Jump to ContentJump to Main Navigation
Show Summary Details
More options …

Journal of Homeland Security and Emergency Management

Editor-in-Chief: Renda-Tanali, Irmak

Managing Editor: McGee, Sibel

IMPACT FACTOR 2018: 0.757

CiteScore 2018: 1.19

SCImago Journal Rank (SJR) 2018: 0.442
Source Normalized Impact per Paper (SNIP) 2018: 0.613

See all formats and pricing
More options …

Cybersecurity and US Legislative Efforts to address Cybercrime

Angelyn Flowers / Sherali Zeadally
  • Corresponding author
  • Department of Computer Science and Information Technology, University of the District of Columbia, Washington DC, USA
  • Email
  • Other articles by this author:
  • De Gruyter OnlineGoogle Scholar
/ Acklyn Murray
  • Department of Computer Science and Information Technology, University of the District of Columbia, Washington DC, USA
  • Other articles by this author:
  • De Gruyter OnlineGoogle Scholar
Published Online: 2013-04-13 | DOI: https://doi.org/10.1515/jhsem-2012-0007


Deficiencies in cybersecurity may be the greatest national security threat facing the US in the 21st century. Public and private sector organizations as well as individuals are vulnerable, and the nation’s critical infrastructures are also put at risk by these deficiencies. Security professionals, designers, and engineers are currently faced with the challenge of securing cyberspace. Essential to this effort is the necessity to ensure that the nation’s laws are adequate to protect against, prevent, and deter cyberattacks. In this article we present a comprehensive review of current US laws and regulations that are being used to deter cybercrime activities and support cybersecurity. We describe legislation presented in the 112th Congress aimed at strengthening laws in fighting cybercrimes and ensuring a high level of cybersecurity, and we briefly review legislative efforts being undertaken in other countries. Finally, we discuss some future issues to be addressed in the growing area of cyberlaw.

Keywords: cybersecurity; cyberattack; cybercrime; law

About the article

Corresponding author: Sherali Zeadally, Department of Computer Science and Information Technology, University of the District of Columbia, Washington DC, USA, e-mail:

Published Online: 2013-04-13

Published in Print: 2013-01-01

Reported in Federal Register. Vol. 78: No. 33. February 19, 2013. Part III: The President. Executive Order 13636 – Improving Critical infrastructure Cybersecurity.

Barak Obama, Remarks by the President on Securing Our Nation’s Cyber Infrastructure, May 29, 2010, www.whitehouse.gov/the-press-office/remarks-president-securing-our-nations-cyber-infrastructure (accessed February 17, 2013).

Jennifer Martinez, “White House Circulating Draft of Executive Order on Cybersecurity,” The Hill, September 6, 2012, thehill.com/blogs/hillicon-valley/technology/248079-white-house-circulating-draft-of-executive-order-on-cybersecurity (accessed February 17, 2013).

Douglas Warfield (2012) “Critical Infrastructures: IT Security and Threats from Private Sector Ownership,” Information Security Journal: A Global Perspective, 21(3):127–136.

Jennifer LeClaire, “Obama May Sign Cybersecurity Executive Order,” CIO Today, November 16, 2012, www.cio-today.com/news/Obama-May-Sign-Cyber-Security-Order/story.xhtml?story_id=100003G6EP88 (accessed February 18, 2013).

Sean Condron (2007)“Getting It Right: Protecting American Critical Infrastructure in Cyberspace,” Harvard Journal of Law & Technology, 20(2):403–422. jolt.law.harvard.edu/articles/pdf/v20/20HarvJLTech403.pdf.

Benjamin J. Brooker, Jonathan Crawford, and Barry M. Horowitz, “A Framework for the Evaluation of State Breach Reporting Laws,” in Proceedings of IEEE Systems and Information Engineering Design Symposium, April 2007; and Natalie Granado and Gregory White, “Cybersecurity and Government Fusion Centers,” in Proceedings of the 41st Hawaii International Conference on System Sciences, 2008.

Kimberly Peretti, “Cyber Criminals: Who Are They? Why Are They Successful? How Do We Respond?” presentation at SUMIT_11 Symposium, October 18, 2011, safecomputing.umich.edu/events/sumit11/.

