Yes, Cyber-Spying is That Bad | Opinion Stephen D. Bryen and Shoshana Bryen On 12/22/20 at 8:00 AM EST The United States has been attempting to strengthen its cybersecurity since at least 1988, when it enacted the first Computer Security Act—replaced in 2002 by the Federal Security Management Act. It sounds great in concept: federal agencies are required to "develop, document, and implement" programs for security management "including those provided or managed by another agency, contractor, or other source." How's it working out? Solarwinds, a network management software company, was recently discovered to have had malware inserted into its products. Its clients' systems have been compromised for as long as nine months. Someone—possibly the Russians, possibly the Chinese—has been inside the U.S. Department of Defense, the Department of Homeland Security, the Treasury Department and major American industries. The list gets longer every day.