-
National Security Agency (NSA) Creation
Created by President Harry S. Truman in 1952, the NSA serves as the unilateral authority on Signals Intelligence (SIGINT). NSA is also in charge of protecting US Government Communications against unlawful penetrations (National_Security_Agency, n.d.). The NSA is comprised of the Signals Intelligence Directorate and the Information Assurance Directorate. NSA is also home to the world's most elite hackers who work in the Office of Tailored Access Operations (TAO) -
National Policy On Telecommunications And Automated Information Systems Security (NSDD-145)
Signed into law by President Regan, NSDD-145 was a result of him watching the film WarGames, and wondering if the film's plot could actually happen. The directive guides the conduct of federal activities towards securing information systems against hostile exploitation. It also directed the NSA to develop information safeguards to protect unclassified information (National_Security_Decision_Directive_145, n.d.). https://fas.org/irp/offdocs/nsdd/nsdd-145.pdf -
Computer Security Act of 1987
Charges the National Institute of Standards and Technology with the task of establishing a baseline for the security of federal information systems that contain sensitive information. It also requires mandatory user awareness training for all personnel that use those systems. Charges the NSA to aide in the development of the minimum baseline security standards (bill/100th-congress/house-bill/145, n.d.). https://en.wikipedia.org/wiki/Computer_Security_Act_of_1987 -
National Policy for the Security of National Security Telecommunications and Information Systems (NSD-42)
Established the National Security Telecommunications and Information Systems Security Committee, who provides guidance, policy, and operational procedures for the security of national security systems. Also establishes the Director of the NSA as the National Manager of National Security Systems (National_Security_Directive_42, n.d.). https://fas.org/irp/offdocs/nsd/nsd42.pdf -
U.S. Policy on Counter-terrorism (PDD-39)
As a result of the Oklahoma City Bombing by Timothy McVeigh, President Bill Clinton signed PPD-39 into law. It states that any terrorist attack on the US will be met with equal force. It lists that the US must reduce, deter, and respond to terrorism. Also that the US must develop a program in order to counter and deter weapons of mass destruction (security/security/otherplans/pres_dir_sum.pdf, n.d.). https://fas.org/irp/offdocs/pdd/pdd-39.pdf -
609th Air Information Warfare Squadron Creation
The 609th Air Information Warfare Squadron was stationed at Shaw Air Force Base in Sumter, North Carolina. The creation of this squadron is significant as it marks the first operational information warfare military unit (609th_Information_Warfare_Squadron, n.d.). The air force played a larger role than any other military branch in the realm of information warfare. https://securitycritics.org/wp-content/uploads/2006/03/hist-609.pdf -
Executive Order 13010
EO 13010 defines critical infrastructure as: telecommunications, electrical power systems, gas and oil storage and transportation, banking and finance, transportation, water supply systems, emergency services, and continuity of government. It also defines both cyber and physical threats to these systems. Lastly, it establishes the President's Commission on Critical Infrastructure Protection (Executive_Order_13010, n.d.). https://fas.org/irp/offdocs/eo13010.htm -
No-Notice Interoperability Exercise (NIEX) Program (Instruction 3510.01)
This was signed into effect by General John Shalikashvili who, at the time, was the Chairman of the Joint Chiefs of Staff. This instruction is important as it laid the groundwork for Eligible Receiver, an NSA Red Team operation that targeted the US critical infrastructure from the point of view of an adversary originating in North Korea and Iran. The simulation focused on the power grid and 911 emergency services of 9 different highly populated cities such as Los Angeles (Kaplan, 2016). -
Policy on Critical Infrastructure Protection (PDD-63)
PDD-63 was signed into law by President Bill Clinton. It required private industry and government to come together on a strategy for the protection on America's critical infrastructure (Kaplan, 2016). It also set criteria that any interruption to critical infrastructure musts be "brief, infrequent, manageable, geographically isolated, and minimally detrimental to the welfare of the United States." (pdd-63.htm, n.d.). http://itlaw.wikia.com/wiki/Presidential_Decision_Directive_63 -
Joint Task Force - Computer Network Defense
Created by General John "Soup" Cambell, the JTF-CND was stood up in order to provide a place to collect all pieces of intelligence relating to cyber attacks. This would help everyone get on the same page in order to mount a defense and, if necessary, a counter-attack strategy. The JTF-CND was placed under the Department of Defense and reported to the SECDEF through the Assistant Secretary of Defense for Command Control Communications and Intelligence (jya/dod-jtf-cnd.htm, n.d.). -
USA PATRIOT Act
Signed into law by President George W. Bush, the Patriot Act was established in order to bolster US counter-terrorism efforts in the wake of the attacks on September 11, 2001. The law has ten titles which are all focused on combating terrorism. the name "USA PATRIOT Act" is actually an acronym, whose long name is "Uniting And Strengthening America By Providing Appropriate Tools Required To Intercept And Obstruct Terrorism" (pdf/PLAW-107publ56.pdf, n.d.). -
Aurora Generator Test
Conducted at the Idaho National Laboratory, the test showed the world the possibility of an attack on critical infrastructure. It points out that the generator, which was connected using outdated ModBus technology, resembles much of the US power grid at that time (wiki/Aurora_Generator_Test, n.d.). Scientists and government officials were in shock. This was the firs time that a cyber attack had succeeded in causing physical damage. https://www.youtube.com/watch?v=fJyWngDco3g -
Cyber Command Creation
US Cyber Command is located under US Strategic Command, and is co-located with the NSA at Fort Meade (Kaplan, 2016). CYBERCOM conducts cyber operations in order to ensure US freedom in cyberspace and deny the same to our adversaries. CYBERCOM operates under Title 10 authorities which grants it the authority to conduct Computer Network Attack (CNA) (wiki/United_States_Cyber_Command, n.d.).