Editing Computer security (section)

===Computer emergency response teams===
{{Main|Computer emergency response team}}

Most countries have their own computer emergency response team to protect network security.

==== Canada ====
Since 2010, Canada has had a cybersecurity strategy.<ref>{{cite news |title=Government of Canada Launches Canada's Cyber Security Strategy |url=http://www.marketwired.com/press-release/government-of-canada-launches-canadas-cyber-security-strategy-1328661.htm |access-date=1 November 2014 |work=Market Wired |date=3 October 2010 |url-status=live |archive-url=https://web.archive.org/web/20141102175904/http://www.marketwired.com/press-release/government-of-canada-launches-canadas-cyber-security-strategy-1328661.htm |archive-date=2 November 2014  }}</ref><ref name="Canada's Cyber Security Strategy">{{cite web |title=Canada's Cyber Security Strategy |url=http://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/cbr-scrt-strtgy/index-eng.aspx |website=Public Safety Canada |publisher=Government of Canada |access-date=1 November 2014 |url-status=live |archive-url=https://web.archive.org/web/20141102175701/http://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/cbr-scrt-strtgy/index-eng.aspx |archive-date=2 November 2014  }}</ref> This functions as a counterpart document to the National Strategy and Action Plan for Critical Infrastructure.<ref name="Government of Canada" /> The strategy has three main pillars: securing government systems, securing vital private cyber systems, and helping Canadians to be secure online.<ref name="Canada's Cyber Security Strategy" /><ref name="Government of Canada">{{cite web |title=Action Plan 2010–2015 for Canada's Cyber Security Strategy |url=http://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/ctn-pln-cbr-scrt/index-eng.aspx |website=Public Safety Canada |publisher=Government of Canada |access-date=3 November 2014 |url-status=live |archive-url=https://web.archive.org/web/20141102173436/http://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/ctn-pln-cbr-scrt/index-eng.aspx |archive-date=2 November 2014  }}</ref> There is also a Cyber Incident Management Framework to provide a coordinated response in the event of a cyber incident.<ref>{{cite web |title=Cyber Incident Management Framework For Canada |url=http://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/cbr-ncdnt-frmwrk/index-eng.aspx#_Toc360619104 |website=Public Safety Canada |publisher=Government of Canada |access-date=3 November 2014 |url-status=live |archive-url=https://web.archive.org/web/20141102213822/http://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/cbr-ncdnt-frmwrk/index-eng.aspx#_Toc360619104 |archive-date=2 November 2014  }}</ref><ref>{{cite web |title=Action Plan 2010–2015 for Canada's Cyber Security Strategy |url=http://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/ctn-pln-cbr-scrt/index-eng.aspx |website=Public Safety Canada |publisher=Government of Canada |access-date=1 November 2014 |url-status=live |archive-url=https://web.archive.org/web/20141102173436/http://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/ctn-pln-cbr-scrt/index-eng.aspx |archive-date=2 November 2014  }}</ref>

The [[Canadian Cyber Incident Response Centre]] (CCIRC) is responsible for mitigating and responding to threats to Canada's critical infrastructure and cyber systems. It provides support to mitigate cyber threats, technical support to respond & recover from targeted cyber attacks, and provides online tools for members of Canada's critical infrastructure sectors.<ref>{{cite web |title=Canadian Cyber Incident Response Centre |url=http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/ccirc-ccric-eng.aspx |website=Public Safety Canada |access-date=1 November 2014 |url-status=live |archive-url=https://web.archive.org/web/20141008035436/http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/ccirc-ccric-eng.aspx |archive-date=8 October 2014  }}</ref> It posts regular cybersecurity bulletins<ref>{{cite web |title=Cyber Security Bulletins |url=http://www.publicsafety.gc.ca/cnt/rsrcs/cybr-ctr/index-eng.aspx |website=Public Safety Canada |access-date=1 November 2014 |url-status=live |archive-url=https://web.archive.org/web/20141008194739/http://www.publicsafety.gc.ca/cnt/rsrcs/cybr-ctr/index-eng.aspx |archive-date=8 October 2014  }}</ref> & operates an online reporting tool where individuals and organizations can report a cyber incident.<ref>{{cite web |title=Report a Cyber Security Incident |url=http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/rprt-eng.aspx |website=Public Safety Canada |publisher=Government of Canada |access-date=3 November 2014 |url-status=live |archive-url=https://web.archive.org/web/20141111212708/http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/rprt-eng.aspx |archive-date=11 November 2014  }}</ref>

