SlideShare a Scribd company logo

Cybersecurity regulation will be challenging

Download as DOCX, PDF
Joe Orlando
Joe Orlando

Keeping up with Regulations is a small part of the challenge since regulations severly lag the real risk

Law
1 of 5
Cybersecurity Regulation Will Be Challenging Summary Due to the volatility, force and pace with which technological innovation is moving through the global economy, cyber risk has become the biggest contemporary threat to all actors, especially private enterprise. Taking a regulatory perspective must be a key part of any overall successful strategy. However, as regulations are growing increasingly complex, doing the minimum in compliance is not enough anymore. It is evident, more and more, governments and customers will view a provider’s security posture less from a compliance perspective and more as a competitive differentiator. A provider of products and services will have to consider compliance simply as the ante to earn the right to compete in the marketplace. Drivers for regulations are most abundant in Financial Services; Healthcare; Telecommunications; Critical Infrastructure and Government systems. Despite high profile breaches — from Target to Yahoo — legislation to toughen data protection standards hasn't gained traction, but it's not for lack of an effort. A search for "cyber security" yields 141 pieces of legislation — including bills and amendments — that have gone before the 115th Congress with those words in the title or body and cover a variety of areas. Given the current focus of the Administration to “deregulate” and a partisan Congress, it is less likely that sweeping national new regulation will be realized over the next two years. This means that the States (like what we are seeing from California, Maryland and New York) will be driving a great deal of the regulatory changes. It is more than fair to say that regulation alone does not make any system more secure. Coming to terms on consistent metrics will be key. One cannot manage what one cannot measure.
The Challenge in Cybersecurity Regulation Cybersecurity is a fast-morphing mix of adapting new behaviors in people to new ways of doing things and with even newer technologies. This means that making any assumptions about what regulations will be needed six days; six weeks; and six months from now is more than problematic. Most legislation is initiated well after the fact and driven by a wave of litigation and special interest lobbying. Meaningful cyber warfare requires a more expeditious approach. To regulate something, you must know all the players; the expected and desired actions of each of the players and the mutually agreed upon desired outcome. To leverage the sports metaphor, we know the right number of players in the game; their positions relative to one another and what it means to score a point. In the cyber world, we can’t know all the players; we cannot predict “how” they will arrive to play; whether they come to “score points” or to simply disrupt the game; and the rules, as outlined, are merely guideposts for what to avoid. And, currently, only one team plays offense and the other defense, throughout the competition. This game never ends. In order for citizens, governments, and industries to be able to begin to effectively regulate cybersecurity, we must find a common definition of terms; a comprehensive series of meaningful metrics; a consensus on approach; a consistent application across geographies; a constructive incentive scheme and a crushing global deterrent. The current internet infrastructure and regulatory frameworks are poorly tailored to keep pace with the evolution of the internet and the digital realm in general. A very significant number of NIST publications are in the process of being revised, rewritten and/or retired based on the introduction of new technologies and the obsolescence of others…and most of these publications were mostly written since in this millennia. NIST Special Publication 800-53 Rev. 1 was published in 2008. Therefore, a majority severely lag behind present technology and threat level awareness. This is because the internet infrastructure was not designed to cope with present data quantities and the myriad of actors challenging the very scope and content of it. Cyber security legislation and compliance – if come into force – is ever-shifting. Consequently, it is crucially important that companies anticipate tomorrow‘s regulatory environment. In particular, when they are active in multiple jurisdictions, it is fundamental to systematically track evolving laws and regulations in order to be able to respond to legal and political challenges on time. To Anticipate What Will Need Regulating Regulations become dated the moment they are placed into effect. Trying to anticipate where regulation will be needed can be driven by what trends in technologies we can forecast.
