The Congressional Research Service ("CRS") offered recommendations to Congress that would enhance federal cybersecurity management.

In its report, CRS defined cybersecurity as a risk management process that involves continual efforts to (i) identify cybersecurity threats, (ii) protect against potential cybersecurity incidents and (iii) detect, respond and recover from such cybersecurity incidents.

CRS recommended that Congress consider:

  • simplifying and unifying the U.S. Code to facilitate streamlined congressional supervision of federal agencies and clarify their cybersecurity requirements;
  • the parameters and impact of mandatory cybersecurity reporting requirements, including (i) who must report, (ii) which events necessitate reporting, (iii) the type of information that should be reported and when, (iv) to whom the report should be sent, (v) how the report will be processed and (vi) how the reported information will be shared;
  • imposing minimum spending levels for agencies' cybersecurity efforts;
  • the sharing of cybersecurity services among agencies by provisioning resources from each agency to a central agency to allow the federal government to make better use of limited resources; and
  • the acceleration of the adoption of "next-generation cybersecurity services."

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.