Law and Policy

Center for Cybersecurity Policy and Law | HomeThe Center for Cybersecurity Policy and Law is a nonprofit (501(c)(6) organization that develops, advances, and promotes best practices and educational opportunities among cybersecurity professionals.

With the advent of the GDPR in the European Union and continuous technological improvements across the globe, the cybersecurity landscape is becoming more complex every day. There are many pieces of legislation and executive orders in the United States that have had an impact on the safeguarding of information over time. To name a few:

There are over 40 other laws are applicable to cybersecurity today according to a recent Congressional Research Report. This has created a patchwork which makes it very hard to efficiently share information and skews the balance of the CIA triad. A symbiotic relationship exists between law, information sharing, and information safeguarding. The cybersecurity professional attempts to safeguard data by supplying the confidentiality and integrity principles which always seem to be at odds with the availability principle. Law and policy can either support or deter the cybersecurity practitioner in this fight. In the wake of AI, quantum computing, and cryptocurrency, the legislative landscape in America is in a precarious situation. Not everyone is lucky enough to have legal counsel readily available. Working together, we can attempt to navigate this domain.

LawfareHard National Security Choices

Lawfare is published in cooperation with the Brookings Institute and maintains an extremely robust/insightful cybersecurity section focusing specifically on law and policy.

Some other great resources can be found at the following sites:

https://www.securityweek.com/cybercrime

https://krebsonsecurity.com/

DataGuidance

The National Conference of State Legislatures Cybersecurity Law Tracker

GSA Cybersecurity
Programs and Policies

Department of Homeland Security's Cybersecurity Center

The Cyberspace Solarium Commission was established in 2019 and their report was released on March 11, 2020. This report has wide sweeping impacts on cybersecurity in the United States and has resulted in many legislative proposals. The report issued over 80 recommendations and organized them into six pillars. The major outcomes of this report may effect government information sharing and cyber defense procedures than the civilian population's day to day life. However, Pillar 5 of this report called for operationalizing collaboration between the Federal government and the private sector. One of the biggest outcomes of the report involves the implementation of a National Cyber Incident Reporting Law. The link on the left has a large amount of resources regarding the commission's report. The link on the right focuses on preserving and continuing the work of the commission.

Cyberspace Solarium Commission Solarium.gov will no longer be receiving updates.For up-to-date content, please visit cybersolarium.org

Homepage - CSC 2.0Our Mission CSC 2.0 preserves the legacy and continues the work of the Cyberspace Solarium Commission (CSC). Congress created the CSC in the John S. McCain National Defense Authorization Act for Fiscal Year 2019 to “develop a consensus on a strategic approach to defending the United States in cyberspace against cyber attacks of significant consequences.” […]