These trends bring together technologies with the potential to initiate lasting transformation in the digital ecosystem, which we define as all of the infrastructure, software applications, content, and the social practices that determine how the ecosystem is used. The largest trends are as follows: 1. Cloud computing 2. Big data 3. The Internet of things 4. Mobile Internet 5. Brain-computer interfaces 6. Near-field communication (NFC) payments 7. Mobile robots 8. Quantum computing 9. Internet militarization/weaponization 10. Blockchain and open journaling technologies 11. Crypto Currencies A Consensus on Predictions that will Impact Cybersecurity 1. While Governments and Private Enterprise Slowly invest In Artificial Intelligence to support Cyber security, Attackers will aggressively invest in AI to aid in their attacks. 2. Growing 5G Deployment will open up a new dimension in cyber-attack surfaces A number of 5G network infrastructure deployments kicked off this year, and 2019 is shaping up to be a year of accelerating 5G activity. While it will take time for 5G networks and 5G-capable phones and other devices to become broadly deployed, growth will occur rapidly. IDG, for example, calls 2019 “a seminal year” on the 5G front, and predicts that the market for 5G and 5G-related network infrastructure will grow from approximately $528 million in 2018 to $26 billion in 2022, exhibiting a compound annual growth rate of 118 percent. Over time, more 5G IoT devices will connect directly to the 5G network rather than via a Wi-Fi router. This trend will make those devices more vulnerable to direct attack. For home users, it will also make it more difficult to monitor all IoT devices since they bypass a central router. More broadly, the ability to back-up or transmit massive volumes of data easily to cloud-based storage will give attackers rich new targets to breach. 3. IoT-Based Events Will Move Beyond Massive DDoS Assaults to New, More Dangerous Forms of Attack 4. Attackers will increasingly Capture Data in Transit In 2019 and beyond, we can expect increasing attempts to gain access to home routers and other IoT hubs to capture some of the data passing through them. Malware inserted into such a router could, for example, steal banking credentials, capture credit card numbers, or display spoofed, malicious web pages to the user to compromise confidential information.
5. The Supply Chain will Become (more than it already has) an Attack Target An increasingly common target of attackers is the software supply chain, with attackers implanting malware into otherwise legitimate software packages at its usual distribution location. Such attacks could occur during production at the software vendor or at a third-party supplier. The typical attack scenario involves the attacker replacing a legitimate software update with a malicious version in order to distribute it quickly and surreptitiously to intended targets. Any user receiving the software update will automatically have their computer infected, giving the attacker a foothold in their environment. These types of attacks are increasing in volume and sophistication and we could see attempts to infect the hardware supply chain in the future. For example, an attacker could compromise or alter a chip or add source code to the firmware of the UEFI/BIOS before such components are shipped out to millions of computers. Such threats would be very difficult to remove, likely persisting even after an impacted computer is rebooted or the hard disk is reformatted. 6. Growing Security and Privacy Concerns Will Drive Increased Legislative and Regulatory Activity The European Union’s mid-2018 implementation of the General Data Protection Regulation (GDPR) will likely prove to be just a precursor to various security and privacy initiatives in countries outside the European Union. Canada has already enforced GDPR-like legislation, and Brazil recently passed new privacy legislation similar to GDPR, due to enter into force in 2020. Singapore and India are consulting to adopt breach notification regimes, while Australia has already adopted different notification timelines compared to GDPR. Multiple other countries across the globe have adequacy or are negotiating GDPR adequacy. In the U.S., soon after GDPR arrived, California passed a privacy law considered to be the toughest in the United States to date. We anticipate the full impact of GDPR to become clearer across the globe during the coming year. At the U.S. federal level, Congress is already wading deeper into security and privacy waters. Such legislation is likely to gain more traction and may materialize in the coming year. Inevitably, there will be a continued and increased focus on election system security as the U.S. 2020 presidential campaign gets underway. While we’re almost certain to see upticks in legislative and regulatory actions to address security and privacy needs, there is a potential for some requirements to prove more counterproductive than helpful. For example, overly broad regulations might prohibit security companies from sharing even generic information in their efforts to identify and counter attacks. If poorly conceived, security and privacy regulations could create new vulnerabilities even as they close others. CONCLUSION There are cries to regulate the disruptive tech giants to include Google, Amazon, Twitter and Facebook. Not only are their business models being scrutinized but the pervasiveness of their
emerging connected environments (auto driving vehicles; artificial intelligence; Internet of Things; telecommunications and more!) challenges the idea of effective self-regulation. Not to make a political statement but, in this next two years under an administration bent on Deregulation (as we have seen with many consumer protection laws; environmental and financial services regulation) and with partisan divisions, we are less likely to see any major sweeping national regulations get through Congress. This will mean that the individual States (as we are seeing with California, New York and Maryland) will drive more regulating strategies. Final thoughts Perhaps redundantly, it has to be stressed that cybersecurity should not and cannot be driven by regulation. Regulatory relief comes too late. The drivers of innovation and inventiveness come from business drivers and the strong desire to “be first!” in a competitive society.

