Cyber Security Enhancement Directive

The Cyber Security Enhancement Directive

Note: This information about The Cyber Security Enhancement Directive is based on an United States Sentencing Commission report to the Congress on penalties for cyber security offenses. The Cyber Security Enhancement Act directs the United States Sentencing Commission to review and amend, if appropriate, guidelines and policy statements applicable to individuals convicted of offenses under 18 U. S. C. § 1030. The Act requires the United States Sentencing Commission, in carrying out the directive, to ensure that the relevant guidelines and policy statements reflect the serious nature and growing incidence of section 1030 offenses and the need for an effective deterrent and appropriate punishment. It also requires the United States Sentencing Commission to consider the extent to which the following eight factors are or are not accounted for by the relevant guidelines:

1. the potential and actual loss resulting from the offense;
2. the level of sophistication and planning involved in the offense;
3. whether the offense was committed for purposes of commercial advantage or private financial benefit;
4. whether the defendant acted with malicious intent to cause harm in committing the offense;
5. the extent to which the offense violated the privacy rights of individuals harmed; Of the 126 cases with convictions under 18 U. S. C. § 1030 sentenced in fiscal years 2001 and 2002, 10 were excluded from the analysis due to incomplete or missing documentation.
6. whether the offense involved a computer used by the government in furtherance of national defense, national security, or the administration of justice;
7. whether the violation was intended to or had the effect of significantly interfering with or disrupting a critical infrastructure; and
8. whether the violation was intended to or had the effect of creating a threat to public health or safety, or injury to any person.