Laws governing Information Security

1
Laws governing Information Security
2
Laws governing Information Security

• Computer Security Act
• Communications Assistance to Law Enforcement Act
• Computer Fraud and Abuse Act
• PDD 63
• EO 13231

3
Computer Security Act

• Passed in 1987. Official designation PL100-235
• Law gave NIST the authority over unclassified
  non-military government computer systems
• NSA originally had this power
• Main goals
• Develop policies for federal agencies concerning
  computer security
• Develop procedures to identify vulnerabilities in
  computer security

4
Computer Security Act

• Provide mandatory security awareness training to
  all federal employees dealing with sensitive
  information
• Identify all computer systems that contain
  sensitive information

5
CALEA

• Passed in 1994
• Works in conjunction with FCC regulations
• Telephone companies to include hardware to their
  switches that will facilitate tapping of
  conversations by law enforcement agencies
• Telcos are not responsible for decrypting any
  intercepted communication
• Telcos will be provided reasonable compensation
  for the addition of interception hardware to
  switches

6
Computer Fraud and Abuse Act

• Originally passed in 1994 and amended in 1996
• PATRIOT Act amends this act further
• CFAAs main provisions relate to the following
• having knowingly accessed a computer without
  authorization
• intentionally accesses a computer without
  authorization
• knowingly and with intent to defraud, accesses a
  protected computer without authorization
• Prison time of up to 10 years is possible for any
  violation
• If damage caused is below 5,000 then only
  criminal penalties apply and no civil penalties
  apply

7
PDD 63

• Presidential Decision Directive 63 issued by
  President Clinton in 1998
• Created to protect the critical infrastructure of
  the country, well before the September 11, 2001
  terrorist attacks
• Critical infrastructure includes
• Telecommunications
• Energy
• banking and finance
• Transportation
• water systems
• emergency services

8
EO 13231

• Issued on October 18, 2001
• Protects critical infrastructure
• Created a Presidents Critical Infrastructure
  Protection Board
• Office of Management and Budget (OMB) to develop
  policies for the Executive Branch information
  systems security
• Develop cooperation with the private sector

9
References

• EO 13231 http//frwebgate.access.gpo.gov/cgi-bin/g
  etdoc.cgi?dbname2001_registerdocidfr18oc01-139.
  pdf
• PDD 63 http//www.fas.org/irp/offdocs/pdd/pdd63.h
  tm
•    http//www.uhuh.com/laws/pdd63.htm
• CALEA   http//www.askcalea.net/
  http//www.epic.org/privacy/wiretap/calea/calea_l
  aw.htmlhttp//www.fcc.gov/calea/               

10
References

•  CALEA http//www.fcc.gov/wcb/iatd/calea.htmlhtt
  p//www.tiaonline.org/government/calea/
• NSD 42 http//www.nstissc.gov/Assets/pdf/nstissd_
  900.pdf

11
Security Scenario to Solve