LegiStorm

Summary:

C ybersecurity has been gaining attention as a national issue for the past decade. During this time, the country has witnessed cyber incidents affecting both public and private sector systems and data. These incidents have included attacks in which data was stolen, alte red, or access to it was disrupted or denied. The frequency of these attacks, and their effects on the U.S. economy, national security, and people’s lives have driven cybersecurity issues to the forefront of congressional policy conversations. This report provides an overview of selected cybersecurity concepts and a discussion of cybersecurity issues that are likely to be of interest during the 115 th Congress. From a policymaking standpoint, cybersecurity includes the security of the devices, infrastructur e, data, and users that make up cyberspace. The elements of ensuring cybersecurity involves policies spanning a range of fields, including education, workforce management, investment, entrepreneurship, and research and development. Software development, la w enforcement, intelligence, incident response, and national defense are involved in the response when something goes awry in cyberspace. To help secure and respond to incidents in cyberspace federal departments and agencies carry out their authorized resp onsibilities, run programs, and work with the private sector. While every federal agency has a role in protecting its own data and systems, certain agencies have significant responsibilities with regard to national cybersecurity. The Department of Defense supports domestic efforts on cybersecurity with its capabilities and capacity, and deploys military assets to protect American critical infrastructure from a cyberattack when directed to do so. The Department of Homeland Security secures federal networks, coordinates critical infrastructure protection efforts, responds to cyber threats, investigates cybercrimes, funds cybersecurity research and development, and promotes cybersecurity education and awareness. The Department of Justice investigates and prosec utes a variety of cyber threats, which range from computer hacking and intellectual property rights violations to fraud, child exploitation, and identity theft. Congress passed five laws related to cybersecurity during the 113 th Congress and an additional law during the 114 th Congress. Congress also held 119 hearings on cybersecurity - related issues during the 114 th Congress. The White House issued presidential actions on cybersecurity related to critical infrastructure cybersecurity, information sharing, a nd sanctions in retaliation for malicious cyber activities. Cybersecurity policy has continued to hold congressional interest during the 115 th Congress. Recent congressional hearings have examined several cybersecurity issues, including data breaches, cri tical infrastructure protection, education and training, and the security of federal information technology. Other issues discussed during the 114 th Congress continue to hold stakeholder interest, including debates concerning government access to encrypted data. This report covers a variety of topics related to cybersecurity in order to provide context and a framework for further discussion on selected policy areas. These topics include cybersecurity incidents, major federal agency roles and responsibiliti es, recent policy actions by Congress and the White House, and descriptions of policy issues that may be of interest in for the 115 th Congress.