Editing Computer security (section)

===== Agencies =====
The [[United States Department of Homeland Security|Department of Homeland Security]] has a dedicated division responsible for the response system, [[risk management]] program and requirements for cybersecurity in the United States called the [[National Cyber Security Division]].<ref>{{cite web|title=National Cyber Security Division |url=https://www.dhs.gov/xabout/structure/editorial_0839.shtm |publisher=U.S. Department of Homeland Security |access-date=14 June 2008 |archive-url=https://web.archive.org/web/20080611210347/https://www.dhs.gov/xabout/structure/editorial_0839.shtm |archive-date=11 June 2008  }}</ref><ref name="CSRDC-FAQ" /> The division is home to US-CERT operations and the National Cyber Alert System.<ref name="CSRDC-FAQ">{{cite web |title=FAQ: Cyber Security R&D Center |url=http://www.cyber.st.dhs.gov/faq.html |publisher=U.S. Department of Homeland Security S&T Directorate |access-date=14 June 2008 |url-status=live |archive-url=https://web.archive.org/web/20081006042850/http://www.cyber.st.dhs.gov/faq.html |archive-date=6 October 2008  }}</ref> The National Cybersecurity and Communications Integration Center brings together government organizations responsible for protecting computer networks and networked infrastructure.<ref>AFP-JiJi, "U.S. boots up cybersecurity center", 31 October 2009.</ref>

The third priority of the FBI is to: "Protect the United States against cyber-based attacks and high-technology crimes",<ref>{{cite web |url=https://www.fbi.gov/about-us/quick-facts |title=Federal Bureau of Investigation – Priorities |publisher=Federal Bureau of Investigation |url-status=live |archive-url=https://web.archive.org/web/20160711053557/https://www.fbi.gov/about-us/quick-facts |archive-date=11 July 2016  }}</ref> and they, along with the [[National White Collar Crime Center]] (NW3C), and the [[Bureau of Justice Assistance]] (BJA) are part of the multi-agency task force, The [[Internet Crime Complaint Center]], also known as IC3.<ref>{{cite web|url=http://www.ic3.gov/default.aspx|title=Internet Crime Complaint Center (IC3) – Home |url-status=live |archive-url=https://web.archive.org/web/20111120021742/http://www.ic3.gov/default.aspx|archive-date=20 November 2011}}</ref>

In addition to its own specific duties, the FBI participates alongside non-profit organizations such as [[InfraGard]].<ref>{{cite web |url=http://www.infragard.net/ |title=Infragard, Official Site |work=Infragard |access-date=10 September 2010 |url-status=live |archive-url=https://web.archive.org/web/20100909051004/http://www.infragard.net/ |archive-date=9 September 2010  }}</ref><ref>{{cite web|url=http://www.infragard.net/media/files/dir_med.mov |title=Robert S. Mueller, III – InfraGard Interview at the 2005 InfraGard Conference |work=Infragard (Official Site) – "Media Room" |access-date=9 December 2009 |archive-url=https://web.archive.org/web/20110617004540/http://www.infragard.net/media/files/dir_med.mov |archive-date=17 June 2011 }}</ref>

The [[Computer Crime and Intellectual Property Section]] (CCIPS) operates in the [[United States Department of Justice Criminal Division]]. The CCIPS is in charge of investigating [[computer crime]] and [[intellectual property]] crime and is specialized in the search and seizure of [[digital evidence]] in computers and [[Computer network|networks]].<ref>{{cite web |url=http://www.cybercrime.gov/ |title=CCIPS |url-status=live |archive-url=https://web.archive.org/web/20060823173821/http://www.cybercrime.gov/ |archive-date=23 August 2006  |date=25 March 2015 }}</ref> In 2017, CCIPS published A Framework for a Vulnerability Disclosure Program for Online Systems to help organizations "clearly describe authorized vulnerability disclosure and discovery conduct, thereby substantially reducing the likelihood that such described activities will result in a civil or criminal violation of law under the Computer Fraud and Abuse Act (18 U.S.C. § 1030)."<ref>{{cite web|url=https://www.justice.gov/criminal-ccips/page/file/983996/download|title=A Framework for a Vulnerability Disclosure Program for Online Systems|date=July 2017|publisher=Cybersecurity Unit, Computer Crime & Intellectual Property Section Criminal Division U.S. Department of Justice|access-date=9 July 2018}}</ref>

The [[USCYBERCOM|United States Cyber Command]], also known as USCYBERCOM, "has the mission to direct, synchronize, and coordinate cyberspace planning and operations to defend and advance national interests in collaboration with domestic and international partners."<ref>{{cite web|title=Mission and Vision|url=https://www.cybercom.mil/About/Mission-and-Vision/|access-date=20 June 2020|website=www.cybercom.mil}}</ref> It has no role in the protection of civilian networks.<ref>{{cite speech |url=https://www.defense.gov/speeches/speech.aspx?speechid=1399 |title=Remarks at the Defense Information Technology Acquisition Summit|author=William J. Lynn, III |date=November 12, 2009|access-date=10 July 2010 |url-status=live <!-- technically unfit but effectively dead-->|archive-url=https://web.archive.org/web/20100415113237/http://www.defense.gov/speeches/speech.aspx?speechid=1399 |location=Washington D.C. |archive-date=15 April 2010  }}</ref><ref>{{cite web | last=Shachtman | first=Noah | title=Military's Cyber Commander Swears: "No Role" in Civilian Networks  | website=brookings.edu | date=2010-09-23 | url=http://www.brookings.edu/opinions/2010/0923_military_internet_shachtman.aspx | archive-url=https://web.archive.org/web/20101106032102/http://www.brookings.edu/opinions/2010/0923_military_internet_shachtman.aspx | archive-date=2010-11-06 }}</ref>

