully obtained information provided to DHS for cybersecurity purposes.
Adding such broad exemptions to FOIA, however, could prompt concerns about decreases in federal transparency. The incidence of cybercrime has increased dramatically over the last decade. Any such potential benefits might, however, need to be weighed against the impact of such authority on the public's ability to participate in and access the records of affected advisory committees.
Some observers argue that the act should be revised to clarify, in the context of cybersecurity, what is considered PII and how it can be used, such as by explicitly permitting the sharing among federal agencies—or with appropriate third parties such as owners and operators of CI—of certain information, such as a computer's Internet IP address, in examinations of threats, vulnerabilities, and attacks.
The act contains some exemptions, such as for law enforcement activities 5 U. However, other observers may argue that the provisions in the act are sufficient to permit necessary cybersecurity activities, and that revising the act to provide additional authorities relating to cybersecurity could compromise the protections provided by the act. The White House Proposal would add penalties for damaging certain CI computers, increase penalties for most violations of the act, clarify certain offenses, and modify the act's conspiracy and forfeiture provisions.
The Task Force Report recommended that the act be broadened to cover CI systems, and possibly all private-sector computers, with increased criminal penalties. It also recommended that provisions should be focused narrowly enough to avoid creating unintended liability for legitimate activities. Some observers believe that the act wrongly permits prosecution for some acts, such as some kinds of Internet scanning that are aimed at reducing vulnerabilities to cyberattacks. ECPA reform efforts focus on crafting a legal structure that is up-to-date, can be effectively applied to modern technology, and that protects users' reasonable expectations of privacy.
ECPA is viewed by many stakeholders as unwieldy, complex, and difficult for judges to apply. For example, when law enforcement officials seek data or files stored in the cloud, such as web-based email applications or online word processing services, the privacy standard that is applied is often lower than the standard that applies when law enforcement officials seek the same data stored on an individual's personal or business hard drive.
The Task Force Report recommended changes to laws governing the protection of electronic communications to facilitate sharing of appropriate cybersecurity information, including the development of an anonymous reporting mechanism. In addition to the authority provided under this act, Title 10 of the U.
Code provides inherent and specific authority to DOD to undertake the following activities:. Specific authorities for combatant commanders are provided in Title 10 to use force in self-defense and for mission accomplishment—including in the recently recognized information operations environment.
- Raptureless: An Optimistic Guide to the End of the World - Revised Edition Including The Art of Revelation!
- Arrêter de fumer tout de suite ! (Evolution) (French Edition)!
- Building ASP.NET Web Pages with Microsoft WebMatrix (The Experts Voice in .Net).
- Navigation menu.
In preparing for contingencies or military operations, DOD undertakes activities to lessen risks to U. Some military activities are conducted clandestinely to conceal the nature of the operation and passively collect intelligence. Activities focused on influencing the governing of a foreign country are deemed covert actions and may not be conducted by members of the military absent a presidential finding and notification of the congressional intelligence committees. Some analysts suggest that in the cyber domain distinguishing between whether an action is or should be considered covert or clandestine is problematic, as an attacking adversary's intent and location are often difficult to discern.
Should this act be updated, reassessing DOD's authorities in light of its unique intelligence capabilities may assist in responding to and conducting offensive cyberattacks. It would also have added a research goal of increasing understanding "of the scientific principles of cyber-physical systems" and improving methods for designing, developing, and operating such systems with high reliability, safety, and security.
The House bills, as well as S. Some government and industry observers believe that CALEA should be revised to improve its effectiveness in addressing cybersecurity concerns. Among the concerns expressed are whether the act is the best mechanism for collecting information transmitted via the Internet, whether reassessment is needed of which private-sector entities the act covers and which government entities should be involved in enforcement and oversight, and what the role of industry should be in the development of the technologies and standards used to implement the provisions of the act.
Some argue that certain Internet content, such as terrorist chat rooms or propaganda websites, presents a national security or operational threat that is not represented within the Communications Decency Act. Further, should such material be deemed as "indecent," the law does not give federal agencies the authority to require that the Internet service providers hosting the content to take it offline. These critics maintain that the law should be revised to compel ISPs and web administrators to dismantle sites containing information that could be used to incite harm against the United States.
