Cybersecurity: Legislation, Hearings, and Executive Branch Documents [December 10, 2015] [open pdf - 962KB]
"Cybersecurity vulnerabilities challenge governments, businesses, and individuals worldwide. Attacks have been initiated against individuals, corporations, and countries. Targets have included government networks, companies, and political organizations, depending upon whether the attacker was seeking military intelligence, conducting diplomatic or industrial espionage, engaging in cybercrime, or intimidating political activists. In addition, national borders mean little or nothing to cyberattackers, and attributing an attack to a specific location can be difficult, which may make responding problematic. Despite many recommendations made over the past decade, most major legislative provisions relating to cybersecurity had been enacted prior to 2002. However, on December 18, 2014, in the last days of the 113th Congress, five cybersecurity bills were signed by the President. These bills change federal cybersecurity programs in a number of ways: 1) codifying the role of the National Institute of Standards and Technology (NIST) in developing a 'voluntary, industry-led set of standards' to reduce cyber risk; 2) codifying the Department of Homeland Security's (DHS's) National Cybersecurity and Communications Integration Center as a hub for interactions with the private sector; 3) updating the Federal Information Security Management Act (FISMA) by requiring the Office of Management and Budget (OMB) to 'eliminate ... inefficient and wasteful reports'; and 4) requiring DHS to develop a 'comprehensive workforce strategy' within a year and giving DHS new authorities for cybersecurity hiring."
CRS Report for Congress, R43317
Federation of American Scientists: http://www.fas.org/sgp/crs/index.html