Resources

Government Resources

Departments, Agencies, and More: the Public Sector

Cyberspace Solarium Commission

Click here to learn more about the Commission.

View the Commission's final report (released March 11, 2020)

Department of Defense

Annual Report to Congress - Military and Security Developments Involving the People's Republic of China (2019)

Department of Homeland Security

Cybersecurity Strategy (2019)

Cybersecurity Insurance Workshop Readout Report
National Protection and Programs Directorate (2012)

Fact Sheet: National Level Exercise (2012)

National Initiative for Cybersecurity Careers and Studies
NICCS helps make cybersecurity materials more available. (2012)

Cybersecurity and Infrastructure Security Agency:

Department of Justice

Legal Considerations when Gathering Online Cyber Threat Intelligence and Purchasing Data from Illicit Sources Criminal Division, Computer Crime and Intellectual Property Section, 2020

Department of Justice's Best Practices for Victim Response and Reporting of Cyber Incidents (2018)

Antitrust Policy Statement on Sharing of Cybersecurity Information (2014)

Department of State

Country Reports on Terrorism

Joint Statement on Advancing Responsible State Behavior in Cyberspace (International Resolution) (2019)

International Law In Cyberspace (2012)

Remarks by Legal Advisor Harold Hongju Koh to the USCYBERCOM Inter-Agency Legal Conference (2012)

Department of the Treasury

G7 Fundamental Elements of Cybersecurity for the Financial Sector (2016)

Federal Emergency Management Agency

National Level Exercise  (2018)

Federal Trade Commission

SIGN UP for FTC Press Release Updates

FTC Privacy & Data Security Update for 2018 (2019)

Cybersecurity Resources for Your Small Business U.S. Federal Trade Commission (2018)

Date Breach Response: A Guide for Business (2016)

Antitrust Policy Statement on Sharing of Cybersecurity Information (2014)

Government Accountability Office

Cybersecurity Challenges Facing the Nation (2018)

Privacy: Federal Law Should Be Updated to Address Changing Technology Landscape

Testimony of Gregory C. Wilshusen, Director of GAO Information Security Issues, before the Subcommittee on Oversight of Government Management, the Federal Workforce, and the District of Columbia, Committee on Homeland Security and Governmental Affairs, U.S. Senate. (2012)

National Institute of Standards and Technology

Telework Security Basics (2020)

LAUNCHING: NIST Small Business Cybersecurity Corner U.S. Department of Commerce (2019)

Version 1.1 of Cybersecurity Framework (2018)

Small Business Information Security: The Fundamentals (2016)

Framework for Improving Critical Infrastructure Cybersecurity (2014)

Security and Privacy Controls for Federal Information Systems and Organizations (2013)

Office of Management and Budget

Federal Cybersecurity Risk Determination Report and Action Plan (2018)

Memorandum for Heads of Executive Departments and Agencies (2012)

Office of the Director of National Intelligence

National Counterintelligence Strategy, 2020-2022 (National Counterintelligence and Security Center)

Cyber Training Series (National Counterintelligence and Security Center)

Know the Risks, Raise Your Shield
Secure your business' supply chain, guard against intellectual property theft, and avoid spear-phishing and social media deception. View Press Release. (2019)

Supply Chain Risk Management (2019) (National Counterintelligence and Security Center)

Foreign Spies Stealing US Economic Secrets in Cyberspace (2011) (Office of the National Counterintelligence Executive)

Securities and Exchange Commission

SEC Risk Alert (April, 2019)

United States Air Force

Cyberspace Operations: Air Force Doctrine Document 3-12 (2010)

Executive Reports, Orders, and Policy Directives

2018

Executive Order: Enhancing the Effectiveness of Agency Chief Information Officers, May 2018

2017

2017 Insider Threat Guide: A Compendium of Best Practices to Accompany the National Insider Threat Minimum Standards

First U.S.-China Law Enforcement and Cybersecurity Dialogue
Released October, 2017

Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Released May 11, 2017

Presidential Executive Order on the Establishment of the American Technology Council Released May 1, 2017

Justice Department Announces Actions to Disable Kelihos Botnet (United States v. Levashov)
Released April, 2017

2016

Year End Report: House Judiciary and House Energy and Commerce Committees' Encryption Working Group
Released December, 2016

Presidential Policy Directive on U.S. Cyber Incident Coordination
Released July 2016

Memo: House Energy and Commerce Committee Hearing on Encryption
Released April 2016

