Cyber Legislation: A Reference Table

Vol. 10 No. 1


Since the attacks of September 11, America’s awareness of the role of information technology as an essential element in the management of our critical infrastructures has raised the ante both in our investment in protection and in our vulnerability to attacks. Each year Congress and the other public policy arms of our government make significant investments in attempting to divine pathways to acceptable compromises among the diverse commercial and social interests that the estimated $1 trillion information and communications technology (ICT) industry will tolerate, and from which they will take comfort and find benefit.

The task of crafting technology policy has never been easy; between the time Judge Harold Green handed down his landmark decision in the AT&T antitrust case in 1983 and passage of an acceptable new telecommunication bill, 13 long years passed, and many find the imperfections still troubling 16 years later. But with the growth of undeniable cyberattacks against critical infrastructure emanating from nation states and state-sponsored terrorists around the globe, tightening the security perimeter around both government and commercial information technology networks, as well as providing comfort to the billions of individual users of IT systems for educational, personal finance, and social communications applications raises the stakes still higher, and adds an element of urgency.

Over the past five years the US Congress has wrestled unsuccessfully with information technology legislation of a variety of flavors—information sharing about threats and attacks, regulatory structures intended to assure the safety of commercial critical infrastructures, cybercrime measures directed at interdicting international electronic traffic in aid of more insidious human trafficking and contraband of every description. As with so much other important legislation, these important measures have fallen victim to the gridlock our recent partisan rancor has produced.

  • In the 113th Congress, only 22 bills of any subject have been sent to the President for signature.
  • Eight bills have been introduced in the Senate with cyber in the caption; 10 in the House.
  • Two of these “cyber” bills have become law; both are appropriations bills.

The table that accompanies this article lists only those bills that are principally cyber in nature and have passed at least one house of the Congress.

In fairness, there is other important cyberpolicy work underway in Washington, including a significant initiative launched in February under Executive Order 13636, the Cyber Framework. This could make long-overdue headway in bringing together technology developers with critical infrastructure users and the government, as well as security interests to develop collaborative models to use systems safely, even in the face of continuing and, arguably, growing threats from cyber adversaries around the world.


 Download a printable PDF of this article, which includes the table.


  • About The SciTech Lawyer

  • Subscriptions

  • Contact Us

  • More Information