Federal Laws Relating to Cybersecurity: Discussion of Proposed Revisions [July 25, 2012]   [open pdf - 577KB]

"For more than a decade, various experts have expressed increasing concerns about cybersecurity, in light of the growing frequency, impact, and sophistication of attacks on information systems in the United States and abroad. Consensus has also been building that the current legislative framework for cybersecurity might need to be revised. The complex federal role in cybersecurity involves both securing federal systems and assisting in protecting nonfederal systems. Under current law, all federal agencies have cybersecurity responsibilities relating to their own systems, and many have sector-specific responsibilities for critical infrastructure. More than 50 statutes address various aspects of cybersecurity either directly or indirectly, but there is no overarching framework legislation in place. While revisions to most of those laws have been proposed over the past few years, no major cybersecurity legislation has been enacted since 2002. […] For most of those topics, at least some of the bills addressing them have proposed changes to current laws. Several of the bills specifically focused on cybersecurity have received committee or floor action, but none have become law. Comprehensive legislative proposals on cybersecurity that have received considerable attention in 2012 are The Cybersecurity Act of 2012 (CSA 2012, S. 2105, reintroduced in revised form as S. 3414), recommendations from a House Republican task force, and a proposal by the Obama Administration. They differ in approach, with S. 2105 proposing the most extensive regulatory framework and organizational changes, and the task force recommendations focusing more on incentives for improving private-sector cybersecurity. An alternative to S. 2105 and S. 3414, S."

Report Number:
CRS Report for Congress, R42114
Public Domain
Retrieved From:
Via E-mail
Media Type:
Help with citations