Acklyn Murray, Sherali Zeadally, and Angelyn Flowers, “An Assessment of US Legislation on Cybersecurity,” in Proceedings of the 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec 12), Kuala Lumpur, Malaysia, June 26–28, 2012.

Stephanie A. DeVos (2011) “The Google-NSA Alliance: Developing Cybersecurity Policy at Internet Speed,” Fordham Intellectual Property, Media and Entertainment Law Journal 21(1):172–227, ir.lawnet.fordham.edu/cgi/viewcontent.cgi?article=1280&context=iplj.

The Internet Law Treatise, 2012, ilt.eff.org/index.php/Computer_Fraud_and_Abuse_Act_(CFAA).

Wade Baker et al., 2011 Data Breach Investigations Report (Verizon, May 6, 2012), 67, www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2011_en_xg.pdf (accessed February 15, 2013).

The Internet Law Treatise, 2012.

Charles Doyle, Cybercrime: An Overview of the Federal Computer Fraud and Abuse Statute and Related Federal Criminal Laws (Washington, D.C.: Congressional Research Service, Library of Congress, December 2010), 2, www.fas.org/sgp/crs/misc/97-1025.pdf

Ibid., 6.

Wayne Arnold, “TECHNOLOGY; Philippines to Drop Charges on E-Mail Virus,” New York Times, August 22, 2000, www.nytimes.com/2000/08/22/business/technology-philippines-to-drop-charges-on-e-mail-virus.html (accessed February 17, 2013).


Abraham Sofaer, David Clark, and Whitfield Diffie, “Cyber Security and International Agreements,” in Proceedings of Workshop on Deterring CyberAttacks: Informing Strategies and Developing Options for US Policy (Washington, D.C.: National Academy of Sciences, 2009), 187, www.cs.brown.edu/courses/csci1950-p/sources/lec17/Sofaer.pdf.

Council of Europe, Convention on Cybercrime CETS No.: 185 (May 6, 2012), www.conventions.coe.int/Treaty/Commun/ChercheSig.asp?NT=185&CM=8&DF=28/12/2011&CL=ENG.

White House, “FACT SHEET: Cybersecurity Legislative Proposal,” press release, May 12, 2011, www.whitehouse.gov/the-press-office/2011/05/12/fact-sheet-cybersecurity-legislative-proposal.

OpenCongress.com, May 6, 2012, www.opencongress.org/; Library of Congress, www.opencongress.org/; Library of Congress, www.thomas.loc.gov.

OpenCongress.com, May 6, 2012, www.opencongress.org/; Library of Congress, www.thomas.loc.gov.

Leigh Beadon, “Did CISPA Actually get Better Before Passing? Not Really,” Techdirt, April 27, 2012, Cwww.techdirt.com/articles/20120427/08375418687/did-cispa-actually-get-better-before-passing-not-really.shtml (accessed February 16, 2013).

Andrew Couts, “Watch Out Washington: CISPA Replaces SOPA as Internet’s Enemy No. 1,” Digital Trends, April 5, 2012, www.digitaltrends.com/web/watch-out-washington-cispa-replaces-sopa-as-internets-enemy-no-1/ (accessed February 16, 2013).

Donny Shaw, “White House Indicates Support for Cybersecurity Bill That Includes CISPA-Like Language,” OpenCongress, May 4, 2012, www.opencongress.org/articles/view/2490-White-House-Indicates-Support-for-Cybersecurity-Bill-Thta-Includes-CISPA-Like-Language (accessed February 16, 2013).

Gerry Smith, “Cyber Security Law Fails to Pass Senate before Month-Long Break,” Huffington Post, August 2, 2012, www.huffingtonpost.com/2012/08/02/cyber-security-law_n_1733691.html (accessed February 16, 2013).

US Department of Homeland Security, “Critical Infrastructure Sector Partnerships” (n.d.), www.dhs.gov/critical-infrastructure-sector-partnerships.

