Cybersecurity Laws & Policies

This assignment measures your mastery of ULOs 2.1, 2.2, 2.3, 5.3, and 6.2.

Unlike countries, the Internet is not confined to specific national borders or geopolitical boundaries defying traditional governance. Perform research in the CSU Online Library and the Internet, and answer the following questions:

1. Who can make the laws applicable to cyberspace and cybersecurity?

2. What laws apply once cybercrime crosses national and international boundaries? Why are they important?

3. Who creates policy and enforces these laws?

Provide examples within your paper. Your paper should be three to five pages in length and in APA format. You may use your textbook as source material for your assignment. You must also use three outside sources, which can come from the CSU Online Library or the Internet. All sources used, including the textbook, must be referenced; paraphrased and quoted material must have accompanying citations.

Course Textbook(s) Lewis, T. G. (2020). Critical infrastructure protection in homeland security: Defending a networked nation (3rd ed.). Wiley. https://online.vitalsource.com/#/books/9781119614562

Who can make the laws applicable to cyberspace and cybersecurity?,
What laws apply once cybercrime crosses national and international boundaries? Why are they important?,
Who creates policy and enforces these laws?,
Provide examples within your paper.,
Length: three to five pages in APA format.,

✅ Comprehensive General Assignment Response (3–5 Pages Content)

(Add APA title page + reference page separately)

Introduction

Cyberspace operates beyond physical borders and is used by global governments, private companies, and citizens. Unlike traditional crime, cybercrime can originate in one country, impact victims in another, and involve systems across multiple jurisdictions. Because of this decentralized environment, the creation and enforcement of cybersecurity laws require cooperative efforts from national governments, international organizations, and multi-stakeholder policy bodies. This paper examines who creates laws that govern cyberspace, which legal authorities apply to cybercrime that crosses borders, and which organizations enforce cybersecurity policies worldwide.

Who Can Make Laws Applicable to Cyberspace and Cybersecurity?

Nation-states primarily establish cybersecurity and cybercrime laws within their own jurisdictions. Each country develops its cybersecurity legal framework to protect national infrastructure, citizens, and business operations. Examples include:

United States → Computer Fraud and Abuse Act (CFAA), Cybersecurity Information Sharing Act (CISA)
European Union → General Data Protection Regulation (GDPR), NIS2 Directive
China → Cybersecurity Law of the People’s Republic of China (CSL), Data Security Law

However, since cyberspace is borderless, laws made by one nation often affect international users and organizations. To manage the global impact, international governance groups contribute policies and guidelines including:

International Telecommunication Union (ITU) – Sets cybersecurity standards for global communication networks
Council of Europe – Created the Budapest Convention on Cybercrime
United Nations (UN) – Coordinates cyber norms to reduce state-sponsored cyber aggression

Private-sector organizations also influence cybersecurity policy due to their control of internet infrastructure. Examples include ICANN (internet domain governance) and major technology companies like Microsoft and Google, which develop security frameworks and compliance requirements.

What Laws Apply When Cybercrime Crosses International Boundaries and Why They Matter

When cybercrimes span multiple nations — such as ransomware, identity theft, or infrastructure attacks — domestic law alone is not enough. Cross-boundary enforcement requires treaties and cooperative agreements.

Key international laws and frameworks:

Law / Agreement	Importance
Budapest Convention on Cybercrime	Establishes shared criminal definitions and provides mechanisms for international digital evidence sharing
Tallinn Manual	Guides international law in cyber warfare and conflict
MLATs (Mutual Legal Assistance Treaties)	Allows countries to exchange data and assist in investigations
GDPR (cross-border data protection)	Regulates how global organizations handle EU citizen data

These laws are essential because:

Attackers often exploit jurisdictional gaps.
Standardization improves investigation speed.
Shared definitions help prosecute cybercriminals consistently.
They prevent cybercriminals from finding “safe havens.”

Without cross-national cyber law cooperation, most cybercrimes would go unpunished.

Who Creates Policy and Enforces These Laws?

Cybersecurity law enforcement is shared among government agencies, law enforcement, global partners, and private sector organizations. Enforcement responsibility depends on:

location of the crime
affected systems
national security involvement

Examples of enforcement bodies:

Agency / Entity	Region	Role
FBI Cyber Division	U.S.	Investigates cyber extortion, fraud, and critical infrastructure attacks
Cybersecurity and Infrastructure Security Agency (CISA)	U.S.	Protects national critical infrastructure
Europol EC3	Europe	Coordinates cybercrime enforcement between EU nations
Interpol Cybercrime Directorate	International	Facilitates multinational cyber investigations
National CERTs	Global	Respond to security threats and incidents within each country

Policy enforcement also involves companies who must:

Secure data and networks
Follow privacy and compliance standards (e.g., GDPR fines for violations)
Report breaches affecting national security

In the private sector, cybersecurity standards like NIST CSF are widely adopted to align commercial cybersecurity practices with government expectations (Lewis, 2020).

Blog