U.S. Federal Cybersecurity Today

Computer security regulations have come a long way from their early beginnings.  Even before the Federal Information Security Management Act (FISMA), there was the Computer Security Act of 1987 (CSA). The Computer Security Act was enacted by the 100th United States Congress in response to a lack of computer security protection measures, and a strong need for internal computer security governance for U.S. Federal agencies.

Although the U.S. Federal Government relied heavily on organizations such as the National Security Agency (NSA) for computer security guidance, it was evident that there was a strong need for computer security standards and governance across all federal agencies.

What we know today as U.S. Federal cybersecurity is vastly different than it was 33 years ago. Not only has the complexity of systems grown, but what started off as a simple research project in the early 1980s has vastly evolved into what people know as the internet. This adds to the complexity of systems, as well as increasing the scope, exposure, and attack surface of those systems.

Although information security principles remain the same, cyberspace continues to present challenges and obstacles that federal agencies must overcome.

The History of U.S. Federal Cybersecurity

Rapid Expansion of Automated Data Processing

The use of U.S. Federal computer systems was magnified by the Paperwork Reduction Act of 1980, which aimed to create an efficient means of storing information for federal agencies.

According to the CSA, by the mid-1980s, the U.S. Federal Government was the largest single user of information systems. The authors of the CSA drew upon various sources, including a 1985 report by the General Services Administration (GSA).  This report, (which is now only available in microfiche), stated that the federal (Read more...)