Then and Now: An Evolution in U.S. Cybersecurity Governance

Then: The Early Years

Since the 1970’s, early enforcement of cybersecurity laws in the United States focused on addressing specific intelligence crimes such as the Foreign Intelligence Surveillance Act of 1978.  Its mission was to counter international terrorism against the United States by surveilling foreign entities operating within the U.S.

Laws such as the Computer Fraud and Abuse Act were enacted almost a decade later to prosecute and deter computer related criminal activities. Even still, the enforcement landscape was relatively limited with a smaller scope of cyber threats and fewer coordinated security efforts.

In contrast, today's national cybersecurity policy takes a more comprehensive and proactive approach. One of the most controversial U.S. security policies was set in 2001 after terrorists struck the nation:

The Uniting & Strengthening America By Providing Appropriate Tools Required to Intercept & Obstruct Terrorism (PATRIOT) Act.

The evolving threat landscape, including sophisticated cyberattacks, data breaches, and state-sponsored cyber espionage, necessitated a broader and more collaborative strategy.

In 2005, to broaden the scope of The Patriot Act, The National Security Letters (NSL) were created and dubbed The Patriot Act II (PATRIOT Improvement and Re-authorization Act). 

The NSL grants the FBI overarching authority to demand personal customer information and records from credit card companies, banks, telephone companies, Internet service providers, and other organizations without prior approval from a court.

Now: Gains and Pains

National cybersecurity policies now encompass prevention, detection, response, and recovery. They involve a combination of legislative proposals, public-private partnerships, and increased investment in cybersecurity capabilities.

In 2017, The Cybersecurity & Infrastructure Security Agency (CISA) detailed the need for cybersecurity workforce development through Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. Along with multiple Departments and the Department of Homeland Security (DHS) 5 key findings were addressed including that cybersecurity workforce needs require a high-profile call to action.

From a governance perspective, this need presents a structural challenge to implementing national cybersecurity policy. Federal cybersecurity strategies rely heavily on a skilled workforce to operationalize regulatory standards, risk management frameworks, and roll-out critical infrastructure protections.

Without sufficient capacity in developing that workforce, long-term national cyber resilience and policy effectiveness may remain constrained. Within the last five years, CISA has undergone major organizational changes affecting key cybersecurity governance programs.

Such shifts directly affect the government’s ability to coordinate cybersecurity efforts across public and private partners.

The Evolution

Overall, these workforce shortages and program changes highlight ongoing shifts in federal cybersecurity governance. Gaps in staffing and organizational capacity can limit how effectively policies are implemented and how agencies collaborate with partners during crisis.

As the nation moves forward, strengthening these structures becomes imperative. The goal remains: maintain national cybersecurity resilience in the face of increasingly sophisticated cyber threats.