US Cybersecurity Laws and Regulations: Current Trends and Recommendations for Improvement

Introduction

Cybersecurity is a rapidly growing field that has already presented numerous challenges and opportunities. For instance, in the last few decades technology has radically changed the way we communicate and do business. It has impacted every aspect of our lives and while many of those changes have been positive, certain individuals have taken advantage of technology to commit crime in cyberspace. These crimes vary greatly – data breaches, ransomware, money laundering, hacking, identity theft, and child pornography, just to name a few. According to Vailshery (2021), 50 billion devices are expected to be connected to the Internet by 2030. The growing number of such devices demonstrates the need to proactively address the issue of their exploitation by cybercriminals. Identifying the gaps in current laws and regulations in the US is a great first step in raising awareness about cybercrime and the challenges associated with prosecuting the individuals who commit those crimes.

Cybersecurity has become a matter of global interest and importance. Already more than 50 nations have officially published some form of strategy document outlining their official stance on cyberspace, cybercrime, and/or cybersecurity (Klimburg, 2012). The Whitehouse (2011) outlined a cyber strategy that provides the stance of the US government on cyber-related issues and developed a unified approach to the country’s engagement with other countries on cyber issues. While this is a more recent attempt at addressing the issue, it is important to review other pieces of legislation to better understand how the US is approaching the issue on a federal and state level.

One of the biggest challenges of developing adequate legal frameworks is the fact that technology changes so rapidly, while the process of creating, reviewing, approving, and passing any piece of legislation takes significantly long time. To further complicate the issue, often lobbyists and politicians want to push forward their own agendas, which does not always align with societal needs. Thus, moving forward, it is necessary to think of ways how this problem can be resolved, so that cybercriminals are not able to avoid prosecution. From a criminological standpoint, currently, there is little deterrence to commit cybercrime. Thus, assuming that attackers make logical decisions, rational choice theory posits that they will continue to offend given there is minimal risk of being caught (Cornish & Clarke, 1986). Another significant issue is related to the multiple jurisdictions when it comes to cybercrime, so figuring how to secure the cooperation of multiple agencies on a local, state, national, and international level is imperative. While reviewing international legislation is beyond the focus of the current study, it is necessary to put the problem into perspective and also consider the big picture when making recommendations to policy makers in the US.