Obstacles and Opportunities in Cybersecurity Regulation and Legislation

  • April 22, 2019
Reading Time: 3 minutes

As our world becomes increasingly dependent on the internet, more safeguards must be put in place in order to keep our information and services we rely on secure. In the last few years, we have seen an increase in regulations and legislation passed to uphold these safeguards, but it is unclear how much this has helped in thwarting attacks. Not only are we as consumers and individuals vulnerable to data breaches and cyberattacks, but our governments are at risk for cyberwarfare and potentially crippling assaults on resources and infrastructure.

Governments around the world are implementing new cybersecurity legislation, such as the NIS Directive in the EU and the Cybersecurity Act of 2015 in the US to provide more structure and protocol to cybersecurity management. Many studies have been conducted to ascertain the level of sophistication in cybersecurity that different territories around the world possess, such as the Asia-Pacific Cybersecurity Dashboard. These studies consider legislation a basic indicator of the security landscape in these territories and helps cyber legislators identify strengths and opportunities for safety improvements.

The number of new cyber laws shows the importance of implementing regulatory frameworks that protect us from a personal and business perspective. These frameworks help us to understand how to implement policy, as businesses generally don’t think much about cybersecurity unless they have to due to regulations. They also contribute to the reduction of security incidents and prevention of IT crime.

CYBERSECURITY LEGISLATION OBSTACLES

There are various cybersecurity technology obstacles in the way across territories that make the actual establishment and implementation of “global cyber legislation” no easy task. Here are just a few ways that legislation can be blocked, delayed, or become obsolete:

  • Laws surrounding cybersecurity can easily fall behind in time and context, considering that technology is advancing at such a rapid rate.
  • Technical and legal specification in varying countries make it difficult to respond to and rule on cybersecurity incidents for the industry as a whole.
  • Considering that the internet is free and has no physical borders, constitutional or legal conflicts can arise concerning the meaning and conceptions of privacy and freedom of expression.
  • There are limitations to the scope of application of some laws, most notably between public and private sectors that each face challenges of information access for use in investigations with security implications, privacy rights, and commercial interests. One such example is the well-known case between the FBI and Apple, in which a U.S. judge requested the cooperation of Apple in order to unlock the phone of a terrorist involved in an attack. However, due to user privacy rights, Apple did not condone unlocking that information.
  • There can be delays in the enactment of laws brought on by political upheaval, issues affecting local initiatives, or adherence to international agreements.
  • Attribution is always a challenge when it comes to cyberattacks. It can be extremely difficult to find out who did it or to prove who did it, which can make legislation ineffective.
  • The global nature of cybercrime makes it incredibly difficult to prosecute those involved, as it all depends on what laws the perpetrators are governed under.

Despite these obstacles, the frequency of cybersecurity laws around the world continues to rise as the number and severity of cyberattack incidents recorded worldwide does as well. Therefore, the aim is to have legal measures in place to require protection within various territories, and in a variety of industry sectors. With this goal in mind, legislators have started to consider the requirements necessary for security in their own countries first, including assessing the capacity to respond to large-scale incidents, the protection of critical infrastructure, and ability to collaborate with other countries.

ENSURING CYBERSECURITY LEGISLATION KEEPS US SAFE

While obstacles may be prevalent, there are actions we can take regardless of territory or region to ensure these laws keep us safe on the ground floor.

  • Businesses need to frequently revisit their own cyber protocols and policies to ensure they align with state and federal laws in place, while also protecting their key cyber terrain.
  • Leaders need to keep tabs on new legislative efforts to understand how new rules and laws impact them personally and professionally at their business. One of the largest costs of a cyber breach are legal expenses, which can be reduced by staying ahead of the game and mitigating risks.
  • The C-Suite must ensure the organization is abiding by new cyber laws, and that disaster recovery involving cyber threats are practiced at least annually.

Staying in tune with cyber legislation can mitigate your company’s risks before, during, and after a potential attack. There remains much to be done in this field, and as both technology and cybercrime continue to evolve, so will the legal landscape surrounding these incidences.