FACT SHEET: Cybersecurity National Action Plan
Released February 2016

2015

Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations from the Office of Legal Education

Executive Order--"Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities"

Statement of William C. Hubbard, President, American Bar Association, Re: President Obama’s Executive Order on financial sanctions for cyberintrusions (4/3/2015)

"Cyberintrusions present an extraordinary threat to the national security, foreign policy and economy of the United States. The American Bar Association commends President Obama for his executive order establishing a financial sanctions program targeting individuals and entities who engage in significant malicious cyber activities concerning trade secrets and the economic and financial stability of the United States. This executive order provides a new tool for both the private sector and the government in the fight against malicious cyberactivity and cybertheft.
The ABA adopted a resolution in 2013 calling for appropriate sanctions for unauthorized, illegal intrusions into the computer networks, including economic sanctions or asset forfeitures against those involved.  Information security represents an increasingly important issue for the legal profession. Sophisticated hacking activities on private computer systems and networks, including on those used by lawyers and law firms, have increased dramatically over the last decade. The Executive Order, by using authorities pursuant to the International Emergency Economic Powers Act, recognizes the potential national security implications. These breaches also expose clients, their lawyers and society to significant economic losses and undermine the legal profession by threatening client confidentiality and the attorney-client privilege."

2014

Cybersecurity Procurement Language for Energy Delivery Systems, April 2014
Released April 2014

2013

2013 Cybersecurity Executive Order: Overview and Considerations for CongressCongressional Research Service

U.S. Federal Cybersecurity Operations Teams
Released March 2013

Cybersecurity Questions for CEOs
Released February 2013

Administration Strategy on Mitigating the Theft of U.S. Trade Secrets
Released February 20, 2013

Presidential Policy Directive on Critical Infrastructure Security and Resilience
Released February 12, 2013

Executive Order 13636 - Improving Critical Infrastructure
Released February 12, 2013

Legislative Branch

Children's Online Privacy Protection Act

Text 105th Congress

COPPA imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age. Learn more from the FTC.

Cybersecurity and Infrastructure Security Act 

2018 115th Congress

2017 115th Congress

FISA

2018 115th Congress

Gramm Leach Bliley Act

In the news: FTC Proposes Changes to Graham Leach Bliley Act

Amending House Resolution 115th Congress

Text

National Defense Authorization Act

2020 116th Congress

2019 115th Congress

NIST Small Business Cybersecurity Act

2018 115th Congress

Reports, Guidelines, Hearings, and More

2016

U.S. House of Representatives Committee on Science, Space, and Technology: Subcommittee on Research & Technology and Oversight Friday, January 8, 2016 Hearing on "Cybersecurity: What the Federal Government Can Learn from the Private Sector"

2015

Cybersecurity and Information Sharing: Legal Challenges and Solutions
Congressional Research Service by Andrew Nolan, Legislative Attorney

2014

Cybersecurity: Authoritative Reports and Resources, by Topic
Congressional Research Service (May 2014)

Framework for Improving Critical Infrastructure Cybersecurity
National Institute of Standards and Technology, February 2014

The Federal Government’s Track Record on Cybersecurity and Critical Infrastructure 
Senate Committee on Homeland Security and Governmental Affairs, February 2014

2013

The 2013 Cybersecurity Executive Order: Overview and Considerations for Congress
Congressional Research Service, December 2013

2012

Investigative Report on the U.S. National Security Issues Posed by Chinese Telecommunications Companies Huawei and ZTE Permanent Select Committee on Intelligence, U.S. House of Representatives, October 2012

State Legislation

(Access the National Conference of State Legislatures Task Force on Cybersecurity)

California

AB-1215 (blocking the use by police of body cams for facial recognition purposes) (2019)

California Privacy Act 2018

Information Privacy: Connected Devices Act 2018

Florida

Florida Information Protect Act 2014

Maine

An Act To Protect the Privacy of Online Customer Information

Nevada

Nevada Enacts New Online Privacy Law (More information on SB220)

New York

New York Department of Financial Services Cybersecurity Requirements Now Mandatory The rules require comprehensive cyber protection programs for insurance companies, banks and other financial services companies and went into effect August 28, 2017.

Ohio

Ohio governor signs into law measure to increase cybersecurity of elections (More information on Senate Bill 52)

Pennsylvania

New Pennsylvania law gives counties $90M for election security efforts