Skip to main content
  • Sections
  • Search

Center for Strategic & International Studies

User menu

  • Subscribe
  • Sign In

Topics

  • Climate Change
  • Cybersecurity and Technology
    • Cybersecurity
    • Data Governance
    • Intellectual Property
    • Intelligence, Surveillance, and Privacy
    • Military Technology
    • Space
    • Technology and Innovation
  • Defense and Security
    • Counterterrorism and Homeland Security
    • Defense Budget
    • Defense Industry, Acquisition, and Innovation
    • Defense Strategy and Capabilities
    • Geopolitics and International Security
    • Long-Term Futures
    • Missile Defense
    • Space
    • Weapons of Mass Destruction Proliferation
  • Economics
    • Asian Economics
    • Global Economic Governance
    • Trade and International Business
  • Energy and Sustainability
    • Energy, Climate Change, and Environmental Impacts
    • Energy and Geopolitics
    • Energy Innovation
    • Energy Markets, Trends, and Outlooks
  • Global Health
    • Family Planning, Maternal and Child Health, and Immunizations
    • Multilateral Institutions
    • Health and Security
    • Infectious Disease
  • Human Rights
    • Building Sustainable and Inclusive Democracy
    • Business and Human Rights
    • Responding to Egregious Human Rights Abuses
    • Civil Society
    • Transitional Justice
    • Human Security
  • International Development
    • Food and Agriculture
    • Governance and Rule of Law
    • Humanitarian Assistance
    • Human Mobility
    • Private Sector Development
    • U.S. Development Policy

Regions

  • Africa
    • North Africa
    • Sub-Saharan Africa
  • Americas
    • Caribbean
    • North America
    • South America
  • Arctic
  • Asia
    • Afghanistan
    • Australia, New Zealand & Pacific
    • China
    • India
    • Japan
    • Korea
    • Pakistan
    • Southeast Asia
  • Europe
    • European Union
    • NATO
    • Post-Soviet Europe
    • Turkey
  • Middle East
    • The Gulf
    • Egypt and the Levant
    • North Africa
  • Russia and Eurasia
    • The South Caucasus
    • Central Asia
    • Post-Soviet Europe
    • Russia

Sections menu

  • Programs
  • Experts
  • Events
  • Analysis
    • Blogs
    • Books
    • Commentary
    • Congressional Testimony
    • Critical Questions
    • Interactive Reports
    • Journals
    • Newsletter
    • Reports
    • Transcript
  • Podcasts
  • iDeas Lab
  • Transcripts
  • Web Projects

Main menu

  • About Us
  • Support CSIS
    • Securing Our Future
Report
Share
  • LinkedIn
  • Facebook
  • Twitter
  • Email
  • Printfriendly.com

Updating U.S. Federal Cybersecurity Policy and Guidance

Spending Scarce Taxpayer Dollars on Security Programs that Work

October 23, 2012

As the threat to the cyber infrastructure on which the federal government and the nation relies grows, the urgency of investing wisely in protection against, detecting, mitigating, and recovering from cyber events takes on increasing urgency. Our adversaries are well equipped and agile. Our defenses must be equal to the threat, and they are not.

Since the 1980s, Congress and administrations of both parties have acted periodically to address that threat, through enacting laws and issuing policies and guidance. Though the underlying principles of managing and mitigating risk remain the same, the changing nature of technology and the capabilities of those who would do us harm call for a periodic review and updating of law and policy. Congress has recognized the need to update underlying statutes. Whether or not its efforts succeed, substantial improvement can be achieved by updating policies and guidance within the current statutory framework. Such changes would both improve our security posture and make more effective use of limited resources. While one might argue that more resources need to be spent on cybersecurity in the current threat environment, the fiscal situation argues for first assuring that every dollar spent on cybersecurity be spent wisely and allow for more rapid adoption of cheaper and more efficient technologies.

This report offers recommendations on areas where, in the view of the authors, the U.S. Office of Management and Budget (OMB) could use existing authorities and update its current guidance, last revised on November 28, 2000. These changes would make government cyber assets more secure without spending more money. Absent changes in policy, agency staff and oversight groups (e.g., inspectors general and the Government Accountability Office) will continue to waste scarce resources on strategies that do little to mitigate risk.

Downloads
Download PDF file of "Updating U.S. Federal Cybersecurity Policy and Guidance"
Franklin S. Reeder, Daniel Chenok, Karen S. Evans, James Andrew Lewis and Alan Paller
Media Queries
Contact H. Andrew Schwartz
Chief Communications Officer
Tel: 202.775.3242

Contact Paige Montfort
Media Relations Coordinator, External Relations
Tel: 202.775.3173
Related
Counterterrorism and Homeland Security, Cybersecurity, Cybersecurity and Technology, Defense and Security, Geopolitics and International Security, Strategic Technologies Program
Footer menu
  • Topics
  • Regions
  • Programs
  • Experts
  • Events
  • Analysis
  • Web Projects
  • Podcasts
  • iDeas Lab
  • Transcripts
  • About Us
  • Support Us
Contact CSIS
Email CSIS
Tel: 202.887.0200
Fax: 202.775.3199
Visit CSIS Headquarters
1616 Rhode Island Avenue, NW
Washington, DC 20036
Media Queries
Contact H. Andrew Schwartz
Chief Communications Officer
Tel: 202.775.3242

Contact Paige Montfort
Media Relations Coordinator, External Relations
Tel: 202.775.3173

Daily Updates

Sign up to receive The Evening, a daily brief on the news, events, and people shaping the world of international affairs.

Subscribe to CSIS Newsletters

Follow CSIS
  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram

All content © 2022. All rights reserved.

Legal menu
  • Credits
  • Privacy Policy
  • Reprint Permissions