The federal government's role in protecting U.S. citizens and
critical infrastructure from cyberattacks has been the subject of
recent congressional interest. Critical infrastructure commonly
refers to those entities that are so vital that their
incapacitation or destruction would have a debilitating impact on
national security, economic security, or the public health and
safety. This report discusses selected legal issues that frequently
arise in the context of recent legislation to address
vulnerabilities of critical infrastructure to cyber threats,
efforts to protect government networks from cyber threats, and
proposals to facilitate and encourage sharing of cyber threat
information among private sector and government entities. This
report also discusses the degree to which federal law may preempt
state law. It has been argued that, in order to ensure the
continuity of critical infrastructure and the larger economy, a
regulatory framework for selected critical infrastructure should be
created to require a minimum level of security from cyber threats.
On the other hand, others have argued that such regulatory schemes
would not improve cybersecurity while increasing the costs to
businesses, expose businesses to additional liability if they fail
to meet the imposed cybersecurity standards, and increase the risk
that proprietary or confidential business information may be
inappropriately disclosed. In order to protect federal information
networks, the Department of Homeland Security (DHS), in conjunction
with the National Security Agency (NSA), uses a network intrusion
system that monitors all federal agency networks for potential
attacks. Known as EINSTEIN, this system raises significant privacy
implications-a concern acknowledged by DHS, interest groups,
academia, and the general public. DHS has developed a set of
procedures to address these concerns such as minimization of
information collection, training and accountability requirements,
and retention rules. Notwithstanding these steps, there are
concerns that the program may implicate privacy interests protected
under the Fourth Amendment. Although many have argued that there is
a need for federal and state governments, and owners and operators
of the nation's critical infrastructures, to share information on
cyber vulnerabilities and threats, obstacles to information sharing
may exist in current laws protecting electronic communications or
in antitrust law. Private entities that share information may also
be concerned that sharing or receiving such information may lead to
increased civil liability, or that shared information may contain
proprietary or confidential business information that may be used
by competitors or government regulators for unauthorized purposes.
Several bills in the 112th Congress would seek to improve the
nation's cybersecurity, and may raise some or all of the legal
issues mentioned above. For example, H.R. 3523 (Rogers
(Mich.)-Ruppersberger) addresses information sharing between the
intelligence community and the private sector. H.R. 3674 (Lungren)
includes provisions regarding the protection of critical
infrastructure, as well as information sharing. H.R. 4257
(Issa-Cummings) would require all federal agencies to continuously
monitor their computer networks for malicious activity and would
impose additional cybersecurity requirements on all federal
agencies. S. 2102 (Feinstein) seeks to facilitate information
sharing. S. 2105 (Lieberman) includes the information sharing
provisions of S. 2102, as well as provisions relating to the
protection of critical infrastructure and federal government
networks. S. 2151 (McCain) and H.R. 4263 (Bono-Mack) also addresses
information sharing among the private sector and between the
private sector and the government. Many of these bills also include
provisions specifically addressing the preemption of state laws.
General
Is the information for this product incomplete, wrong or inappropriate?
Let us know about it.
Does this product have an incorrect or missing image?
Send us a new image.
Is this product missing categories?
Add more categories.
Review This Product
No reviews yet - be the first to create one!