To inform the general public on how to protect themselves online, Public Safety Canada has partnered with STOP.THINK.CONNECT, a coalition of non-profit, private sector, and government organizations,<ref>{{cite news |title=Government of Canada Launches Cyber Security Awareness Month With New Public Awareness Partnership |url=http://www.marketwired.com/press-release/government-canada-launches-cyber-security-awareness-month-with-new-public-awareness-1706660.htm |access-date=3 November 2014 |work=Market Wired |publisher=Government of Canada |date=27 September 2012 |url-status=live |archive-url=https://web.archive.org/web/20141103225408/http://www.marketwired.com/press-release/government-canada-launches-cyber-security-awareness-month-with-new-public-awareness-1706660.htm |archive-date=3 November 2014  }}</ref> and launched the Cyber Security Cooperation Program.<ref>{{cite web |title=Cyber Security Cooperation Program |url=http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/cprtn-prgrm/index-eng.aspx |website=Public Safety Canada |access-date=1 November 2014 |url-status=live |archive-url=https://web.archive.org/web/20141102184754/http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/cprtn-prgrm/index-eng.aspx |archive-date=2 November 2014  }}</ref><ref>{{cite web |title=Cyber Security Cooperation Program |url=http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/cprtn-prgrm/index-eng.aspx |website=Public Safety Canada |url-status=live |archive-url=https://web.archive.org/web/20141102184754/http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/cprtn-prgrm/index-eng.aspx |archive-date=2 November 2014  |date=16 December 2015 }}</ref> They also run the GetCyberSafe portal for Canadian citizens, and Cyber Security Awareness Month during October.<ref>{{cite web |title=GetCyberSafe |url=http://www.getcybersafe.gc.ca/index-eng.aspx |website=Get Cyber Safe |publisher=Government of Canada |access-date=3 November 2014 |url-status=live |archive-url=https://web.archive.org/web/20141111210737/http://www.getcybersafe.gc.ca/index-eng.aspx |archive-date=11 November 2014  }}</ref>

Public Safety Canada aims to begin an evaluation of Canada's cybersecurity strategy in early 2015.<ref name="Government of Canada" />

==== Australia ====
[[Australian federal government]] announced an $18.2 million investment to fortify the [[cybersecurity]] resilience of small and medium enterprises (SMEs) and enhance their capabilities in responding to cyber threats. This financial backing is an integral component of the [https://www.homeaffairs.gov.au/about-us/our-portfolios/cyber-security/strategy/2023-2030-australian-cyber-security-strategy 2023-2030 Australian Cyber Security Strategy]. A substantial allocation of $7.2 million is earmarked for the establishment of a voluntary cyber health check program, facilitating businesses in conducting a comprehensive and tailored self-assessment of their cybersecurity upskill.

This avant-garde health assessment serves as a diagnostic tool, enabling enterprises to ascertain the robustness of [https://www.homeaffairs.gov.au/reports-and-pubs/files/strengthening-australias-cyber-security-submissions/nsw-young-lawyers.pdf Australia's cyber security regulations]. Furthermore, it affords them access to a repository of educational resources and materials, fostering the acquisition of skills necessary for an elevated cybersecurity posture. This groundbreaking initiative was jointly disclosed by Minister for Cyber Security [[Clare O'Neil]] and Minister for Small Business [[Julie Collins]].<ref>"Australian federal government announces cybersecurity support for SMBs",{{cite web |url=https://www.homeaffairs.gov.au/about-us/our-portfolios/cyber-security/strategy/2023-2030-australian-cyber-security-strategy |title=2023-2030 Australian Cyber Security Strategy |access-date=22 November 2023 }}</ref>

