Much of this book focuses on the consequences that a company may face for inadequate cybersecurity, such as enforcement actions or lawsuits by the Federal Trade Commission or state attorneys general. However, the federal government's role in private sector cybersecurity is not merely that of a regulator. The government also operates a number of programs that are designed to help companies battle the ever‐evolving field of cybersecurity threats. Cyberspace is unique in that it involves both public and private infrastructure, and therefore the federal government recognizes that it has a role in securing the Internet. Moreover, the federal government can act as a central repository of cybersecurity information.

This chapter first reviews the increasingly centralized civilian cybersecurity operations, many of which are located within the Department of Homeland Security (DHS). It next examines DHS's cybersecurity information‐sharing program, created by the Cybersecurity Act of 2015. The chapter then reviews the voluntary Cybersecurity Framework developed by the National Institute of Standards and Technology. Finally, the chapter examines the U.S. military's ability to protect civilian networks and systems, and the limits placed on these activities by the Posse Comitatus Act.

6.1 U.S. Government's Civilian Cybersecurity Organization

The U.S. federal government does not have a single agency ...