Cyber security regulations in the United States are the body of laws passed by the Congress or the directives of the executive branch of the government to safeguard computer network systems from cyber attacks.
Cyber security measures include login passwords, encryption of messages, intrusion detection and prevention systems, anti virus software, firewall etc.
Federal and state governments have attempted to improve cyber security also through partnership between government and private sector.
There are general as well as industry specific cyber security regulations in the United States. The three principal cyber security laws at the federal level are Health Insurance Portability and Accountability Act of 1996, Gram-Leach-Bliley Act of 1999 and the Homeland Security Act of 2002, which includes the Federal Information Security Management Act. These three laws require the healthcare organizations, financial institutions and the federal government respectively to protect their information systems from cyber attacks.
Different state governments have also passed laws to step up cyber security. In 2003 the state of California passed the Notice of Security Breach Act that mandated companies holding personal information of its citizens to disclose particulars of any security breach that it suffers. While these security breach notifications are meant to punish those concerns for their security lapses, such steps are also designed to encourage these entities to put in place appropriate cyber security system also to prevent loss of reputation resulting from such setback. Many other states followed suit with similar legislations to gear up cyber security within their respective jurisdictions.
There are federally funded research programs on cyber security. In 2003 the President’s National Strategy to Secure Cyberspace has entrusted the Department of Homeland Security to research into and recommend on national cyber security solutions in collaboration with the private sector.