Recommended

Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3Joe Orlando
 
NIST Cybersecurity Requirements for Government Contractors
NIST Cybersecurity Requirements for Government ContractorsNIST Cybersecurity Requirements for Government Contractors
NIST Cybersecurity Requirements for Government ContractorsUnanet
 
INFOMAGAZINE 8 by REAL security
INFOMAGAZINE 8 by REAL securityINFOMAGAZINE 8 by REAL security
INFOMAGAZINE 8 by REAL securitySamo Zavašnik
 
The Cybersecurity Executive Order
The Cybersecurity Executive OrderThe Cybersecurity Executive Order
The Cybersecurity Executive OrderBooz Allen Hamilton
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianPECB
 
IMC 618 - Public Relations Campaign
IMC 618 - Public Relations CampaignIMC 618 - Public Relations Campaign
IMC 618 - Public Relations CampaignStephanie Holman
 
ARTICLE 4/27/12
ARTICLE 4/27/12ARTICLE 4/27/12
ARTICLE 4/27/12freeantivirusdownload
 
The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know About
The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know AboutThe 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know About
The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know AboutBernard Marr
 

Recommended

Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3Joe Orlando
 
NIST Cybersecurity Requirements for Government Contractors
NIST Cybersecurity Requirements for Government ContractorsNIST Cybersecurity Requirements for Government Contractors
NIST Cybersecurity Requirements for Government ContractorsUnanet
 
INFOMAGAZINE 8 by REAL security
INFOMAGAZINE 8 by REAL securityINFOMAGAZINE 8 by REAL security
INFOMAGAZINE 8 by REAL securitySamo Zavašnik
 
The Cybersecurity Executive Order
The Cybersecurity Executive OrderThe Cybersecurity Executive Order
The Cybersecurity Executive OrderBooz Allen Hamilton
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianPECB
 
IMC 618 - Public Relations Campaign
IMC 618 - Public Relations CampaignIMC 618 - Public Relations Campaign
IMC 618 - Public Relations CampaignStephanie Holman
 
ARTICLE 4/27/12
ARTICLE 4/27/12ARTICLE 4/27/12
ARTICLE 4/27/12freeantivirusdownload
 
The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know About
The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know AboutThe 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know About
The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know AboutBernard Marr
 
Is Ukraine safe for software development outsourcing?
Is Ukraine safe for software development outsourcing? Is Ukraine safe for software development outsourcing?
Is Ukraine safe for software development outsourcing? N-iX
 
The digital economy and cybersecurity
The digital economy and cybersecurityThe digital economy and cybersecurity
The digital economy and cybersecurityMark Albala
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudITDogadjaji.com
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software developmentMuhammadArif823
 
Frukostseminarium om molntjänster
Frukostseminarium om molntjänsterFrukostseminarium om molntjänster
Frukostseminarium om molntjänsterTranscendent Group
 
How to protect privacy sensitive data that is collected to control the corona...
How to protect privacy sensitive data that is collected to control the corona...How to protect privacy sensitive data that is collected to control the corona...
How to protect privacy sensitive data that is collected to control the corona...Ulf Mattsson
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningUlf Mattsson
 
B susser researchpaper (3)
B susser researchpaper (3)B susser researchpaper (3)
B susser researchpaper (3)Bradley Susser
 
The Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowSymantec
 
Chinese attack on USIS exploiting SAP vulnerability. Detailed review and comm...
Chinese attack on USIS exploiting SAP vulnerability. Detailed review and comm...Chinese attack on USIS exploiting SAP vulnerability. Detailed review and comm...
Chinese attack on USIS exploiting SAP vulnerability. Detailed review and comm...ERPScan
 
Advanced PII / PI data discovery and data protection
Advanced PII / PI data discovery and data protectionAdvanced PII / PI data discovery and data protection
Advanced PII / PI data discovery and data protectionUlf Mattsson
 
Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...
Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...
Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...IDERA Software
 
As telcos go digital, cybersecurity risks intensify by pwc
As telcos go digital, cybersecurity risks intensify by pwcAs telcos go digital, cybersecurity risks intensify by pwc
As telcos go digital, cybersecurity risks intensify by pwcMert Akın
 
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceCyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceStatewide Insurance Brokers
 
Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?PECB
 
Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilityDFickett
 
Global Threats| Cybersecurity|
Global Threats| Cybersecurity| Global Threats| Cybersecurity|
Global Threats| Cybersecurity| paul young cpa, cga
 
New regulations and the evolving cybersecurity technology landscape
New regulations and the evolving cybersecurity technology landscapeNew regulations and the evolving cybersecurity technology landscape
New regulations and the evolving cybersecurity technology landscapeUlf Mattsson
 
Cybersecurity 101: Government Contracts
Cybersecurity 101: Government ContractsCybersecurity 101: Government Contracts
Cybersecurity 101: Government ContractsPatton Boggs LLP
 
What's new with Cybersecurity in Singapore?
What's new with Cybersecurity in Singapore? What's new with Cybersecurity in Singapore?
What's new with Cybersecurity in Singapore? Abraham Vergis
 
Project 2020 Scenarios for the Future of.docx
Project 2020 Scenarios for the Future of.docxProject 2020 Scenarios for the Future of.docx
Project 2020 Scenarios for the Future of.docxbriancrawford30935
 
DATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPERDATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPERYashiVaidya
 

More Related Content

What's hot

Is Ukraine safe for software development outsourcing?
Is Ukraine safe for software development outsourcing? Is Ukraine safe for software development outsourcing?
Is Ukraine safe for software development outsourcing? N-iX
 
The digital economy and cybersecurity
The digital economy and cybersecurityThe digital economy and cybersecurity
The digital economy and cybersecurityMark Albala
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudITDogadjaji.com
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software developmentMuhammadArif823
 