A possible revision could be similar to the "take down and put back" provision in the Digital Millennium Copyright Act, Stat. Code to hold a service liable for publishing material that is defamatory or infringes upon a third party copyright. Others maintain that such a revision is counter to the spirit of free, open exchange of information that is characterized by the Internet and may be a First Amendment violation.
Some have also expressed concerns that the intelligence value gained by preserving and monitoring the sites outweighs the potential threat risk. With the increasing globalization of the IT hardware and software industries, concerns have been growing among cybersecurity experts about potential vulnerabilities at various points along the supply chain for IT products. Congress and the executive branch have debated the limits of the authority and jurisdiction of CIOs since their establishment. The Obama Administration also appointed a federal chief information officer and a federal chief technology officer CTO , positions first created in the George W.
Various concerns have been raised about the ways in which the act addressed cybersecurity, and a number of proposals have been made since its enactment to enhance the cybersecurity provisions. In the th Congress, the most comprehensive legislative proposal was in S. It would have added provisions on cybersecurity that would have.
The proposal differed in several ways from the approach taken by S. However, the White House Proposal would have required the Secretary to establish a center with cybersecurity responsibilities for federal and CI systems. It did, however, provide the DHS Secretary with authority to direct responses of federal agencies to cybersecurity threats or incidents.
Also in the th Congress, S. They would have established a new center, with new authorities, but omitted the provision in S. To facilitate information sharing and technical assistance, it would have created a center within DHS that would have included a private-sector board of advisors. Unlike the bill as introduced, it did not include a nongovernmental clearinghouse for sharing cybersecurity information between the private sector and the federal government that was recommended by the Task Force Report.
Some other bills in the th Congress would also have revised the act. The bill was enacted in December with an amendment in the nature of a substitute requiring an assessment of cybersecurity workforce needs at DHS. A commonly expressed concern about FISMA is that it is awkward and inefficient in providing adequate cybersecurity to government IT systems. The causes cited have varied but common themes have included inadequate resources, a focus on procedure and reporting rather than operational security, lack of widely accepted cybersecurity metrics, variations in agency interpretation of the mandates in the act, excessive focus on individual information systems as opposed to the agency's overall information architecture, and insufficient means to enforce compliance both within and across agencies.
The proposals varied in detail, with several notable provisions in some:. In the th Congress, the Task Force Report recommended an increased focus on monitoring, support for DHS authority, and taking new and emerging technologies, such as cloud computing, into account. The White House Proposal was broadly similar to congressional proposals in many details. However, it would not have created a White House cybersecurity office and would have transferred responsibilities to the DHS Secretary rather than to a new cybersecurity center within DHS. In the th Congress, the provisions in H.
The act is intended to provide incentives for the development of insurance coverage for losses from acts of terrorism. Losses from cyberattacks are not specifically included, and some observers have raised concerns about whether some modification of the act would be appropriate. Bush Administration attempted to address the latter gap through the "leap-ahead" technology component of the Comprehensive Cybersecurity Initiative.
Concerns have also been raised about the need to improve the process by which NIST creates checklists and other guidance and technical standards for federal IT systems. Similar bills were introduced in the th H. Chapter 37, 44 U. Chapter 35, Subchapter 2, and Chapter Serves as the primary legislative vehicle to guide federal IT management and initiatives to make information and services available online.
Significant provisions include the following:. The White House Proposal would have renewed the personnel exchange program, which terminated at the end of , and remove the current restriction in eligibility to management personnel. While this program would be applicable to any subdiscipline of IT, a widely held belief at present is that gaps in cybersecurity expertise are of particular concern. Identity theft has generally been the fastest growing type of fraud in the United States over the past decade.
That was a decrease from the approximately Almost half of all the reported fraud involved online transactions. Among other elements, several of which were recommended by a presidential task force in , the act authorized restitution to identity theft victims for their time spent recovering from the harm caused by the actual or intended identity theft. Legislation has not yet, however, adopted recommendations of the task force to. That task force recommended that Congress clarify the identity theft and aggravated identity theft statutes to cover both individuals and organizations targeted by identity thieves because the range of potential victims includes not only individuals but organizations as well.
