The The Computer Security Act was created in 1987 by U.S. Congress in order to enhance security policies surrounding the use of sensitive data on computer systems. The Computer Security Act lead to the formation of several guidelines under the National Institute of Standards and Technology (NIST) regarding the use of federal computer systems. These guidelines established a baseline of security policies that introduced enhanced standards for security training, managerial controls and operational security controls. (U.S. 100th Congress)
The Computer Security Act and Data Security
The Computer Security Act established the standard for data security within the federal government. This was primarily accomplished by requiring government organizations to develop an internal strategy for data security and data privacy. H.R.145 states that each of these plans must then be evaluated by the National Bureau of Standards and the National Security Agency. This combined with routine training of employees in data security practices established a strong framework for protecting federal information systems from a variety of attacks and data breaches. (Johnson, 2016).
Establishing a standard for data security practices within the federal government was an essential step in enhancing national security in the cyber domain. Computer systems were relatively new in the 1980’s and the vulnerabilities that came with them were not well understood by much of the population. It was important to standardize the process of establishing data security protocols within the government in order to prevent unwanted data breaches which could include classified information and other sensitive information that could cause damage to national security if acquired by an adversarial nation state or non-state actor.
Early Cybersecurity Discoveries
Data breaches and hacking date back as far as the 1800’s far before computer systems were even invented. The earliest account of cybersecurity occurred in 1971 when a computer science researcher named Bob Thomas invented a computer virus as a security related experiment. The virus was introduced into the Advanced Research Projects Agency Network (ARPANET) and began to replicate across the network. ARPANET was an important precursor to the modern internet and was operated by the U.S. Department of Defense. The virus clearly showed that it was able to easily move across the network. Although the virus was benign it clearly showed that it was able to exploit security vulnerabilities within the computer systems of that day. This example and many others have helped decision makers to determine that data security policies and practices are essential to keeping sensitive information private especially in the federal government. (Monroe College).