Frukostseminarium om molntjänster
Frukostseminarium om molntjänsterFrukostseminarium om molntjänster
Frukostseminarium om molntjänsterTranscendent Group
 
How to protect privacy sensitive data that is collected to control the corona...
How to protect privacy sensitive data that is collected to control the corona...How to protect privacy sensitive data that is collected to control the corona...
How to protect privacy sensitive data that is collected to control the corona...Ulf Mattsson
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningUlf Mattsson
 
B susser researchpaper (3)
B susser researchpaper (3)B susser researchpaper (3)
B susser researchpaper (3)Bradley Susser
 
The Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowSymantec
 
Chinese attack on USIS exploiting SAP vulnerability. Detailed review and comm...
Chinese attack on USIS exploiting SAP vulnerability. Detailed review and comm...Chinese attack on USIS exploiting SAP vulnerability. Detailed review and comm...
Chinese attack on USIS exploiting SAP vulnerability. Detailed review and comm...ERPScan
 
Advanced PII / PI data discovery and data protection
Advanced PII / PI data discovery and data protectionAdvanced PII / PI data discovery and data protection
Advanced PII / PI data discovery and data protectionUlf Mattsson
 
Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...
Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...
Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...IDERA Software
 
As telcos go digital, cybersecurity risks intensify by pwc
As telcos go digital, cybersecurity risks intensify by pwcAs telcos go digital, cybersecurity risks intensify by pwc
As telcos go digital, cybersecurity risks intensify by pwcMert Akın
 
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceCyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceStatewide Insurance Brokers
 
Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?PECB
 
Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilityDFickett
 
New regulations and the evolving cybersecurity technology landscape
New regulations and the evolving cybersecurity technology landscapeNew regulations and the evolving cybersecurity technology landscape
New regulations and the evolving cybersecurity technology landscapeUlf Mattsson
 
Cybersecurity 101: Government Contracts
Cybersecurity 101: Government ContractsCybersecurity 101: Government Contracts
Cybersecurity 101: Government ContractsPatton Boggs LLP
 
What's new with Cybersecurity in Singapore?
What's new with Cybersecurity in Singapore? What's new with Cybersecurity in Singapore?
What's new with Cybersecurity in Singapore? Abraham Vergis
 

What's hot (20)

Is Ukraine safe for software development outsourcing?
Is Ukraine safe for software development outsourcing? Is Ukraine safe for software development outsourcing?
Is Ukraine safe for software development outsourcing?
 
The digital economy and cybersecurity
The digital economy and cybersecurityThe digital economy and cybersecurity
The digital economy and cybersecurity
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and Cloud
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software development
 
Frukostseminarium om molntjänster
Frukostseminarium om molntjänsterFrukostseminarium om molntjänster
Frukostseminarium om molntjänster
 
How to protect privacy sensitive data that is collected to control the corona...
How to protect privacy sensitive data that is collected to control the corona...How to protect privacy sensitive data that is collected to control the corona...
How to protect privacy sensitive data that is collected to control the corona...
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine Learning
 
B susser researchpaper (3)
B susser researchpaper (3)B susser researchpaper (3)
B susser researchpaper (3)
 
The Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t know
 
Chinese attack on USIS exploiting SAP vulnerability. Detailed review and comm...
Chinese attack on USIS exploiting SAP vulnerability. Detailed review and comm...Chinese attack on USIS exploiting SAP vulnerability. Detailed review and comm...
Chinese attack on USIS exploiting SAP vulnerability. Detailed review and comm...
 
Advanced PII / PI data discovery and data protection
Advanced PII / PI data discovery and data protectionAdvanced PII / PI data discovery and data protection
Advanced PII / PI data discovery and data protection
 
Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...
Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...
Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...
 
As telcos go digital, cybersecurity risks intensify by pwc
As telcos go digital, cybersecurity risks intensify by pwcAs telcos go digital, cybersecurity risks intensify by pwc
As telcos go digital, cybersecurity risks intensify by pwc
 
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceCyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
 
Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?
 
Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liability
 
Global Threats| Cybersecurity|
Global Threats| Cybersecurity| Global Threats| Cybersecurity|
Global Threats| Cybersecurity|
 
New regulations and the evolving cybersecurity technology landscape
New regulations and the evolving cybersecurity technology landscapeNew regulations and the evolving cybersecurity technology landscape
New regulations and the evolving cybersecurity technology landscape
 
Cybersecurity 101: Government Contracts
Cybersecurity 101: Government ContractsCybersecurity 101: Government Contracts
Cybersecurity 101: Government Contracts
 
What's new with Cybersecurity in Singapore?
What's new with Cybersecurity in Singapore? What's new with Cybersecurity in Singapore?
What's new with Cybersecurity in Singapore?
 

