PRIA Logo
Title 6Domestic SecurityRelease 119-73not60

§657 Cyber Security Enhancement Act of 2002

Title 6 › Chapter 1— HOMELAND SECURITY ORGANIZATION › Subchapter XVIII— CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY › Part A— Cybersecurity and Infrastructure Security › § 657

Last updated Apr 3, 2026|Official source

Summary

Orders the U.S. Sentencing Commission to review and, if needed, change its punishment rules for people convicted of computer crimes under 18 U.S.C. 1030. The Commission must make the rules show how serious and more common these crimes are and help prevent them. It must consider things like how much loss happened, how planning or skillful the attack was, whether the offender sought money or advantage, whether the act was malicious, how much privacy was harmed, if a government computer used for defense, security, or justice was involved, whether critical infrastructure or public health and safety were harmed, and any other facts that make a case worse or better. The Commission must keep its rules consistent with other laws and guidelines, make needed changes, and meet the goals for sentencing set by federal law. Must submit a short report to Congress by May 1, 2003, saying what was done and any recommended changes to criminal penalties under 18 U.S.C. 1030. A government agency that gets a disclosure under 18 U.S.C. 2702(b) must send the Attorney General a report within 90 days with basic details about the disclosure. The Attorney General must combine those reports and send one report to Congress one year after November 25, 2002.

Full Legal Text

Title 6, §657

Domestic Security — Source: USLM XML via OLRC

(a)This section may be cited as the “Cyber Security Enhancement Act of 2002”.
(b)(1)Pursuant to its authority under section 994(p) of title 28 and in accordance with this subsection, the United States Sentencing Commission shall review and, if appropriate, amend its guidelines and its policy statements applicable to persons convicted of an offense under section 1030 of title 18.
(2)In carrying out this subsection, the Sentencing Commission shall—
(A)ensure that the sentencing guidelines and policy statements reflect the serious nature of the offenses described in paragraph (1), the growing incidence of such offenses, and the need for an effective deterrent and appropriate punishment to prevent such offenses;
(B)consider the following factors and the extent to which the guidelines may or may not account for them—
(i)the potential and actual loss resulting from the offense;
(ii)the level of sophistication and planning involved in the offense;
(iii)whether the offense was committed for purposes of commercial advantage or private financial benefit;
(iv)whether the defendant acted with malicious intent to cause harm in committing the offense;
(v)the extent to which the offense violated the privacy rights of individuals harmed;
(vi)whether the offense involved a computer used by the government in furtherance of national defense, national security, or the administration of justice;
(vii)whether the violation was intended to or had the effect of significantly interfering with or disrupting a critical infrastructure; and
(viii)whether the violation was intended to or had the effect of creating a threat to public health or safety, or injury to any person;
(C)assure reasonable consistency with other relevant directives and with other sentencing guidelines;
(D)account for any additional aggravating or mitigating circumstances that might justify exceptions to the generally applicable sentencing ranges;
(E)make any necessary conforming changes to the sentencing guidelines; and
(F)assure that the guidelines adequately meet the purposes of sentencing as set forth in section 3553(a)(2) of title 18.
(c)Not later than May 1, 2003, the United States Sentencing Commission shall submit a brief report to Congress that explains any actions taken by the Sentencing Commission in response to this section and includes any recommendations the Commission may have regarding statutory penalties for offenses under section 1030 of title 18.
(d)(1)
(2)A government entity that receives a disclosure under section 2702(b) of title 18 shall file, not later than 90 days after such disclosure, a report to the Attorney General stating the paragraph of that section under which the disclosure was made, the date of the disclosure, the entity to which the disclosure was made, the number of customers or subscribers to whom the information disclosed pertained, and the number of communications, if any, that were disclosed. The Attorney General shall publish all such reports into a single report to be submitted to Congress 1 year after November 25, 2002.

Legislative History

Notes & Related Subsidiaries

Editorial Notes

Codification Section was formerly classified to section 145 of this title prior to renumbering by Pub. L. 115–278. Section is comprised of section 2207 of Pub. L. 107–296. Subsecs. (d)(1) and (e) to (j) of section 2207 of Pub. L. 107–296 amended section 1030, 2511, 2512, 2520, 2701 to 2703, and 3125 of Title 18, Crimes and Criminal Procedure.

Reference

Citations & Metadata

Citation

6 U.S.C. § 657

Title 6Domestic Security

Last Updated

Apr 3, 2026

Release point: 119-73not60