About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

1 1 (December 17, 2024)

handle is hein.crs/goverrv0001 and id is 1 raw text is: Congressionol Research Service Informing the IegisI9tive debate since 1914 December 17, 2024 Legislating on Cybersecurity Introduction Cybersecurity considerations for policymakers are broader than those for managing cybersecurity at an organization. When thinking strategically about how to legislate for cybersecurity, lawmakers may consider educating, recruiting, and retaining knowledgeable workers; authorizing and resourcing agencies; deterring and responding to threats; securing international supply chains; and understanding the resiliency of individual companies and sectors. This In Focus discusses key cybersecurity threats and impacts, how Congress has addressed cyber risk, and some general actions policymakers may consider in the future. Threats and rpacts The nation faces many threats in cyberspace. Threat actors may directly target the elements of cyberspace (e.g., networks and data) or use those elements to attack public and private entities. The 2024 Annual Threat Assessment of the U.S. Intelligence Community discusses five main threat actors: the People's Republic of China (China), the Russia Federation (Russia), Iran, North Korea, and criminals. (Quotes below are from the Assessment.) China is the most active and persistent cyber threat to U.S. Government, private-sector, and critical infrastructure networks. Recently, China compromised telecommunications systems to spy on campaigns, federal officials, and sensitive government operations. Russia views cyber disruptions as a foreign policy lever to shape other countries' decisions and continuously refines and employs its espionage, influence, and attack capabilities against a variety of targets. In 2021, Russia compromised a technology services company so it could spy on that company's clients. Iran is growing expertise and willingness to conduct aggressive cyber operations and takes an opportunistic approach to attacks. In 2022, Iran exploited a severe bug in widely used open-source software to attack web servers. North Korea poses a sophisticated and agile espionage, cybercrime, and attack threat and focuses on attacks that lead to financial gain. North Korea has long used ransomware and hack-and-leak operations to steal money and bolster North Korea's economy. Criminal groups are likely to continue to be involved in ransomware operations ... extorting funds, disrupting critical services, and exposing sensitive data. Earlier this year, criminals deployed ransomware on systems that forced a company to degrade their services, snarling health care delivery nationwide. Not all cyber incidents are caused by malicious actors. A computer glitch resulted in mass transportation and commerce disruptions in 2024. Recent Congressona Actons For more than a decade, Congress has taken a sustained interest in cybersecurity policy. The 113th Congress (2013-2014) authorized many existing executive branch activities. Congress directed the Department of Homeland Security (DHS) to serve as the interface between the private sector and the government for cybersecurity matters, and gave DHS a role in the management of federal agencies' cybersecurity. The 114th Congress (2015-2016) expanded agency authorities. Building on the previous Congress's work, this Congress increased agency responsibilities for cyber information sharing, required federal cybersecurity protection actions, and directed strategy development. The 115th Congress (2017-2018) created the Cybersecurity and Infrastructure Security Agency (born out of an existing organization within DHS) to manage national cyber risk. The 116th Congress (2019-2020) sought to improve interagency coordination. It created a Senate-confirmed position in the White House to coordinate federal agency actions and resourcing for cybersecurity. The 117th Congress (2021-2022) increased cyber security resources. This Congress provided $4 billion in new funding for federal agencies, state and local governments, and the private sector to modernize information technology and improve cyber resilience. It also created a requirement for private entities to report to the government when they experience cyber incidents and make ransomware payments. The 118th Congress (2023-2024) added and clarified roles for the Department of Defense and Department of State. Legislative Activ ty During each of the past six Congresses, Members have introduced more than 40 pieces of legislation related to cybersecurity. Approximately half of those got committee consideration, and a smaller number were passed (or adopted) by either the House or Senate. A portion of those became law, either as part of a broader package (e.g., the National Defense Authorization Act) or as stand-alone legislation. Table 1 shows the number of cyber bills that

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Purchase Access

Already a HeinOnline Subscriber?

Log In

profiles profiles most