The Intel Hub
By Shepard Ambellas
February 22, 2012

Cyber security is becoming an increasingly dangerous issue from several perspectives — not only from an actual security standpoint, but from the aspect that new laws can be manipulated (by the powers that be) to limit internet and file/information sharing and access amongst the general populace.

CFR backed figurehead Eric Fischer, Senior Specialist in Science and Technology for the Congressional Research Service(CRS) prepared and released a white paper in late 2011 entitled, Federal Laws Relating to Cybersecurity: Discussion of Proposed Revisions in which the summary reads;

For more than a decade, various experts have expressed increasing concerns about cybersecurity, in light of the growing frequency, impact, and sophistication of attacks on information systems in the United States and abroad. Consensus has also been building that the current legislative framework for cybersecurity might need to be revised.

The complex federal role in cybersecurity involves both securing federal systems and assisting in protecting nonfederal systems. Under current law, all federal agencies have cybersecurity responsibilities relating to their own systems, and many have sector-specific responsibilities for critical infrastructure.

More than 50 statutes address various aspects of cybersecurity either directly or indirectly, but there is no overarching framework legislation in place. While revisions to most of those laws have been proposed over the past few years, no major cybersecurity legislation has been enacted since 2002.

Recent legislative proposals, including many bills introduced in the 111th and 112th Congresses, have focused largely on issues in ten broad areas: national strategy and the role of government, reform of the Federal Information Security Management Act (FISMA), protection of critical infrastructure (especially the electricity grid and the chemical industry), cross-sector coordination and information sharing, breaches resulting in theft or exposure of personal data such as financial information, cybercrime, privacy in the context of electronic commerce, international efforts, research and development, and the cybersecurity workforce. For most of those topics, at least some of the bills addressing them proposed changes to current laws. Several of the bills have received committee or floor action, but none have become law.

Three comprehensive legislative proposals on cybersecurity have been presented to the 112th Congress: S. 413, recommendations from a House Republican task force, and a proposal by the Obama Administration. They differ in approach, with S. 413 proposing the most extensive regulatory framework of the three, and the task force recommendations focusing more on incentives for improving private-sector cybersecurity.

All three proposals would revise the Homeland Security Act and increase the statutory responsibilities of the Department of Homeland Security (DHS) for the cybersecurity of federal information systems. They would address vulnerabilities in the information-technology supply chain, enhance public awareness efforts, and address personnel needs to improve the cybersecurity workforce, including providing DHS with broadened personnel authorities. All three would amplify federal efforts in cybersecurity research and development and improve international cooperation in cybersecurity. All would revise FISMA, giving DHS increased authority, stressing the importance of continuous monitoring of systems, and enhancing the compliance-enforcement authorities of agency officials responsible for information systems.