{
  "id": "RL32777",
  "type": "CRS Report",
  "typeId": "REPORTS",
  "number": "RL32777",
  "active": false,
  "source": "EveryCRSReport.com",
  "versions": [
    {
      "source": "EveryCRSReport.com",
      "id": 102251,
      "date": "2005-02-22",
      "retrieved": "2016-04-07T19:52:20.389029",
      "title": "Creating a National Framework for Cybersecurity: An Analysis of Issues and Options",
      "summary": "Even before the terrorist attacks of September 2001, concerns had been rising among security\nexperts\nabout the vulnerabilities to attack of computer systems and associated infrastructure. Yet, despite\nincreasing attention from federal and state governments and international organizations, the defense\nagainst attacks on these systems has appeared to be generally fragmented and varying widely in\neffectiveness. Concerns have grown that what is needed is a national cybersecurity framework -- \na coordinated, coherent set of public- and private-sector efforts required to ensure an acceptable level\nof cybersecurity for the nation. \n  As commonly used,  cybersecurity  refers to three things: measures to protect\n information\ntechnology; the information it contains, processes, and transmits, and associated physical and virtual\nelements (which together comprise  cyberspace ); the degree of protection resulting from\napplication\nof those measures; and the associated field of professional endeavor. Virtually any element of\ncyberspace can be at risk, and the degree of interconnection of those elements can make it difficult\nto determine the extent of the cybersecurity framework that is needed. Identifying the major\nweaknesses in U.S. cybersecurity is an area of some controversy. However, some components\nappear to be sources of potentially significant risk because either major vulnerabilities have been\nidentified or substantial impacts could result from a successful attack. -- in particular, components\nthat play critical roles in elements of critical infrastructure, widely used commercial software,\norganizational governance, and the level of public knowledge and perception about cybersecurity.\n  There are several options for broadly addressing weaknesses in cybersecurity . They include\nadopting standards and certification, promulgating best practices and guidelines, using benchmarks\nand checklists, use of auditing, improving training and education, building security into enterprise\narchitecture, using risk management, and using metrics. These different approaches all have\ndifferent strengths and weaknesses with respect to how they might contribute to the development of\na national framework for cybersecurity. None of them are likely to be widely adopted in the absence\nof sufficient economic incentives for cybersecurity. \n  Many observers believe that cyberspace has too many of the properties of a commons for\nmarket forces alone to provide those incentives. Also, current federal laws, regulations, and\npublic-private partnerships appear to be much narrower in scope than the policies called for in the\n National Strategy to Secure Cyberspace  and similar documents. Some recent laws do\nprovide\nregulatory incentives for corporate management to address cybersecurity issues. Potential models\nfor additional action include the response to the year-2000 computer problem and federal safety and\nenvironmental regulations. Congress might consider encouraging the widespread adoption of\ncybersecurity standards and best practices, procurement leveraging by the federal government,\nmandatory reporting of incidents, the use of product liability actions, the development of\ncybersecurity insurance, and strengthened federal cybersecurity programs in the Department of\nHomeland Security and elsewhere. This report will be updated in response to significant\ndevelopments in cybersecurity.",
      "type": "CRS Report",
      "typeId": "REPORTS",
      "active": false,
      "formats": [
        {
          "format": "PDF",
          "encoding": null,
          "url": "http://www.crs.gov/Reports/pdf/RL32777",
          "sha1": "7f38416d8e69a9a428fd094567c00964aea1790c",
          "filename": "files/20050222_RL32777_7f38416d8e69a9a428fd094567c00964aea1790c.pdf",
          "images": null
        },
        {
          "format": "HTML",
          "filename": "files/20050222_RL32777_7f38416d8e69a9a428fd094567c00964aea1790c.html"
        }
      ],
      "topics": []
    }
  ],
  "topics": [
    "Intelligence and National Security",
    "Science and Technology Policy"
  ]
}