Table 1

Table 1. Executive Branch Orders and Memoranda Relating to Cyber Security
Clinton Administration
4 Apr. 1996	Office of Management and Budget (OMB) Memorandum for Heads of Executive Departments an Establishments	Implementation guidelines for Information Technology Management Reform Act of 1996 (10 Feb. 1996). Indicates responsibilities and organizational position of Chief Information Officer (replacing previous "designated senior official for information resources management") in all federal government agencies. Changes effective August 1996. (http://govinfo.library.unt.edu/nrp/library/omb/2752.html)
15 July 1996	Executive Order 13010	Established President’s Commission on Critical Infrastructure Protection (PCCIP) with members from several key executive branch agencies and departments. Responsible for consulting with all relevant sectors, proposing a national strategy for critical infrastructure protection, and recommending any legal or regulatory changes necessary. Also created interim Infrastructure Protection Task Force within Department of Justice, with members from FBI (chair), Defense Department, and National Security Agency.
1998	Presidential Decision Directive-63	Creates position of National Coordinator for Security, Infrastructure Protection and Counter-Terrorism in the National Security Council. Designates "lead agencies for sector liaison" with private sector. Sets up National Infrastructure Protection Center (NIPC) at FBI with participation from other agencies, responsible for "providing timely warnings of intentional threats, comprehensive analyses and law enforcement investigation and response." Sets up National Infrastructure Assurance Council (NIAC) within Department of Commerce, with members from "major infrastructure providers and state and local government officials" to improve public-private sector collaboration in infrastructure protection. Mandates every agency within 180 days to "develop a plan for protecting its own critical infrastructure," with plans to be implemented within two years of the directive (http://www.cybercrime.gov/white_pr.htm; see also http://www.nipc.gov, http://www.ciao.gov )
17 Dec. 1999	Presidential Memorandum for the Heads of Executive Departments and Agencies	Makes Director of OMB responsible for overseeing federal agencies’ "development of responsible strategies to make transactions available online." Requires several agencies and departments to "make a broad range of benefits and services available through private and secure electronic use of the Internet." Sets target of issuance of 100 thousand digital signature certificates throughout the government by the end of 2000. Directs all agency heads to "develop a strategy for upgrading … [agencies’ capacities] for using the Internet to become more open, efficient, and responsive, and to more effectively carry out the agency’s mission." (http://govinfo.library.unt.edu/nrp/library/direct/memos/elecgovrnmnt.html)

Bush Administration
8 October 2001	Executive Order	Establishes Office of Homeland Security
9 Oct. 2001	Announcement	President’s Special Advisor for Cyberspace Security appointed. Advisor will be responsible for "coordinat[ing] interagency efforts to secure information systems" as well as for working with the part of the private sector that "owns and operates the vast majority" of the country’s "critical infrastructure." Advisor will also chair a soon-to-be-established "government-wide board that will coordinate the protection of critical information systems." (http://www.whitehouse.gov/news/releases/2001/10/20011009.html)
16 Oct. 2001	Executive Order on Critical Infrastructure Protection	Establishes President's Critical Infrastructure Protection Board, chaired by Cyberspace Security Advisor; some of Board’s specific responsibilities to be determined by the Presidential Assistant for Homeland Security together with National Security Advisor. Establishes several standing committees within the CIPB. Continues roles of NIPC and NIAC (reconstituted as National Infrastructure Advisory Council). (http://www.whitehouse.gov/news/releases/2001/10/20011016-12.html)

Table 2. House and Senate Hearings Related to Cyber Security
Before Sept. 11
9 March 2000	Computer Security: Are We Prepared for Cyberwar?	House Committee on Government Reform, Subcommittee on Government Management, Information, and Technology
29 March 2000	Enhancing Computer Security: What Tools Work Best?	House Committee on Government Reform, Subcommittee on Government Management, Information, and Technology
22 May 2000	Government Online: Strategies and Challenges	House Committee on Government Reform, Subcommittee on Government Management, Information, and Technology
22 June 2000	H.R. 4246, the Cyber Security Information Act of 2000: An Examination of Issues Involving Public-Private Partnerships for Critical Infrastructures	House Committee on Government Reform, Subcommittee on Government Management, Information, and Technology
26 July 2000	Computer Security: Cyber Attacks - A War without Borders	House Committee on Government Reform, Subcommittee on Government Management, Information, and Technology
11 Sept. 2000	Computer Security: How Vulnerable Are Federal Computers?	House Committee on Government Reform, Subcommittee on Government Management, Information, and Technology
12 Sept. 2000	Establishing a Federal CIO: Information Technology Management and Assurance within the Federal Government	House Committee on Government Reform, Subcommittee on Government Management, Information, and Technology
3 April 2001	Hearing on the Hart-Rudman Report (United States Commission on National Security/21st Century)	Senate Judiciary Committee, Subcommittee on Technology, Terrorism and Government Information
5 April 2001	[Computer Security in Federal Systems]	House Committee on Energy and Commerce, Subcommittee on Oversight and Investigations
3 Aug. 2001	How Secure is Sensitive Commerce Department Data and Operations? A Review of the Department’s Computer Security Policies and Practices	House Committee on Energy and Commerce, Subcommittee on Oversight and Investigations
29 August 2001	What Can be Done to Reduce the Threats Posed by Computer Viruses and Worms to the Workings of Government	House Committee on Government Reform, Subcommittee on Government Efficiency, Financial Management, and Intergovernmental Relations
After Sept. 11
26 Sept. 2001	Information Technology – Essential Yet Vulnerable: How Prepared Are We for Attacks?	House Committee on Government Reform, Subcommittee on Government Efficiency, Financial Management, and Intergovernmental Relations
4 Oct. 2001	Critical Infrastructure Protection: Who’s in Charge?	Senate Governmental Affairs Committee
10 Oct. 2001	Cyber Security: How Can We Protect American Computer Networks from Attack?	House Science Committee
10 Oct. 2001	Terrorism: Are America’s Water Resources and Environment at Risk?	House Committee on Transportation and Infrastructure, Subcommittee on Water Resources and Environment
12 Oct. 2001	Responding to Homeland Threats	Senate Governmental Affairs Committee
17 Oct. 2001	Hearing on Cyber Terrorism	House Science Committee
7 Nov. 2001	Hearing on Threats to Domestic Security	House Budget Committee
9 Nov. 2001	Computer Security in the Federal Government: How Do the Agencies Rate?	House Government Reform Committee, Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations
14 Nov. 2001	Biometric Identifiers and the Modern Face of Terror: New Technologies in the Global War on Terrorism	Senate Judiciary Committee, Subcommittee on Technology, Terrorism and Government Information
15 Nov. 2001	Private Sector and Cyber Security	House Energy and Commerce Committee, Subcommittee on Commerce, Trade and Consumer Protection