==== India ====
Some provisions for cybersecurity have been incorporated into rules framed under the Information Technology Act 2000.<ref>{{cite web|title=Need for proper structure of PPPs to address specific cyberspace risks|url=http://www.orfonline.org/cyfy-event/need-for-proper-structure-of-ppps-to-address-specific-cyberspace-risks/|url-status=live|archive-url=https://web.archive.org/web/20171113165123/http://www.orfonline.org/cyfy-event/need-for-proper-structure-of-ppps-to-address-specific-cyberspace-risks/|archive-date=13 November 2017}}</ref>

The [[National Cyber Security Policy 2013]] is a policy framework by the Ministry of Electronics and Information Technology (MeitY) which aims to protect the public and private infrastructure from cyberattacks, and safeguard "information, such as personal information (of web users), financial and banking information and sovereign data". [[Indian Computer Emergency Response Team|CERT- In]] is the nodal agency which monitors the cyber threats in the country. The post of [[National Cyber Coordination Centre#National Cyber Security Coordinator|National Cyber Security Coordinator]] has also been created in the [[Prime Minister's Office (India)|Prime Minister's Office (PMO)]].

The Indian Companies Act 2013 has also introduced cyber law and cybersecurity obligations on the part of Indian directors. Some provisions for cybersecurity have been incorporated into rules framed under the Information Technology Act 2000 Update in 2013.<ref>{{cite web|url=https://www.ncdrc.res.in/|title=National Cyber Safety and Security Standards(NCSSS)-Home|work=www.ncdrc.res.in|access-date=19 February 2018|archive-date=19 February 2018|archive-url=https://web.archive.org/web/20180219150958/https://www.ncdrc.res.in/}}</ref>

==== South Korea ====
Following cyberattacks in the first half of 2013, when the government, news media, television stations, and bank websites were compromised, the national government committed to the training of 5,000 new cybersecurity experts by 2017. The South Korean government blamed its northern counterpart for these attacks, as well as incidents that occurred in 2009, 2011,<ref>{{cite news |title=South Korea seeks global support in cyber attack probe |newspaper=BBC Monitoring Asia Pacific |date=7 March 2011}}</ref> and 2012, but Pyongyang denies the accusations.<ref>{{cite news |title=Seoul Puts a Price on Cyberdefense |url=https://blogs.wsj.com/korearealtime/2013/09/23/seoul-puts-a-price-on-cyberdefense/ |access-date=24 September 2013 |newspaper=The Wall Street Journal |date=23 September 2013 |first=Kwanwoo |last=Jun |agency=Dow Jones & Company, Inc |url-status=live |archive-url=https://web.archive.org/web/20130925102342/http://blogs.wsj.com/korearealtime/2013/09/23/seoul-puts-a-price-on-cyberdefense/ |archive-date=25 September 2013  }}</ref>

==== United States ====

===== Cyber Plan =====
The [[United States]] has its first fully formed cyber plan in 15 years, as a result of the release of this National Cyber plan.<ref>{{cite news |last1=White |first1=House |title=National security strategy |url=https://bidenwhitehouse.archives.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf |agency=US gov |issue=March 2032 |publisher=white house |date=March 2023}}</ref> In this policy, the US says it will: Protect the country by keeping networks, systems, functions, and data safe; Promote American wealth by building a strong digital economy and encouraging strong domestic innovation; Peace and safety should be kept by making it easier for the US to stop people from using computer tools for bad things, working with friends and partners to do this; and increase the United States' impact around the world to support the main ideas behind an open, safe, reliable, and compatible Internet.<ref>{{cite web |last1=Adil |first1=Sajid |title=Do You Know About Biggest Cybersecurity Threats In 2023? |url=https://cybernexguard.com/do-you-know-about-biggest-cybersecurity-threats-in-2023/ |website=Cybernexguard |date=16 October 2023 |publisher=Adil Sajid |access-date=18 December 2023}}</ref>

