{ "id": "R40427", "type": "CRS Report", "typeId": "REPORTS", "number": "R40427", "active": false, "source": "EveryCRSReport.com", "versions": [ { "source": "EveryCRSReport.com", "id": 345713, "date": "2009-03-10", "retrieved": "2016-04-07T02:41:11.588873", "title": "Comprehensive National Cybersecurity Initiative: Legal Authorities and Policy Considerations", "summary": "Federal agencies report increasing cyber-intrusions into government computer networks, perpetrated by a range of known and unknown actors. In response, the President, legislators, experts, and others have characterized cybersecurity as a pressing national security issue.\nLike other national security challenges in the post-9/11 era, the cyber threat is multi-faceted and lacks clearly delineated boundaries. Some cyber attackers operate through foreign nations\u2019 military or intelligence-gathering operations, whereas others have connections to terrorist groups or operate as individuals. Some cyber threats might be viewed as international or domestic criminal enterprises.\nIn January 2008, the Bush Administration established the Comprehensive National Cybersecurity Initiative (the CNCI) by a classified joint presidential directive. The CNCI establishes a multi-pronged approach the federal government is to take in identifying current and emerging cyber threats, shoring up current and future telecommunications and cyber vulnerabilities, and responding to or proactively addressing entities that wish to steal or manipulate protected data on secure federal systems. On February 9, 2009, President Obama initiated a 60-day interagency cybersecurity review to develop a strategic framework to ensure the CNCI is being appropriately integrated, resourced, and coordinated with Congress and the private sector.\nIn response to the CNCI and other proposals, questions have emerged regarding: (1) the adequacy of existing legal authorities\u2014statutory or constitutional\u2014for responding to cyber threats; and (2) the appropriate roles for the executive and legislative branches in addressing cybersecurity. The new and emerging nature of cyber threats complicates these questions. Although existing statutory provisions might authorize some modest actions, inherent constitutional powers currently provide the most plausible legal basis for many potential executive responses to national security related cyber incidences. Given that cyber threats originate from various sources, it is difficult to determine whether actions to prevent cyber attacks fit within the traditional scope of executive power to conduct war and foreign affairs. Nonetheless, under the Supreme Court jurisprudence, it appears that the President is not prevented from taking action in the cybersecurity arena, at least until Congress takes further action. Regardless, Congress has a continuing oversight and appropriations role. In addition, potential government responses could be limited by individuals\u2019 constitutional rights or international laws of war. This report discusses the legal issues and addresses policy considerations related to the CNCI.", "type": "CRS Report", "typeId": "REPORTS", "active": false, "formats": [ { "format": "HTML", "encoding": "utf-8", "url": "http://www.crs.gov/Reports/R40427", "sha1": "53a758597b2d9a5bc8963ead7cb082877147ccab", "filename": "files/20090310_R40427_53a758597b2d9a5bc8963ead7cb082877147ccab.html", "images": null }, { "format": "PDF", "encoding": null, "url": "http://www.crs.gov/Reports/pdf/R40427", "sha1": "bc2bdcec7c5e009207f51bd775ed6757b61de42f", "filename": "files/20090310_R40427_bc2bdcec7c5e009207f51bd775ed6757b61de42f.pdf", "images": null } ], "topics": [] } ], "topics": [ "Appropriations", "Constitutional Questions", "National Defense" ] }