The task force cites "phishing" as a means by which identity thieves assume the identity of a corporation or organization in order to solicit personally identifiable information from individuals. In part because identity theft is a facilitating crime, and the criminal act of stealing someone's identity often does not end there, investigating and prosecuting identity theft often involves investigating and prosecuting a number of related crimes. In light of this interconnectivity, the task force recommended expanding the list of predicate offenses for aggravated identity theft.
The task force specifically suggested adding identity theft-related crimes such as mail theft, counterfeit securities, and tax fraud. The House Task Force Report also recommended requiring restitution for victims of identity theft and computer fraud. The act does not contain a single reference to cyber, cybersecurity, or related activities. Its stated purpose is to "reform the intelligence community and the intelligence and intelligence-related activities of the United States Government, and for other purposes.
Numerous organizations, programs, and activities in the act currently address cybersecurity-related issues. IRPTA addresses many types of risks to the nation and threats emanating from man-made and naturally occurring events. The broad themes of the act could be categorized as how the federal government identifies, assesses, defeats, responds to, and recovers from current and emerging threats.
The act might be updated to incorporate cybersecurity-related issues. However, any such update could affect numerous organizations and activities. Posse Comitatus Act p. Restricts the use of military forces in civilian law enforcement within the United States. May prevent assistance to civil agencies that lack DOD expertise and capabilities. May create barriers to sharing of information or collaboration to enhance cybersecurity among private sector entities.
Later amendments established a computer standards program and specified research topics, among them computer and telecommunication systems, including information security and control systems. Established a radio licensing regime and regulated private radio communications, creating a precedent for wireless regulation. Repealed by the Radio Act of Federal Power Act p. The move toward a national smart grid is raising concerns about vulnerability to cyberattack. Created the Federal Radio Commission as an independent agency predecessor of the FCC and outlawed interception and divulging private radio messages.
Repealed by the Communications Act of see p. Communications Act of p. Established the Federal Communications Commission FCC and gave it regulatory authority over both domestic and international commercial wired and wireless communications. Provides the President with emergency powers over communications stations and devices. Governs protection by cable operators of information about subscribers.
National Security Act of p. Provided the basis for the modern organization of U. Established procedures for access to classified information. Restricts the State Department from disseminating public diplomacy information domestically and limits its authority to communicate with the American public in general.
- Search form!
- The Bruce R. Hopkins Nonprofit Law Library: Essential Questions and Answers (Wiley Nonprofit Authority);
- ALA User Menu.
- Tenjo Tenge (Full Contact Edition 2-in-1), Vol. 8: Full Contact Edition 2-in-1!
- Cyber Intelligence Sharing and Protection Act - Wikipedia?
- Pin by Brandon Kirby on Hacking | Pinterest | Cyber and Hacks!
- Unbound (Shifters Unbound).
Has been interpreted by some to prohibit the military from conducting cyberspace information operations, some of which could be considered propaganda that could reach U. Codifies a robust legal authority given the President to force industry to give priority to national security production and ensure the survival of security-critical domestic production capacities. It is also the statutory underpinning of governmental review of foreign investment in U. State Department Basic Authorities Act of p. Specifies the organization of the Department of State, including the positions of coordinator for counterterrorism.
Gave GSA authority over acquisition of automatic data processing equipment by federal agencies, and gave NIST responsibilities for developing standards and guidelines relating to automatic data processing and federal computer systems. Repealed by the Clinger-Cohen Act of see p. Enables anyone to access agency records except those falling into nine categories of exemption, among them classified documents, those exempted by specific statutes, and trade secrets or other confidential commercial or financial information.
Title I established federal grant programs and other forms of assistance to state and local law enforcement. Title III is a comprehensive wiretapping and electronic eavesdropping statute that not only outlawed both activities in general terms but that also permitted federal and state law enforcement officers to use them under strict limitations.