The new U.S. cyber strategy<ref>{{cite web |last1=Adil |first1=Sajid |title=National Cyber Strategy of the United States of America |url=https://digital.library.unt.edu/ark:/67531/metadc1259394/ |website=University Libraries UNT Digital Library |date=September 2018 |access-date=18 December 2023}}</ref> seeks to allay some of those concerns by promoting responsible behavior in [[cyberspace]], urging nations to adhere to a set of norms, both through international law and voluntary standards. It also calls for specific measures to harden U.S. government networks from attacks, like the June 2015 intrusion into the [[U.S. Office of Personnel Management]] (OPM), which compromised the records of about 4.2 million current and former government employees. And the strategy calls for the U.S. to continue to name and shame bad cyber actors, calling them out publicly for attacks when possible, along with the use of economic sanctions and diplomatic pressure.<ref>{{cite web |last1=Adil |first1=Sajid |title=Do You Know About Biggest Cybersecurity Threats In 2023? |url=https://digital.library.unt.edu/ark:/67531/metadc1259394/#collections |website=University Libraries UNT Digital Library |date=September 2018 |access-date=18 December 2023}}</ref>

===== Legislation =====
The 1986 {{USC|18|1030}}, the [[Computer Fraud and Abuse Act]] is the key legislation. It prohibits unauthorized access or damage of ''protected computers'' as defined in {{USCSub|18|1030|e|2}}. Although various other measures have been proposed<ref>{{USBill|111|HR|4962|pipe=International Cybercrime Reporting and Cooperation Act|site=yes}}</ref><ref>{{Cite web|url=http://hsgac.senate.gov/public/index.cfm?FuseAction=Files.View&FileStore_id=4ee63497-ca5b-4a4b-9bba-04b7f4cb0123|archive-url=https://web.archive.org/web/20120120040012/http://hsgac.senate.gov/public/index.cfm?FuseAction=Files.View&FileStore_id=4ee63497-ca5b-4a4b-9bba-04b7f4cb0123|url-status=unfit|title=111th Congress, 2nd Session|archive-date=20 January 2012}}</ref> – none have succeeded.

In 2013, [[executive order]] [[s:Executive Order 13636|13636]] ''Improving Critical Infrastructure Cybersecurity'' was signed, which prompted the creation of the [[NIST Cybersecurity Framework]].

In response to the [[Colonial Pipeline ransomware attack]]<ref>{{cite web| url = https://www.npr.org/2021/05/13/996617560/biden-advisor-on-cyber-threats-and-the-new-executive-order-to-combat-them| title = Biden Adviser On Cyber Threats And The New Executive Order To Combat Them| website = [[NPR]]}}</ref> President [[Joe Biden]] signed Executive Order 14028<ref>[https://bidenwhitehouse.archives.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/ Executive Order on Improving the Nation's Cybersecurity] (full text)</ref> on May 12, 2021, to increase software security standards for sales to the government, tighten detection and security on existing systems, improve information sharing and training, establish a Cyber Safety Review Board, and improve incident response.

=====Standardized government testing services=====

The [[General Services Administration]] (GSA) has{{when|date=September 2021}} standardized the ''penetration test'' service as a pre-vetted support service, to rapidly address potential vulnerabilities, and stop adversaries before they impact US federal, state and local governments. These services are commonly referred to as Highly Adaptive Cybersecurity Services (HACS).
{{further|Penetration test#Standardized government penetration test services}}