Similar to Cybersecurity regulation will be challenging

Project 2020 Scenarios for the Future of.docx
Project 2020 Scenarios for the Future of.docxProject 2020 Scenarios for the Future of.docx
Project 2020 Scenarios for the Future of.docxbriancrawford30935
 
DATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPERDATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPERYashiVaidya
 
Legal issues in technology
Legal issues in technologyLegal issues in technology
Legal issues in technologyEzraGray1
 
Managing Consumer Data Privacy
Managing Consumer Data PrivacyManaging Consumer Data Privacy
Managing Consumer Data PrivacyGigya
 
7 Cybersecurity Statistics You Need to Know in 2023.pptx
7 Cybersecurity Statistics You Need to Know in 2023.pptx7 Cybersecurity Statistics You Need to Know in 2023.pptx
7 Cybersecurity Statistics You Need to Know in 2023.pptxIT Company Dubai
 
Intrusion Detection System Market Outlook.docx
Intrusion Detection System Market Outlook.docxIntrusion Detection System Market Outlook.docx
Intrusion Detection System Market Outlook.docxsonubot1
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecuritySpark Security
 
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistTop 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistMatthew Rosenquist
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guideAdilsonSuende
 
Insecure magazine - 51
Insecure magazine - 51Insecure magazine - 51
Insecure magazine - 51Felipe Prado
 
Guideline Thailand Cybersecure Strate Digital Economy
Guideline Thailand Cybersecure Strate Digital EconomyGuideline Thailand Cybersecure Strate Digital Economy
Guideline Thailand Cybersecure Strate Digital EconomySettapong_CyberSecurity
 
Discussion Questions The difficulty in predicting the future is .docx
Discussion Questions The difficulty in predicting the future is .docxDiscussion Questions The difficulty in predicting the future is .docx
Discussion Questions The difficulty in predicting the future is .docxduketjoy27252
 
Digital Forensics Market, Size, Global Forecast 2023-2028
Digital Forensics Market, Size, Global Forecast 2023-2028Digital Forensics Market, Size, Global Forecast 2023-2028
Digital Forensics Market, Size, Global Forecast 2023-2028Renub Research
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCybAnastaciaShadelb
 
White Paper: IoT Security – Protecting the Networked Society
White Paper: IoT Security – Protecting the Networked SocietyWhite Paper: IoT Security – Protecting the Networked Society
White Paper: IoT Security – Protecting the Networked SocietyEricsson
 
5G-and-IoT-vs-cyber-security.pdf internet
5G-and-IoT-vs-cyber-security.pdf internet5G-and-IoT-vs-cyber-security.pdf internet
5G-and-IoT-vs-cyber-security.pdf internetsuperintendingengine17
 

Similar to Cybersecurity regulation will be challenging (20)

Project 2020 Scenarios for the Future of.docx
Project 2020 Scenarios for the Future of.docxProject 2020 Scenarios for the Future of.docx
Project 2020 Scenarios for the Future of.docx
 
DATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPERDATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPER
 
Legal issues in technology
Legal issues in technologyLegal issues in technology
Legal issues in technology
 
Apt 510 slideshare
Apt 510 slideshareApt 510 slideshare
Apt 510 slideshare
 
Managing Consumer Data Privacy
Managing Consumer Data PrivacyManaging Consumer Data Privacy
Managing Consumer Data Privacy
 
7 Cybersecurity Statistics You Need to Know in 2023.pptx
7 Cybersecurity Statistics You Need to Know in 2023.pptx7 Cybersecurity Statistics You Need to Know in 2023.pptx
7 Cybersecurity Statistics You Need to Know in 2023.pptx
 
IT Security Trends in 2012
IT Security Trends in 2012IT Security Trends in 2012
IT Security Trends in 2012
 
Intrusion Detection System Market Outlook.docx
Intrusion Detection System Market Outlook.docxIntrusion Detection System Market Outlook.docx
Intrusion Detection System Market Outlook.docx
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for Cybersecurity
 
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistTop 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
 
Insecure magazine - 51
Insecure magazine - 51Insecure magazine - 51
Insecure magazine - 51
 
Guideline Thailand Cybersecure Strate Digital Economy
Guideline Thailand Cybersecure Strate Digital EconomyGuideline Thailand Cybersecure Strate Digital Economy
Guideline Thailand Cybersecure Strate Digital Economy
 
Discussion Questions The difficulty in predicting the future is .docx
Discussion Questions The difficulty in predicting the future is .docxDiscussion Questions The difficulty in predicting the future is .docx
Discussion Questions The difficulty in predicting the future is .docx
 
July 2010 Cover Story
July 2010 Cover StoryJuly 2010 Cover Story
July 2010 Cover Story
 
Digital Forensics Market, Size, Global Forecast 2023-2028
Digital Forensics Market, Size, Global Forecast 2023-2028Digital Forensics Market, Size, Global Forecast 2023-2028
Digital Forensics Market, Size, Global Forecast 2023-2028
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
 
