With cybersecurity policies and regulations developing at speed globally, the call for greater standardization and collaboration is necessary to ensure cybersecurity resilience and shared learning.
The increasing frequency and severity of cyber-attacks have prompted governments and regulatory bodies worldwide to take collaborative action to better protect individuals and organizations from threats. This is among the findings of a new report from ISC2 and the Royal United Services Institute (RUSI) looking at the rapid evolution of global cybersecurity policy and legislation.
The report, launched at an event held at the Houses of Parliament in London, examines cybersecurity legislation and regulation in the U.K., Canada, the E.U., Japan, Singapore and the U.S.
It identifies various challenges shaping cyber policy in these territories. These include the shortage of skilled cybersecurity professionals, the complexities of protecting and defending critical national infrastructure (CNI) and the need for greater international cooperation on cyberspace activities.
The key conclusions are that cooperation between private and public stakeholders is of paramount importance and that policy makers are increasingly working towards the harmonization of cyber policy to both simplify the landscape and achieve scale in defensive capabilities.
“We conducted this research because we know that more regulations are on the horizon, and it is essential that organizations and cybersecurity professionals are prepared,” said Clar Rosso, CEO of ISC2. “This report provides valuable insights into policies from major jurisdictions worldwide and highlights the importance of understanding and learning from each other to establish best practices.”
All Countries Face Cybersecurity Challenges
No country is immune or shielded from the growth in domestic and international cybercrime, along with nation state cyberattacks prompted by global geopolitical unrest and military action such as the conflict in Ukraine.
With demand growing and a global skills gap of 3.4 million according to ISC2 research, governments must continue developing programs and introducing legislation that address the needs of the industry at scale. This includes new initiatives around cyber literacy to integrate cybersecurity interest and best practice at an earlier age, as well as programs that encourage graduates or career changers from non-technology backgrounds to pursue careers in cybersecurity now.
The report launch cited the role of the U.K. as a world-leading destination for cybersecurity companies and a hub for skilled professionals, with an overall technology sector valued at over $1 trillion – ahead of its peers across Europe.
“The U.K. has been proactive in bringing discussions on the professionalization of cybersecurity to the fore,” Rosso added, highlighting the creation of the UK Cyber Security Council and the work of the National Cyber Security Centre (NCSC) CyberFirst program for young people as examples of how the UK is taking a leadership role in global cybersecurity skills advancement that can be replicated in other parts of the world.
Collaboration is Key to Resilience
While successes in the U.K. provide a potential model for replication, it is the success of multi-national collaboration and standardization that will ultimately have a bearing on global cybersecurity resilience and robustness. Rapidly evolving technologies such as artificial intelligence (AI), blockchain and the Internet of Things (IoT) are already transforming how we live and work, with each one becoming a node that can be attacked if not properly secured and supported. A study by Juniper Research suggests the number of autonomous IoT devices using 5G networks will reach 116 million by 2026, increasing from 17 million in 2023. This is on top of the 12 billion + active IoT devices across all networks, all representing a global challenge for businesses, network operators and governments to regulate and ensure nation state safety and the security of critical national infrastructure (CNI) and business resilience.
“The government’s first duty is the safety, security, and prosperity of the nation. Cybersecurity is a key risk and underlines the importance of maintaining our shared commitment to a safe and secure cyber world,” said Cabinet Office minister Baroness Neville-Rolfe, speaking at the launch event. “Cyber threats are growing complexity and severity, we’ve seen this manifest in attacks on digital suppliers, hospitals, oil pipelines, local authorities, schools and even the Royal Mail.”
However, the report notes that a lack of international security standards and guidelines poses significant security and safety risks for the future. To address this, regulators must take a proactive, rather than reactive, approach toward global standardization for secure technology development as well as regulation and legislation to police cybersecurity activity and attacks.
The full report can be accessed at http://www.isc2.org/Research/rusi-report.