===== Agencies =====
The [[United States Department of Homeland Security|Department of Homeland Security]] has a dedicated division responsible for the response system, [[risk management]] program and requirements for cybersecurity in the United States called the [[National Cyber Security Division]].<ref>{{cite web|title=National Cyber Security Division |url=https://www.dhs.gov/xabout/structure/editorial_0839.shtm |publisher=U.S. Department of Homeland Security |access-date=14 June 2008 |archive-url=https://web.archive.org/web/20080611210347/https://www.dhs.gov/xabout/structure/editorial_0839.shtm |archive-date=11 June 2008  }}</ref><ref name="CSRDC-FAQ" /> The division is home to US-CERT operations and the National Cyber Alert System.<ref name="CSRDC-FAQ">{{cite web |title=FAQ: Cyber Security R&D Center |url=http://www.cyber.st.dhs.gov/faq.html |publisher=U.S. Department of Homeland Security S&T Directorate |access-date=14 June 2008 |url-status=live |archive-url=https://web.archive.org/web/20081006042850/http://www.cyber.st.dhs.gov/faq.html |archive-date=6 October 2008  }}</ref> The National Cybersecurity and Communications Integration Center brings together government organizations responsible for protecting computer networks and networked infrastructure.<ref>AFP-JiJi, "U.S. boots up cybersecurity center", 31 October 2009.</ref>

The third priority of the FBI is to: "Protect the United States against cyber-based attacks and high-technology crimes",<ref>{{cite web |url=https://www.fbi.gov/about-us/quick-facts |title=Federal Bureau of Investigation – Priorities |publisher=Federal Bureau of Investigation |url-status=live |archive-url=https://web.archive.org/web/20160711053557/https://www.fbi.gov/about-us/quick-facts |archive-date=11 July 2016  }}</ref> and they, along with the [[National White Collar Crime Center]] (NW3C), and the [[Bureau of Justice Assistance]] (BJA) are part of the multi-agency task force, The [[Internet Crime Complaint Center]], also known as IC3.<ref>{{cite web|url=http://www.ic3.gov/default.aspx|title=Internet Crime Complaint Center (IC3) – Home |url-status=live |archive-url=https://web.archive.org/web/20111120021742/http://www.ic3.gov/default.aspx|archive-date=20 November 2011}}</ref>

In addition to its own specific duties, the FBI participates alongside non-profit organizations such as [[InfraGard]].<ref>{{cite web |url=http://www.infragard.net/ |title=Infragard, Official Site |work=Infragard |access-date=10 September 2010 |url-status=live |archive-url=https://web.archive.org/web/20100909051004/http://www.infragard.net/ |archive-date=9 September 2010  }}</ref><ref>{{cite web|url=http://www.infragard.net/media/files/dir_med.mov |title=Robert S. Mueller, III – InfraGard Interview at the 2005 InfraGard Conference |work=Infragard (Official Site) – "Media Room" |access-date=9 December 2009 |archive-url=https://web.archive.org/web/20110617004540/http://www.infragard.net/media/files/dir_med.mov |archive-date=17 June 2011 }}</ref>

The [[Computer Crime and Intellectual Property Section]] (CCIPS) operates in the [[United States Department of Justice Criminal Division]]. The CCIPS is in charge of investigating [[computer crime]] and [[intellectual property]] crime and is specialized in the search and seizure of [[digital evidence]] in computers and [[Computer network|networks]].<ref>{{cite web |url=http://www.cybercrime.gov/ |title=CCIPS |url-status=live |archive-url=https://web.archive.org/web/20060823173821/http://www.cybercrime.gov/ |archive-date=23 August 2006  |date=25 March 2015 }}</ref> In 2017, CCIPS published A Framework for a Vulnerability Disclosure Program for Online Systems to help organizations "clearly describe authorized vulnerability disclosure and discovery conduct, thereby substantially reducing the likelihood that such described activities will result in a civil or criminal violation of law under the Computer Fraud and Abuse Act (18 U.S.C. § 1030)."<ref>{{cite web|url=https://www.justice.gov/criminal-ccips/page/file/983996/download|title=A Framework for a Vulnerability Disclosure Program for Online Systems|date=July 2017|publisher=Cybersecurity Unit, Computer Crime & Intellectual Property Section Criminal Division U.S. Department of Justice|access-date=9 July 2018}}</ref>