The U.S. [[Federal Communications Commission]]'s role in cybersecurity is to strengthen the protection of critical communications infrastructure, to assist in maintaining the reliability of networks during disasters, to aid in swift recovery after, and to ensure that first responders have access to effective communications services.<ref>{{cite web |title=FCC Cybersecurity |url=http://www.fcc.gov/pshs/emergency-information/cybersecurity.html |publisher=FCC |archive-url=https://web.archive.org/web/20100527095750/http://www.fcc.gov/pshs/emergency-information/cybersecurity.html |archive-date=27 May 2010  |access-date=3 December 2014 }}</ref>

The [[Food and Drug Administration]] has issued guidance for medical devices,<ref>{{cite web|url=https://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm356423.htm|title=Cybersecurity for Medical Devices and Hospital Networks: FDA Safety Communication|website=[[Food and Drug Administration]]|access-date=23 May 2016|url-status=live|archive-url=https://web.archive.org/web/20160528153847/https://www.fda.gov/medicaldevices/safety/alertsandnotices/ucm356423.htm|archive-date=28 May 2016}}</ref> and the [[National Highway Traffic Safety Administration]]<ref>{{cite web|url=http://www.nhtsa.gov/Research/Crash+Avoidance/Automotive+Cybersecurity|title=Automotive Cybersecurity – National Highway Traffic Safety Administration (NHTSA)|access-date=23 May 2016|archive-url=https://web.archive.org/web/20160525195552/http://www.nhtsa.gov/Research/Crash+Avoidance/Automotive+Cybersecurity|archive-date=25 May 2016}}</ref> is concerned with automotive cybersecurity. After being criticized by the [[Government Accountability Office]],<ref>{{cite report |url=http://www.gao.gov/products/GAO-15-370 |title=Air Traffic Control: FAA Needs a More Comprehensive Approach to Address Cybersecurity As Agency Transitions to NextGen |number=GAO-15-370 |access-date=23 May 2016 |url-status=live |archive-url=https://web.archive.org/web/20160613150636/http://www.gao.gov/products/GAO-15-370 |archive-date=13 June 2016  |date=14 April 2015 |publisher=U. S. Government Accountability Office}}</ref> and following successful attacks on airports and claimed attacks on airplanes, the [[Federal Aviation Administration]] has devoted funding to securing systems on board the planes of private manufacturers, and the [[Aircraft Communications Addressing and Reporting System]].<ref>{{cite web|url=http://www.nextgov.com/cybersecurity/2016/03/faa-has-started-shaping-cybersecurity-regulations/126449/|title=FAA Working on New Guidelines for Hack-Proof Planes|first=Aliya|last=Sternstein|date=4 March 2016|work=Nextgov|access-date=23 May 2016|url-status=live|archive-url=https://web.archive.org/web/20160519181332/http://www.nextgov.com/cybersecurity/2016/03/faa-has-started-shaping-cybersecurity-regulations/126449/|archive-date=19 May 2016}}</ref> Concerns have also been raised about the future [[Next Generation Air Transportation System]].<ref>{{cite web | url=https://www.fas.org/sgp/crs/homesec/IN10296.pdf | title=Protecting Civil Aviation from Cyberattacks | date=18 June 2015 | access-date=4 November 2016 | first=Bart | last=Elias | url-status=live | archive-url=https://web.archive.org/web/20161017100306/https://www.fas.org/sgp/crs/homesec/IN10296.pdf | archive-date=17 October 2016 | df=dmy-all }}</ref>

The US Department of Defense (DoD) issued DoD Directive 8570 in 2004, supplemented by DoD Directive 8140, requiring all DoD employees and all DoD contract personnel involved in information assurance roles and activities to earn and maintain various industry Information Technology (IT) certifications in an effort to ensure that all DoD personnel involved in network infrastructure defense have minimum levels of IT industry recognized knowledge, skills and abilities (KSA). Andersson and Reimers (2019) report these certifications range from CompTIA's A+ and Security+ through the ICS2.org's CISSP, etc.<ref>{{cite conference | last1=Anderson | first1=David | last2=Reimers | first2=Karl | conference=EDULEARN19 Proceedings | title=CYBER SECURITY EMPLOYMENT POLICY AND WORKPLACE DEMAND IN THE U.S. GOVERNMENT | publisher=IATED | year=2019 | volume=1 | issn=2340-1117 | doi=10.21125/edulearn.2019.1914 | pages=7858–7866| isbn=978-84-09-12031-4 }}</ref>