Enlarges the civil and criminal consequences of a list of state and federal crimes when committed in a way characteristic of the conduct of organized crime racketeering. Federal Advisory Committee Act p. Specifies conditions for establishing a federal advisory committee and its responsibilities and limitations. Requires open, public meetings and that records be available for public inspection. Establishes procedures to circumscribe presidential authority to use armed forces in potential or actual hostilities without congressional authorization.
Privacy Act of p. Limits the disclosure of personally identifiable information PII held by federal agencies.
You are here
Established a code of fair information practices for collection, management, and dissemination of records by agencies, including requirements for security and confidentiality of records. In foreign intelligence investigations, provides a statutory framework for federal agencies to obtain authorization to conduct electronic surveillance, utilize pen registers and trap and trace devices, or access specified records.
Protects journalists from being required to turn over to law enforcement any work product and documentary materials, including sources, before dissemination to the public. Provided criminal penalties for unauthorized access and use of computers and networks. Part of the Comprehensive Crime Control Act of For government computers, criminalized electronic trespassing, exceeding authorized access, and destroying information; also criminalized trafficking in stolen computer passwords.
Created a statutory exemption for intelligence and law enforcement activities. Attempts to strike a balance between privacy rights and the needs of law enforcement with respect to data shared or stored by electronic and telecommunications services. Unless otherwise provided, prohibits the interception of or access to stored oral or electronic communications, use or disclosure of information so obtained, or possession of electronic eavesdropping equipment.
Department of Defense Appropriations Act, p. Established unified combatant command for special operations forces, including the U. Strategic Command, under which the U. Cyber Command was organized. Required NIST to develop and the Secretary of Commerce to promulgate security standards and guidelines for federal computer systems except national security systems. Also required agency planning and training in computer security this provision was superseded by FISMA—see p.
Amended the Privacy Act see p. High Performance Computing Act of p. Established a federal high-performance computing program and requires that it address security needs and provide for interagency coordination. Requires telecommunications carriers to assist law enforcement in performing electronic surveillance and directs the telecommunications industry to design, develop, and deploy solutions that meet requirements for carriers to support authorized electronic surveillance.
Gave the Office of Management and Budget OMB authority to develop information-resource management polices and standards, required consultation with NIST and GSA on information technology IT , and required agencies to implement processes relating to information security and privacy. Overhauled telecommunications law, including significant deregulation of U. Communications Decency Act of p. Intended to regulate indecency and obscenity on telecommunications systems, including the Internet.
Has been interpreted to absolve Internet service providers and certain web-based services of responsibility for third-party content residing on those networks or websites. Required agencies to ensure adequacy of information-security policies, OMB to oversee major IT acquisitions, and the Secretary of Commerce to promulgate compulsory federal computer standards based on those developed by NIST.
Exempted national security systems from most provisions. Required the Secretary of Health and Human Services to establish security standards and regulations for protecting the privacy of individually identifiable health information, and required covered health-care entities to protect the security of such information. Outlaws theft of trade secret information, including electronically stored information, if "reasonable measures" have been taken to keep it secret.
Identity Theft and Assumption Deterrence Act of p. Made identity theft a federal crime, provides penalties, and directed the FTC to record and refer complaints. Established the Defense Information Assurance Program and required development of a testbed and coordination with other federal agencies. Archived from the original PDF on February 28, Retrieved April 5, Retrieved April 18, Retrieved April 26, Retrieved May 1, McNeal, Forbes , July 9, Retrieved January 16, Who's for it, who's against it and how it could affect you".
Retrieved April 11, Retrieved April 30, Legislative Issues in the th Congress". Retrieved April 17, Retrieved April 29, Retrieved April 20, House Permanent Select Committee on Intelligence. Archived from the original on April 26, Retrieved April 12, Retrieved May 9, Retrieved April 23, Stop Bad Cybersecurity Bills". Retrieved April 7, Retrieved June 8, Retrieved June 7, Retrieved April 10, Cybersecurity Bills Pending in U. Retrieved April 13, Retrieved April 14, It must be stopped".
Retrieved April 25, Retrieved April 15, Retrieved May 3, Retrieved June 6, Retrieved April 16, Archived from the original on June 18, Retrieved April 22, Cybersecurity Act of ". Archived from the original on August 4,