Chris Zoladz, “US Bank, PNC Hacked, Report Website Problems,” WZZM13.com, September 27, 2012, www.wzzm13.com/news/article/226840/14/US-Bank-PNC-hacked-report-website-problems (accessed February 16, 2013).

US Department of Justice, Computer Crime and Intellectual Property Section Criminal Division, Prosecuting Computer Crimes (Washington, D.C.: Office of Legal Education, n.d.), www.justice.gov/criminal/cybercrime/docs/ccmanual.pdf.

Mehzabin Sultana, “CyberCrime Prevention Act of 2012 Approved by Congress,” Latest Digitals, May 29, 2012, www.latestdigitals.com/2012/05/29/cybercrime-prevention-act-of-2012-approved-by-congress/ (accessed February 16, 2013).

Arnold, “TECHNOLOGY; Philippines to Drop Charges on E-Mail Virus.”

Alan Cowell and John F. Burns, “Britain Refuses to Extradite Computer Hacker Sought in U.S.,” New York Times, October 16, 2012, www.nytimes.com/2012/10/17/world/europe/britain-refuses-to-extradite-computer-hacker-sought-in-us.html?_r=0 (accessed February 16, 2013).

Mark Tran, “Extradition of Computer Hacker Gary McKinnon Put on Hold,” (UK)Guardian, May 29, 2010, www.guardian.co.uk/world/2010/may/20/computer-hacker-gary-mckinnon-extradition-on-hold (accessed February 17, 2013).

Cowell and Burns, “Britain Refuses to Extradite Computer Hacker.”


US District Court for the Eastern District of Virginia, USA v. Kim Dotcom, Megaupload Limited, et al., “Indictment,” January 5, 2012, www.washingtonpost.com/wp-srv/business/documents/megaupload_indictment.pdf.

David Kravets, “Feds Shutter Megaupload, Arrest Executives,” Wired, January 19, 2012, www.wired.com/threatlevel/2012/01/megaupload-indicted-shuttered/ (accessed February 16, 2013).

Nate Anderson, “Why the Feds Smashed Megaupload,” Ars Technica,January 19, 2012, arstechnica.com/tech-policy/2012/01/why-the-feds-smashed-megaupload/ (accessed February 16, 2013).

Nick Perry, “Popular File-Sharing Site Megaupload Shut Down,” USA Today,January 20, 2012, www.usatoday.com/tech/news/story/2012-01-19/megaupload-feds-shutdown/52678528/1 (accessed February 16, 2013).

US District Court, USA v. Kim Dotcom,“Indictment.”

“FBI Accused over Removal of Megaupload Data,” BBC News, June 7, 2012, www.bbc.co.uk/news/technology-18352289 (accessed February 16, 2013).

Daniel Ionescu, “Demonoid Torrent Site Gets Shut Down by Authorities,” PC World, August 8, 2012, www.pcworld.com/article/260572/demonoid_torrent_site_gets_shut_down_by_authorities.html (accessed February 16, 2013).

Enigmax, “Demonoid Busted as a Gift to the United States,” TorrentFreak, August 6, 2012, torrentfreak.com/demonoid-busted-as-a-gift-to-the-united-states-government-120806/ (accessed February 16, 2013).

The White House, International Strategy for Cyberspace: Prosperity, Security, and Openness in a Networked World (Washington, D.C., May 2011), www.whitehouse.gov/sites/default/files/rss_viewer/international_strategy_for_cyberspace.pdf.

Thom Shanker and Elisabeth Bumiller, “Hackers Gained Access to Sensitive Military Files,” New York Times, July 14, 2011, www.nytimes.com/2011/07/15/world/15cyber.html?pagewanted=all (accessed February 16, 2013).

Mike Redford, “US and EU Legislation on Cybercrime,” in Proceedings of the European Intelligence and Security Informatics Conference, Athens, Greece, September 12–14, 2011.

Cyber Crime Law, May 6, 2012, www.cybercrimelaw.net/Cybercrimelaw.html.

Catherine Ashton, “Cybersecurity: An Open, Free, Secure Internet,” European Union External Action, October 4, 2012, www.eeas.europa.eu/top_stories/2012/081012_cyberspace_en.htm.


