{ "id": "R43831", "type": "CRS Report", "typeId": "REPORTS", "number": "R43831", "active": true, "source": "EveryCRSReport.com, University of North Texas Libraries Government Documents Department", "versions": [ { "source": "EveryCRSReport.com", "id": 455558, "date": "2016-08-12", "retrieved": "2016-09-09T18:41:36.619273", "title": "Cybersecurity Issues and Challenges: In Brief", "summary": "The information and communications technology (ICT) industry has evolved greatly over the last half century. The technology is ubiquitous and increasingly integral to almost every facet of modern society. ICT devices and components are generally interdependent, and disruption of one may affect many others. Over the past several years, experts and policymakers have expressed increasing concerns about protecting ICT systems from cyberattacks, which many experts expect to increase in frequency and severity over the next several years. \nThe act of protecting ICT systems and their contents has come to be known as cybersecurity. A broad and arguably somewhat fuzzy concept, cybersecurity can be a useful term but tends to defy precise definition. It is also sometimes inappropriately conflated with other concepts such as privacy, information sharing, intelligence gathering, and surveillance. However, cybersecurity can be an important tool in protecting privacy and preventing unauthorized surveillance, and information sharing and intelligence gathering can be useful tools for effecting cybersecurity.\nThe management of risk to information systems is considered fundamental to effective cybersecurity. The risks associated with any attack depend on three factors: threats (who is attacking), vulnerabilities (the weaknesses they are attacking), and impacts (what the attack does). Most cyberattacks have limited impacts, but a successful attack on some components of critical infrastructure (CI)\u2014most of which is held by the private sector\u2014could have significant effects on national security, the economy, and the livelihood and safety of individual citizens. Reducing such risks usually involves removing threat sources, addressing vulnerabilities, and lessening impacts. \nThe federal role in cybersecurity involves both securing federal systems and assisting in protecting nonfederal systems. Under current law, all federal agencies have cybersecurity responsibilities relating to their own systems, and many have sector-specific responsibilities for CI. On average, federal agencies spend more than 10% of their annual ICT budgets on cybersecurity.\nMore than 50 statutes address various aspects of cybersecurity. Five bills enacted in the 113th Congress and another in the 114th address the security of federal ICT and U.S. CI, the federal cybersecurity workforce, cybersecurity research and development, information sharing in both the public and private sectors, and international aspects of cybersecurity. Other bills considered by Congress have addressed a range of additional issues, including data breach prevention and response, cybercrime and law enforcement, and the Internet of Things, among others.\nAmong actions taken by the Obama Administration during the 114th Congress are promotion and expansion of nonfederal information sharing and analysis organizations; announcement of an action plan to improve cybersecurity nationwide; proposed increases in cybersecurity funding for federal agencies of more than 30%, including establishment of a revolving fund for modernizing federal ICT; and a directive laying out how the federal government will respond to both government and private-sector cybersecurity incidents.\nThose recent legislative and executive-branch actions are largely designed to address several well-established needs in cybersecurity. However, those needs exist in the context of difficult long-term challenges relating to design, incentives, consensus, and environment. Legislation and executive actions in the 114th and future Congresses could have significant impacts on those challenges.", "type": "CRS Report", "typeId": "REPORTS", "active": true, "formats": [ { "format": "HTML", "encoding": "utf-8", "url": "http://www.crs.gov/Reports/R43831", "sha1": "08bae88c7c7c0a15083a3c550eeebe0ea1c28c2f", "filename": "files/20160812_R43831_08bae88c7c7c0a15083a3c550eeebe0ea1c28c2f.html", "images": null }, { "format": "PDF", "encoding": null, "url": "http://www.crs.gov/Reports/pdf/R43831", "sha1": "f1345bf5a7e5d9c07f111499e91593308a7626ff", "filename": "files/20160812_R43831_f1345bf5a7e5d9c07f111499e91593308a7626ff.pdf", "images": null } ], "topics": [ { "source": "IBCList", "id": 4300, "name": "Cybersecurity" } ] }, { "source": "EveryCRSReport.com", "id": 440927, "date": "2015-04-29", "retrieved": "2016-04-06T19:09:04.552239", "title": "Cybersecurity Issues and Challenges: In Brief", "summary": "The information and communications technology (ICT) industry has evolved greatly over the last half century. The technology is ubiquitous and increasingly integral to almost every facet of modern society. ICT devices and components are generally interdependent, and disruption of one may affect many others. Over the past several years, experts and policymakers have expressed increasing concerns about protecting ICT systems from cyberattacks, which many experts expect to increase in frequency and severity over the next several years. \nThe act of protecting ICT systems and their contents has come to be known as cybersecurity. A broad and arguably somewhat fuzzy concept, cybersecurity can be a useful term but tends to defy precise definition. It is also sometimes inappropriately conflated with other concepts such as privacy, information sharing, intelligence gathering, and surveillance. However, cybersecurity can be an important tool in protecting privacy and preventing unauthorized surveillance, and information sharing and intelligence gathering can be useful tools for effecting cybersecurity.