White Paper: IoT Security – Protecting the Networked Society
White Paper: IoT Security – Protecting the Networked SocietyWhite Paper: IoT Security – Protecting the Networked Society
White Paper: IoT Security – Protecting the Networked Society
 
5G-and-IoT-vs-cyber-security.pdf internet
5G-and-IoT-vs-cyber-security.pdf internet5G-and-IoT-vs-cyber-security.pdf internet
5G-and-IoT-vs-cyber-security.pdf internet
 

More from Joe Orlando

Creating brand advocates
Creating brand advocatesCreating brand advocates
Creating brand advocatesJoe Orlando
 
Digital marketing strategy presentation [autosaved]
Digital marketing strategy presentation [autosaved]Digital marketing strategy presentation [autosaved]
Digital marketing strategy presentation [autosaved]Joe Orlando
 
Digital marketing solutions summary
Digital marketing solutions summaryDigital marketing solutions summary
Digital marketing solutions summaryJoe Orlando
 
Products dont sell themselves excerpt
Products dont sell themselves excerptProducts dont sell themselves excerpt
Products dont sell themselves excerptJoe Orlando
 
Ignore customers at your own peril
Ignore customers at your own perilIgnore customers at your own peril
Ignore customers at your own perilJoe Orlando
 
3rd party considerations gdpr
3rd party considerations gdpr3rd party considerations gdpr
3rd party considerations gdprJoe Orlando
 
General Data Protection Regulation kick off
General Data Protection Regulation kick offGeneral Data Protection Regulation kick off
General Data Protection Regulation kick offJoe Orlando
 
Protecting pii and phi exec summary
Protecting pii and phi exec summaryProtecting pii and phi exec summary
Protecting pii and phi exec summaryJoe Orlando
 
3rd party considerations Under GDPR and Privacy Laws
3rd party considerations Under GDPR and Privacy Laws3rd party considerations Under GDPR and Privacy Laws
3rd party considerations Under GDPR and Privacy LawsJoe Orlando
 
OUTSTANDING OUTSOURCING - Checklist
OUTSTANDING OUTSOURCING - ChecklistOUTSTANDING OUTSOURCING - Checklist
OUTSTANDING OUTSOURCING - ChecklistJoe Orlando
 
How can we innovate?
How can we innovate?How can we innovate?
How can we innovate?Joe Orlando
 
Creating value by getting rid of it
Creating value by getting rid of itCreating value by getting rid of it
Creating value by getting rid of itJoe Orlando
 
Creating Brand Advocates
Creating Brand AdvocatesCreating Brand Advocates
Creating Brand AdvocatesJoe Orlando
 

More from Joe Orlando (13)

Creating brand advocates
Creating brand advocatesCreating brand advocates
Creating brand advocates
 
Digital marketing strategy presentation [autosaved]
Digital marketing strategy presentation [autosaved]Digital marketing strategy presentation [autosaved]
Digital marketing strategy presentation [autosaved]
 
Digital marketing solutions summary
Digital marketing solutions summaryDigital marketing solutions summary
Digital marketing solutions summary
 
Products dont sell themselves excerpt
Products dont sell themselves excerptProducts dont sell themselves excerpt
Products dont sell themselves excerpt
 
Ignore customers at your own peril
Ignore customers at your own perilIgnore customers at your own peril
Ignore customers at your own peril
 
3rd party considerations gdpr
3rd party considerations gdpr3rd party considerations gdpr
3rd party considerations gdpr
 
General Data Protection Regulation kick off
General Data Protection Regulation kick offGeneral Data Protection Regulation kick off
General Data Protection Regulation kick off
 
Protecting pii and phi exec summary
Protecting pii and phi exec summaryProtecting pii and phi exec summary
Protecting pii and phi exec summary
 
3rd party considerations Under GDPR and Privacy Laws
3rd party considerations Under GDPR and Privacy Laws3rd party considerations Under GDPR and Privacy Laws
3rd party considerations Under GDPR and Privacy Laws
 
OUTSTANDING OUTSOURCING - Checklist
OUTSTANDING OUTSOURCING - ChecklistOUTSTANDING OUTSOURCING - Checklist
OUTSTANDING OUTSOURCING - Checklist
 
How can we innovate?
How can we innovate?How can we innovate?
How can we innovate?
 