The [[USCYBERCOM|United States Cyber Command]], also known as USCYBERCOM, "has the mission to direct, synchronize, and coordinate cyberspace planning and operations to defend and advance national interests in collaboration with domestic and international partners."<ref>{{cite web|title=Mission and Vision|url=https://www.cybercom.mil/About/Mission-and-Vision/|access-date=20 June 2020|website=www.cybercom.mil}}</ref> It has no role in the protection of civilian networks.<ref>{{cite speech |url=https://www.defense.gov/speeches/speech.aspx?speechid=1399 |title=Remarks at the Defense Information Technology Acquisition Summit|author=William J. Lynn, III |date=November 12, 2009|access-date=10 July 2010 |url-status=live <!-- technically unfit but effectively dead-->|archive-url=https://web.archive.org/web/20100415113237/http://www.defense.gov/speeches/speech.aspx?speechid=1399 |location=Washington D.C. |archive-date=15 April 2010  }}</ref><ref>{{cite web | last=Shachtman | first=Noah | title=Military's Cyber Commander Swears: "No Role" in Civilian Networks  | website=brookings.edu | date=2010-09-23 | url=http://www.brookings.edu/opinions/2010/0923_military_internet_shachtman.aspx | archive-url=https://web.archive.org/web/20101106032102/http://www.brookings.edu/opinions/2010/0923_military_internet_shachtman.aspx | archive-date=2010-11-06 }}</ref>

The U.S. [[Federal Communications Commission]]'s role in cybersecurity is to strengthen the protection of critical communications infrastructure, to assist in maintaining the reliability of networks during disasters, to aid in swift recovery after, and to ensure that first responders have access to effective communications services.<ref>{{cite web |title=FCC Cybersecurity |url=http://www.fcc.gov/pshs/emergency-information/cybersecurity.html |publisher=FCC |archive-url=https://web.archive.org/web/20100527095750/http://www.fcc.gov/pshs/emergency-information/cybersecurity.html |archive-date=27 May 2010  |access-date=3 December 2014 }}</ref>

The [[Food and Drug Administration]] has issued guidance for medical devices,<ref>{{cite web|url=https://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm356423.htm|title=Cybersecurity for Medical Devices and Hospital Networks: FDA Safety Communication|website=[[Food and Drug Administration]]|access-date=23 May 2016|url-status=dead|archive-url=https://web.archive.org/web/20160528153847/https://www.fda.gov/medicaldevices/safety/alertsandnotices/ucm356423.htm|archive-date=28 May 2016}}</ref> and the [[National Highway Traffic Safety Administration]]<ref>{{cite web|url=http://www.nhtsa.gov/Research/Crash+Avoidance/Automotive+Cybersecurity|title=Automotive Cybersecurity – National Highway Traffic Safety Administration (NHTSA)|access-date=23 May 2016|archive-url=https://web.archive.org/web/20160525195552/http://www.nhtsa.gov/Research/Crash+Avoidance/Automotive+Cybersecurity|archive-date=25 May 2016}}</ref> is concerned with automotive cybersecurity. After being criticized by the [[Government Accountability Office]],<ref>{{cite report |url=http://www.gao.gov/products/GAO-15-370 |title=Air Traffic Control: FAA Needs a More Comprehensive Approach to Address Cybersecurity As Agency Transitions to NextGen |number=GAO-15-370 |access-date=23 May 2016 |url-status=live |archive-url=https://web.archive.org/web/20160613150636/http://www.gao.gov/products/GAO-15-370 |archive-date=13 June 2016  |date=14 April 2015 |publisher=U. S. Government Accountability Office}}</ref> and following successful attacks on airports and claimed attacks on airplanes, the [[Federal Aviation Administration]] has devoted funding to securing systems on board the planes of private manufacturers, and the [[Aircraft Communications Addressing and Reporting System]].<ref>{{cite web|url=http://www.nextgov.com/cybersecurity/2016/03/faa-has-started-shaping-cybersecurity-regulations/126449/|title=FAA Working on New Guidelines for Hack-Proof Planes|first=Aliya|last=Sternstein|date=4 March 2016|work=Nextgov|access-date=23 May 2016|url-status=live|archive-url=https://web.archive.org/web/20160519181332/http://www.nextgov.com/cybersecurity/2016/03/faa-has-started-shaping-cybersecurity-regulations/126449/|archive-date=19 May 2016}}</ref> Concerns have also been raised about the future [[Next Generation Air Transportation System]].<ref>{{cite web | url=https://www.fas.org/sgp/crs/homesec/IN10296.pdf | title=Protecting Civil Aviation from Cyberattacks | date=18 June 2015 | access-date=4 November 2016 | first=Bart | last=Elias | url-status=live | archive-url=https://web.archive.org/web/20161017100306/https://www.fas.org/sgp/crs/homesec/IN10296.pdf | archive-date=17 October 2016 | df=dmy-all }}</ref>