\nThe management of risk to information systems is considered fundamental to effective cybersecurity. The risks associated with any attack depend on three factors: threats (who is attacking), vulnerabilities (how they are attacking), and impacts (what the attack does). Most cyberattacks have limited impacts, but a successful attack on some components of critical infrastructure (CI)\u2014most of which is held by the private sector\u2014could have significant effects on national security, the economy, and the livelihood and safety of individual citizens. Reducing such risks usually involves removing threat sources, addressing vulnerabilities, and lessening impacts. \nThe federal role in cybersecurity involves both securing federal systems and assisting in protecting nonfederal systems. Under current law, all federal agencies have cybersecurity responsibilities relating to their own systems, and many have sector-specific responsibilities for CI. On average, federal agencies spend more than 10% of their annual ICT budgets on cybersecurity.\nMore than 50 statutes address various aspects of cybersecurity, and new legislation has been debated since at least the 111th Congress. Executive Order 13636 and Presidential Policy Directive 21, released in February 2013, address the cybersecurity of CI through voluntary public/private sector collaboration and use of existing regulatory authorities. Five bills enacted in December 2014 address the security of federal ICT, the cybersecurity workforce at the Department of Homeland Security (DHS), cybersecurity research and development, and DHS information-sharing activities. Other bills would have addressed information sharing more broadly, protection of CI, notification of victims of data breaches, and cybercrime laws, among other issues. At the beginning of the 114th Congress, the Obama Administration took actions including proposed legislation on information sharing, data-breach notification, and cybercrime laws. Bills addressing those and other issues have been introduced in the House and the Senate. Several have seen committee or floor action, with two bills on information sharing, H.R. 1560 and H.R. 1731, passing the House in April 2015.\nThe executive-branch actions and proposed legislation are largely designed to address several well-established near-term needs in cybersecurity. However, those needs exist in the context of more difficult long-term challenges relating to design, incentives, consensus, and environment. Legislation and executive actions in the 114th Congress could have significant impacts on those challenges. For access to additional CRS reports and other resources, see the Cybersecurity Issue Page at http://www.crs.gov.", "type": "CRS Report", "typeId": "REPORTS", "active": true, "formats": [ { "format": "HTML", "encoding": "utf-8", "url": "http://www.crs.gov/Reports/R43831", "sha1": "f4c650ed473891cc84faa6d5b2db2a6e10e3a294", "filename": "files/20150429_R43831_f4c650ed473891cc84faa6d5b2db2a6e10e3a294.html", "images": null }, { "format": "PDF", "encoding": null, "url": "http://www.crs.gov/Reports/pdf/R43831", "sha1": "e65e02a052d415d575766a701411e4663da3a335", "filename": "files/20150429_R43831_e65e02a052d415d575766a701411e4663da3a335.pdf", "images": null } ], "topics": [ { "source": "IBCList", "id": 4300, "name": "Cybersecurity" } ] }, { "source": "University of North Texas Libraries Government Documents Department", "sourceLink": "https://digital.library.unt.edu/ark:/67531/metadc501605/", "id": "R43831_2014Dec16", "date": "2014-12-16", "retrieved": "2015-03-30T22:03:27", "title": "Cybersecurity Issues and Challenges: In Brief", "summary": "The information and communications technology (ICT) industry has evolved greatly over the last half century. The technology is ubiquitous and increasingly integral to almost every facet of modern society. ICT devices and components are generally interdependent, and disruption of one may affect many others. Over the past several years, experts and policy makers have expressed increasing concerns about protecting ICT systems from cyberattacks, which many experts expect to increase in frequency and severity over the next several years. This report discusses the concept of cybersecurity, the management of cybersecurity risks, and the federal government's role in managing such risks.", "type": "CRS Report", "typeId": "REPORT", "active": false, "formats": [ { "format": "PDF", "filename": "files/20141216_R43831_acbefaafacb64f97fd77df976c469127afdd9308.pdf" }, { "format": "HTML", "filename": "files/20141216_R43831_acbefaafacb64f97fd77df976c469127afdd9308.html" } ], "topics": [ { "source": "LIV", "id": "Technology", "name": "Technology" }, { "source": "LIV", "id": "Computer crimes", "name": "Computer crimes" }, { "source": "LIV", "id": "Crime and criminals", "name": "Crime and criminals" }, { "source": "LIV", "id": "Computer security measures", "name": "Computer security measures" } ] } ], "topics": [] }