Creating value by getting rid of it
Creating value by getting rid of itCreating value by getting rid of it
Creating value by getting rid of it
 
Creating Brand Advocates
Creating Brand AdvocatesCreating Brand Advocates
Creating Brand Advocates
 

Recently uploaded

如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书SD DS
 
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书Fs Las
 
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书SD DS
 
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书Fir L
 
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一st Las
 
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书SD DS
 
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书Fir L
 
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书SD DS
 
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书SD DS
 
John Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix
 
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书FS LS
 
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...Dr. Oliver Massmann
 
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceLaw360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceMichael Cicero
 
如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书
如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书
如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书SD DS
 
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书 如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书Sir Lt
 
Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...shubhuc963
 
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》o8wvnojp
 
如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书 如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书Fir sss
 

Recently uploaded (20)

如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书
 
young Call Girls in Pusa Road🔝 9953330565 🔝 escort Service
young Call Girls in Pusa Road🔝 9953330565 🔝 escort Serviceyoung Call Girls in Pusa Road🔝 9953330565 🔝 escort Service
young Call Girls in Pusa Road🔝 9953330565 🔝 escort Service
 
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
 
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
 
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
 
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
 
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
 
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
 
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
 
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
 
John Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A History
 
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
 
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
 
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceLaw360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
 
Russian Call Girls Service Gomti Nagar \ 9548273370 Indian Call Girls Service...
Russian Call Girls Service Gomti Nagar \ 9548273370 Indian Call Girls Service...Russian Call Girls Service Gomti Nagar \ 9548273370 Indian Call Girls Service...
Russian Call Girls Service Gomti Nagar \ 9548273370 Indian Call Girls Service...
 
如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书
如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书
如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书
 
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书 如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
 
Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...
 
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
 
如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书 如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书
 