The US Department of Defense (DoD) issued DoD Directive 8570 in 2004, supplemented by DoD Directive 8140, requiring all DoD employees and all DoD contract personnel involved in information assurance roles and activities to earn and maintain various industry Information Technology (IT) certifications in an effort to ensure that all DoD personnel involved in network infrastructure defense have minimum levels of IT industry recognized knowledge, skills and abilities (KSA). Andersson and Reimers (2019) report these certifications range from CompTIA's A+ and Security+ through the ICS2.org's CISSP, etc.<ref>{{cite conference | last1=Anderson | first1=David | last2=Reimers | first2=Karl | conference=EDULEARN19 Proceedings | title=CYBER SECURITY EMPLOYMENT POLICY AND WORKPLACE DEMAND IN THE U.S. GOVERNMENT | publisher=IATED | year=2019 | volume=1 | issn=2340-1117 | doi=10.21125/edulearn.2019.1914 | pages=7858–7866| isbn=978-84-09-12031-4 }}</ref>

===== Computer emergency readiness team =====
''[[Computer emergency response team]]'' is a name given to expert groups that handle computer security incidents. In the US, two distinct organizations exist, although they do work closely together.
* [[US-CERT]]: part of the [[National Cyber Security Division]] of the [[United States Department of Homeland Security]].<ref>{{cite news |author=Verton, Dan |title=DHS launches national cyber alert system |url=http://www.computerworld.com/securitytopics/security/story/0,10801,89488,00.html |date=28 January 2004 |work=Computerworld |publisher=IDG |access-date=15 June 2008 |url-status=live |archive-url=https://web.archive.org/web/20050831162039/http://www.computerworld.com/securitytopics/security/story/0,10801,89488,00.html |archive-date=31 August 2005  }}</ref>
* [[CERT Coordination Center|CERT/CC]]: created by the [[Defense Advanced Research Projects Agency]] (DARPA) and run by the [[Software Engineering Institute]] (SEI).

===== U.S. NRC, 10 CFR 73.54 Cybersecurity =====

In the context of [[Nuclear power in the United States|U.S. nuclear power plants]], the [[Nuclear Regulatory Commission|U.S. Nuclear Regulatory Commission (NRC)]] outlines cybersecurity requirements under [[Nuclear safety and security#Title 10 CFR Part 73 (U.S. NRC)|10 CFR Part 73]], specifically in §73.54.<ref>Details can be found in [https://www.ecfr.gov/current/title-10/section-73.54 10 CFR 73.54, Protection of digital computer and communication systems and networks].</ref>

===== NEI 08-09: Cybersecurity Plan for Nuclear Power Plants =====

The [[Nuclear Energy Institute]]'s NEI 08-09 document, ''Cyber Security Plan for Nuclear Power Reactors'',<ref>''[https://www.nrc.gov/docs/ML1011/ML101180437.pdf Cyber Security Plan for Nuclear Power Reactors]'' - Nuclear Energy Institute</ref>  outlines a comprehensive framework for [[cybersecurity]] in the [[nuclear power industry]]. Drafted with input from the [[Nuclear Regulatory Commission|U.S. NRC]], this guideline is instrumental in aiding [[licensee]]s to comply with the [[Title 10 of the Code of Federal Regulations|Code of Federal Regulations (CFR)]], which mandates robust protection of digital computers and equipment and communications systems at nuclear power plants against cyber threats.<ref>Refer to '''[https://www.nrc.gov/docs/ML1011/ML101180437.pdf NEI 08-09]''' for more details.</ref>