European Commission, “Cyber Security Strengthened at EU Institutions Following Successful Pilot Scheme,” press release, September 12, 2012, europa.eu/rapid/press-release_IP-12-949_en.htm?locale=en.

CERT-EU, cert.europa.eu/cert/plainedition/en/cert_about.html.

Benjamin Fox, “Parliament Demands Single EU Voice on Cyber-Security,” EUObserver.com, June 13, 2012, euobserver.com/creative/116606 (accessed February 16, 2013).

Nikolaj Nielsen, “EU Cybersecurity Legislation on the Horizon,” EUObserver.com, May 11, 2012, euobserver.com/justice/116239 (accessed February 16, 2013).

Marnix Dekker, Christoffer Karsberg, and Barbara Daskala, “Cyber Incident Reporting in the EU: An Overview of Security Articles in EU Legislation,” European Network and Information Security Agency (ENISA) (August 2012), www.thecre.com/fisma/wp-content/uploads/2012/08/Cyber-Incident-Reporting-in-the-EU_FINAL.pdf.

Ben Quinn, “Facebook Hacker Jailed for Eight Months,” (UK) Guardian,February 17, 2012, www.guardian.co.uk/technology/2012/feb/17/facebook-hacker-glenn-mangham-jailed?INTCMP=SRCH (accessed February 16, 2013).

“Piracy Law Cuts Internet Traffic,” BBC News, April 2, 2009, news.bbc.co.uk/2/hi/7978853.stm (accessed February 16, 2013).

Electronic Communications and Transactions Act, 2002, Government Gazette Republic of South Africa, No. 25 of 2002 (August 2002), www.info.gov.za/view/DownloadFileAction?id=68060.

Werner Swart and Mzilikazi Wa Afrika, “It Was a Happy New Year’s Day for Gang Who Pulled Off … R42m Postbank Heist,” Times Live, January 15, 2012, www.timeslive.co.za/local/2012/01/15/it-was-a-happy-new-year-s-day-for-gang-who-pulled-off…r42m-postbank-heist (accessed February 16, 2013).

John Leyden, “Nigeria Fails to Enact Cyber Crime Laws,” (UK) Register, April 1, 2011, www.theregister.co.uk/2011/04/01/nigeria_cybercrime_law_fail/ (accessed February 16, 2013).

The Kenya Information and Communications Act, 2009 (Kenya: National Council for Law Reporting with the Authority of the Attorney General, 1998; rev. ed. 2009), www.cck.go.ke/regulations/downloads/Kenya-Information-Communications-Act-Final.pdf.

Rubén Aquino Luna, Jose Luis Chavez Cortez, Leonardo Vidal, et al., Computer Security Incident Management Manual: Latin America and the Caribbean, 2009 (Montevideo, Uruguay: Amparo Project, 2010), www.proyectoamparo.net/files/manual_seguridad/manual_en.pdf.

Cybersecurity Malaysia, www.cybersecurity.my/en/index.html.

Mohd Shamir B Hashim, “Malaysia’s National Cyber Security Policy: Towards an Integrated Approach for Cybersecurity and Critical Information Infrastructure Protection (CIIP),” in Proceedings of the 2009 ITU Regional Cybersecurity Forum for Africa and Arab States, Tunis, Tunisia, June 4–5, 2009, www.itu.int/ITU-D/cyb/events/2009/tunis/docs/hashim-cybersecurity-malaysia-june-09.pdf.

“White House on U.S.-U.K. Cybersecurity Partnership,” IIP Digital, March 14, 2012, iipdigital.usembassy.gov/st/english/texttrans/2012/03/201203142090.html#axzz1xKaFSLwT (accessed February 16, 2013).

“ANZUS Cyber Security Message Aimed at China,” ComputerWorld, April 27, 2012, www.computerworld.com.au/article/422926/anzus_cyber_security_message_aimed_china/ (accessed February 16, 2013).

“White House on U.S.-U.K. Cybersecurity Partnership.”