Cybersecurity regulation will be challenging

  • 1. Cybersecurity Regulation Will Be Challenging Summary Due to the volatility, force and pace with which technological innovation is moving through the global economy, cyber risk has become the biggest contemporary threat to all actors, especially private enterprise. Taking a regulatory perspective must be a key part of any overall successful strategy. However, as regulations are growing increasingly complex, doing the minimum in compliance is not enough anymore. It is evident, more and more, governments and customers will view a provider’s security posture less from a compliance perspective and more as a competitive differentiator. A provider of products and services will have to consider compliance simply as the ante to earn the right to compete in the marketplace. Drivers for regulations are most abundant in Financial Services; Healthcare; Telecommunications; Critical Infrastructure and Government systems. Despite high profile breaches — from Target to Yahoo — legislation to toughen data protection standards hasn't gained traction, but it's not for lack of an effort. A search for "cyber security" yields 141 pieces of legislation — including bills and amendments — that have gone before the 115th Congress with those words in the title or body and cover a variety of areas. Given the current focus of the Administration to “deregulate” and a partisan Congress, it is less likely that sweeping national new regulation will be realized over the next two years. This means that the States (like what we are seeing from California, Maryland and New York) will be driving a great deal of the regulatory changes. It is more than fair to say that regulation alone does not make any system more secure. Coming to terms on consistent metrics will be key. One cannot manage what one cannot measure.
  • 2. The Challenge in Cybersecurity Regulation Cybersecurity is a fast-morphing mix of adapting new behaviors in people to new ways of doing things and with even newer technologies. This means that making any assumptions about what regulations will be needed six days; six weeks; and six months from now is more than problematic. Most legislation is initiated well after the fact and driven by a wave of litigation and special interest lobbying. Meaningful cyber warfare requires a more expeditious approach. To regulate something, you must know all the players; the expected and desired actions of each of the players and the mutually agreed upon desired outcome. To leverage the sports metaphor, we know the right number of players in the game; their positions relative to one another and what it means to score a point. In the cyber world, we can’t know all the players; we cannot predict “how” they will arrive to play; whether they come to “score points” or to simply disrupt the game; and the rules, as outlined, are merely guideposts for what to avoid. And, currently, only one team plays offense and the other defense, throughout the competition. This game never ends. In order for citizens, governments, and industries to be able to begin to effectively regulate cybersecurity, we must find a common definition of terms; a comprehensive series of meaningful metrics; a consensus on approach; a consistent application across geographies; a constructive incentive scheme and a crushing global deterrent. The current internet infrastructure and regulatory frameworks are poorly tailored to keep pace with the evolution of the internet and the digital realm in general. A very significant number of NIST publications are in the process of being revised, rewritten and/or retired based on the introduction of new technologies and the obsolescence of others…and most of these publications were mostly written since in this millennia. NIST Special Publication 800-53 Rev. 1 was published in 2008. Therefore, a majority severely lag behind present technology and threat level awareness. This is because the internet infrastructure was not designed to cope with present data quantities and the myriad of actors challenging the very scope and content of it. Cyber security legislation and compliance – if come into force – is ever-shifting. Consequently, it is crucially important that companies anticipate tomorrow‘s regulatory environment. In particular, when they are active in multiple jurisdictions, it is fundamental to systematically track evolving laws and regulations in order to be able to respond to legal and political challenges on time. To Anticipate What Will Need Regulating Regulations become dated the moment they are placed into effect. Trying to anticipate where regulation will be needed can be driven by what trends in technologies we can forecast.
  • 3. These trends bring together technologies with the potential to initiate lasting transformation in the digital ecosystem, which we define as all of the infrastructure, software applications, content, and the social practices that determine how the ecosystem is used. The largest trends are as follows: 1. Cloud computing 2. Big data 3. The Internet of things 4. Mobile Internet 5. Brain-computer interfaces 6. Near-field communication (NFC) payments 7. Mobile robots 8. Quantum computing 9. Internet militarization/weaponization 10. Blockchain and open journaling technologies 11. Crypto Currencies A Consensus on Predictions that will Impact Cybersecurity 1. While Governments and Private Enterprise Slowly invest In Artificial Intelligence to support Cyber security, Attackers will aggressively invest in AI to aid in their attacks. 2. Growing 5G Deployment will open up a new dimension in cyber-attack surfaces A number of 5G network infrastructure deployments kicked off this year, and 2019 is shaping up to be a year of accelerating 5G activity. While it will take time for 5G networks and 5G-capable phones and other devices to become broadly deployed, growth will occur rapidly. IDG, for example, calls 2019 “a seminal year” on the 5G front, and predicts that the market for 5G and 5G-related network infrastructure will grow from approximately $528 million in 2018 to $26 billion in 2022, exhibiting a compound annual growth rate of 118 percent. Over time, more 5G IoT devices will connect directly to the 5G network rather than via a Wi-Fi router. This trend will make those devices more vulnerable to direct attack. For home users, it will also make it more difficult to monitor all IoT devices since they bypass a central router. More broadly, the ability to back-up or transmit massive volumes of data easily to cloud-based storage will give attackers rich new targets to breach. 3. IoT-Based Events Will Move Beyond Massive DDoS Assaults to New, More Dangerous Forms of Attack 4. Attackers will increasingly Capture Data in Transit In 2019 and beyond, we can expect increasing attempts to gain access to home routers and other IoT hubs to capture some of the data passing through them. Malware inserted into such a router could, for example, steal banking credentials, capture credit card numbers, or display spoofed, malicious web pages to the user to compromise confidential information.
  • 4. 5. The Supply Chain will Become (more than it already has) an Attack Target An increasingly common target of attackers is the software supply chain, with attackers implanting malware into otherwise legitimate software packages at its usual distribution location. Such attacks could occur during production at the software vendor or at a third-party supplier. The typical attack scenario involves the attacker replacing a legitimate software update with a malicious version in order to distribute it quickly and surreptitiously to intended targets. Any user receiving the software update will automatically have their computer infected, giving the attacker a foothold in their environment. These types of attacks are increasing in volume and sophistication and we could see attempts to infect the hardware supply chain in the future. For example, an attacker could compromise or alter a chip or add source code to the firmware of the UEFI/BIOS before such components are shipped out to millions of computers. Such threats would be very difficult to remove, likely persisting even after an impacted computer is rebooted or the hard disk is reformatted. 6. Growing Security and Privacy Concerns Will Drive Increased Legislative and Regulatory Activity The European Union’s mid-2018 implementation of the General Data Protection Regulation (GDPR) will likely prove to be just a precursor to various security and privacy initiatives in countries outside the European Union. Canada has already enforced GDPR-like legislation, and Brazil recently passed new privacy legislation similar to GDPR, due to enter into force in 2020. Singapore and India are consulting to adopt breach notification regimes, while Australia has already adopted different notification timelines compared to GDPR. Multiple other countries across the globe have adequacy or are negotiating GDPR adequacy. In the U.S., soon after GDPR arrived, California passed a privacy law considered to be the toughest in the United States to date. We anticipate the full impact of GDPR to become clearer across the globe during the coming year. At the U.S. federal level, Congress is already wading deeper into security and privacy waters. Such legislation is likely to gain more traction and may materialize in the coming year. Inevitably, there will be a continued and increased focus on election system security as the U.S. 2020 presidential campaign gets underway. While we’re almost certain to see upticks in legislative and regulatory actions to address security and privacy needs, there is a potential for some requirements to prove more counterproductive than helpful. For example, overly broad regulations might prohibit security companies from sharing even generic information in their efforts to identify and counter attacks. If poorly conceived, security and privacy regulations could create new vulnerabilities even as they close others. CONCLUSION There are cries to regulate the disruptive tech giants to include Google, Amazon, Twitter and Facebook. Not only are their business models being scrutinized but the pervasiveness of their
  • 5. emerging connected environments (auto driving vehicles; artificial intelligence; Internet of Things; telecommunications and more!) challenges the idea of effective self-regulation. Not to make a political statement but, in this next two years under an administration bent on Deregulation (as we have seen with many consumer protection laws; environmental and financial services regulation) and with partisan divisions, we are less likely to see any major sweeping national regulations get through Congress. This will mean that the individual States (as we are seeing with California, New York and Maryland) will drive more regulating strategies. Final thoughts Perhaps redundantly, it has to be stressed that cybersecurity should not and cannot be driven by regulation. Regulatory relief comes too late. The drivers of innovation and inventiveness come from business drivers and the strong desire to “be first!” in a competitive society.