Recognizing the importance of controlling the dissemination of unclassified information. Congress enacted a law reaffirming the responsibility of the National Institute for Standards and Technology for the security of non-military, unclassified government computer systems. That law was the Computer Security Act of 1987. Prior to Sept. 11, 2001, laws concerning information security, particularly at the national security level, had primarily focused on developing appropriate standards. One of the most significant problems facing the development of such standards was the sheer number of federal agencies involved in national security as well as the broad range of information technology infrastructure. Consequently, it could be quite confusing to determine precisely which agency held the authority to establish such standards and even how those standards should be initiated and supervised. When the Computer Security Act of 1987 was passed, it was the first attempt by Congress to address such issues.
According to the Computer Security Act, the National Bureau of Standards, an agency contained within the Department of Commerce, was granted the responsibility for developing guidelines related to the security and privacy of sensitive information in regards to federal computer systems. That agency has since been renamed the National Institute of Standards and Technology, or NIST. In respect to information security for intelligence gathering and military systems, NIST received no authority. Oversight for such information security was retained by the National Security Agency and the Department of Defense.
Among the most important elements of the Computer Security Act is the fact that the term “federal computer system” was actually defined for the first time to mean systems operated by an agency of the federal government as well as contractors of federal agencies.
What Does the Act Convey to a Common Man?
While the purpose of the Computer Security Act of 1987 was originally aimed at government computer systems, the act does have implications for the common person, which is the idea that certain information is important enough to be safeguarded.
What Are Its Implications?
The Computer Security Act of 1987 was specifically designed to address four critical areas. First, the act established an entirely new level of security classification known as “sensitive.” This classification was granted to information that was deemed to be important enough to be safeguarded but which does not rise to a level deemed to be secret. Additionally, the Computer Security Act of 1987 required uniform security policies and practices to be developed for computer systems holding sensitive information. Furthermore, the act required personnel assigned to operate such computer systems to be trained using uniform standards of training. Finally, the act assigned responsibility for developing minimum acceptable standards for federal computer system security to the National Bureau of Standards. Ultimately, the Computer Security Act of 1987 became the subject of multiple hearings as well as revisions. It was eventually replaced by the Federal Information Security Management Act of 2002.
Can It Help to Avoid Intellectual Property Theft?
While the Computer Security Act of 1987 might at first appear to only have implications in regards to federal computer systems, that is not actually the case. It is actually far more reaching in nature. Initially, the act was enacted by Congress in an attempt to develop security standards for early federal computers. At the same time, there was another objective of the act, which was to recognize, in a legislative sense, that some information does exist which may not exactly be secret but should still be safeguarded. Although, the Computer Security Act of 1987 cannot be used on its own to avoid intellectual property theft, this early attempt at legislation did eventually lead to the development of other legislation that can help companies avoid intellectual property theft.
Among such acts is the Economic Espionage Act of 1996, which resulted in criminalizing the theft of trade secrets that are committed with the intent to benefit a foreign government or agent, or anyone other than the owner of the trade secret. The act is particularly concerned with the attempt by numerous foreign nations as well as their corporations to gain a competitive advantage through the theft of trade secrets, including intangible intellectual property belonging to American inventors.