But see Microsoft Corporation, Asia Pacific Legislative Analysis: Current and Pending Online Safety and Cybercrime Laws (Microsoft Corporation, 2007), www.itu.int/ITU-D/cyb/cybersecurity/docs/microsoft_asia_pacific_legislative_analysis.pdf.

John Palfrey and Urs Gasser, Born Digital: Understanding the First Generation of Digital Natives (New York: Perseus Books Group, 2008) 3.

US v. Morris, 928 F.2d 504, 505 (2d Cir. 1991), www.nyls.edu/user_files/1/3/4/30/84/85/114/137/morris.pdf.

Federal Bureau of Investigation, Los Angeles Division, “Orange County Man Who Admitted Hacking into Personal Computers Sentenced to Six Years in Federal Prison for ‘Sextortion’ of Women and Teenage Girls,” September 1, 2011, www.fbi.gov/losangeles/press-releases/2011/orange-county-man-who-admitted-hacking-into-personal-computers-sentenced-to-six-years-in-federal-prison-for-sextortion-of-women-and-teenage-girls.

Administration’s White Paper on Intellectual Property Enforcement Legislative Recommendations (March 2011), www.whitehouse.gov/sites/default/files/ip_white_paper.pdf; Gina Stevens and Jonathan Miller, The Obama Administration’s Cybersecurity Proposal: Criminal Provisions (Washington, D.C.: Congressional Research Service, Library of Congress, July 29, 2011), www.fas.org/sgp/crs/misc/R41941.pdf.

Richard A. Clarke and Robert K. Knake, Cyber War: The Next Threat to National Security and What to Do about It (New York: Harper Collins, 2010).

Todd A. Brown (2009) “Legal Propriety of Protecting Defense Industrial Base Information Infrastructure,” Air Force Law Review 64:211–237.

Connally v. General Construction Co., 269 US 385 (1926), supreme.justia.com/cases/federal/us/269/385/case.html.

Broadrick v. Oklahoma et al., 413 US 601 (1973), law.justia.com/lawsearch?query=Broadrick% 20et%20al.%20v.%20Oklahoma%20et%20al.%2C%20413%20U.S.%20601%20%281973%29&dataset=supreme-court.

Palfew and Gasser, Born Digital; Michael Robinson (2008) “Digital Nature and Digital Nurture: Libraries, Learning and the Digital Native,” Library Management 29(1/2):67–76. www.lib.cuhk.edu.hk/conference/aldp2007/programme/aldp2007_full_paper/MichaelRobinson.pdf.

Stefan Fafinski (2011) “Public Policy Responses to Cybercrime,” Policy and Internet 3(2), www.psocommons.org/cgi/viewcontent.cgi?article=1139&context=policyandinternet.

Mike Masnick, “MPAA Asks for Megaupload Data to be Retained so It Can Sue Users … Then Insists It Didn’t Really Mean That,” Techdirt, March 21, 2012, www.techdirt.com/articles/20120321/12073218187/mpaa-asks-megaupload-data-to-be-retained-so-it-can-sue-users-then-insists-it-didnt-really-mean-that.shtml (accessed February 17, 2013).

Citation Information: Journal of Homeland Security and Emergency Management, Volume 10, Issue 1, Pages 29–55, ISSN (Online) 1547-7355, ISSN (Print) 2194-6361, DOI: https://doi.org/10.1515/jhsem-2012-0007.

Export Citation

©2013 by Walter de Gruyter Berlin Boston.Get Permission

Citing Articles

Here you can find all Crossref-listed publications in which this article is cited. If you would like to receive automatic email messages as soon as this article is cited in other publications, simply activate the “Citation Alert” on the top of this page.

Emad Yaghmaei, Ibo van de Poel, Markus Christen, Bert Gordijn, Nadine Kleine, Michele Loi, Gwenyth Morgan, and Karsten Weber
SSRN Electronic Journal , 2017
Brooke Nodeland and Robert Morris
Deviant Behavior, 2018, Page 1
Christopher M. Donner, Wesley G. Jennings, and Jerry Banfield
Social Science Computer Review, 2015, Volume 33, Number 6, Page 663

Comments (0)

Please log in or register to comment.
Log in