Cybersecurity

Cybersecurity vulnerabilities challenge governments, businesses, and individuals worldwide. Attacks have been initiated against individuals, corporations, and countries. Targets have included government networks, companies, and political organizations, depending upon whether the attacker was seeking military intelligence, conducting diplomatic or industrial espionage, engaging in cybercrime, or intimidating political activists. In addition, national borders mean little or nothing to cyberattackers, and attributing an attack to a specific location can be difficult, which may make responding problematic. Despite many recommendations made over the past decade, most major legislative provisions relating to cybersecurity had been enacted prior to 2002. However, on December 18, 2014, five cybersecurity bills were signed by the President. These bills changed federal cybersecurity programs in a number of ways: codifying the role of the National Institute of Standards and Technology (NIST) in developing a "voluntary, industry-led set of standards" to reduce cyber risk; codifying the Department of Homeland Security's (DHS's) National Cybersecurity and Communications Integration Center as a hub for interactions with the private sector; updating the Federal Information Security Management Act (FISMA) by requiring the Office of Management and Budget (OMB) to "eliminate ... inefficient and wasteful reports"; and requiring DHS to develop a "comprehensive workforce strategy" within a year and giving DHS new authorities for cybersecurity hiring. On December 18, 2015, H. R. 2029, the Consolidated Appropriations Act, was signed into public law (P. L. 114-113). The omnibus law's cybersecurity provisions are located in Division N (Cybersecurity Act of 2015), including Title I, Cybersecurity Information Sharing; Title II, National Cybersecurity Advancement; Title III, Federal Cybersecurity Workforce Assessment; and Title IV, Other Cyber Matters. The measure represents a compromise between the House and Senate intelligence committees and the House Homeland Security Committee. It includes various components of three separate information sharing bills: H. R. 1560 and H. R. 1731, passed by the House in April 2015, and S. 754, passed by the Senate in October 2015. The bill encourages private companies to voluntarily share information about cyber threats with each other as well as the government. Firms that participate in the information sharing will receive liability protection. Executive orders authorize the President to manage federal government operations. Presidential directives pertain to all aspects of U. S. national security policy as authorized by the President. This report provides a list of executive orders and presidential directives pertaining to information and computer security.