The new Cybersecurity 2021 guide features 16 jurisdictions. The guide provides the latest legal information on data protection authorities, denial of service attacks, the internet of things (IoT), data security incidents and breaches, network monitoring for cybersecurity, and cyberthreat information sharing arrangements.
Last Updated: March 16, 2021
A New Paradigm for Cybersecurity Defence: Strategy, Leadership, Diplomacy and Guidance
The Cyberspace Solarium Commission, a high-level, bipartisan group established by the US Congress, attributed the weakness of the nation’s cybersecurity posture to failures of strategy and leadership. There could hardly be a more damning indictment of government failure or a clearer explanation for why national security and economic prosperity are so threatened by the risk of cyber-attack, theft and compromise. And what is sadly true of the United States of America on this score is no less true among other democratic, developed countries. This must change if cyber past is not to be prologue regarding future cyber-insecurity.
Government accountability and engagement are key to meaningful progress. The new administration in Washington is legislatively mandated to appoint a senior cybersecurity official in the White House, and to enhance the Cybersecurity and Infrastructure Security Agency. But much more must be done.
It is critical that like-minded countries establish a multilateral process to address material privacy and economic cybersecurity risks, akin to the efforts of the global community to tackle climate change.
Governments must take responsibility for protecting their domestic information networks – very much including the private sector – and the sensitive personal information of their citizens. It is ironic how much attention is accorded, in particular by European countries and non-governmental organisations, to the risks to privacy of corporate acquisition of consumer data for advertising purposes versus how little attention is paid to the wide-scale compromise and theft of acutely sensitive private information by malicious state actors and global cybercriminals.
While cybersecurity will always entail a public-private sector “partnership,” governments must be held responsible – and politically accountable – for protecting the private sector. It is axiomatic in cybersecurity circles that organisations must “be right” 999 out of 1000 times – ie, essentially perfect – to defend themselves against sophisticated threat actors. But as Vice President Kamala Harris acknowledged while serving as California Attorney General in 2016, and as the Federal Trade Commission routinely concedes, there is no such possibility of perfect information security.
Accordingly, pursuing enforcement action against companies that inevitably fail to be perfect, or allowing private litigants to demand perfection of entities that experience a data breach (including numerous government agencies), is not as helpful an incentive as one would imagine. Hiring the best talent and spending enormous amounts on information security is no guarantee either.
Given this reality, governments must establish a new paradigm for cyberprotection. There ought to be much more strenuous government defensive, offensive and diplomatic measures to deter, prevent and punish malicious state actors and global cybercriminals. This must be undertaken on a co-ordinated basis at the highest levels of government (ie, no lower than ministerial).
For the private sector, governments should develop agreed standards and guidance for what constitutes “reasonable security” for organisations depending on their size, sensitivity of systems and data, and role in the cyber “supply chain.” Governments should also promote and encourage the development of attestation models and structures on which companies may rely for their self-assessments of “reasonable security.”
At present, the only real consensus is that cybersecurity risks are growing and that current approaches are not working (or at least not nearly well enough). The world’s governments must do (much) better.