Public policy trends drive what will happen with future cybersecurity regulation. Matthew Rhoades, Managing Director of the Cybersecurity and Technology Program at the Aspen Institute, reviewed four current top-line trends to attendees at Cyber Security Summit 2018.
Rhoades’ list and comments:
- Data security and sensitivity is a driver in current discussions and legislation, domestically and worldwide. GDPR is a European example of a privacy regime coming to the fore. In reaching beyond the EU to set privacy standards, GDPR is establishing what may become a precedent for others to follow. It imposes strict limits on companies doing business with EU countries.
California promises to enact a data law in 2020.
Even Twitter, Google and Facebook have been hacked. Consumer privacy is driving this trend.
- Election security remains a primary concern, Rhoades noted, and likely will be the first of these four issues to be addressed. Private companies are offering pro bono services to help political campaigns remain secure. An example of this is Microsoft’s assistance to help campaigns prevent email hacking.
Congress has failed to tackle this issue, Rhoades said.
- Legal access to encrypted proprietary data. DOJ and governments in the Five Eyes compact (an intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom and the United States) want access to encrypted data owned by organizations. Private business interests do not want to surrender encrypted data.
- Deterrence with such factors as governments naming and shaming bad actors and launching indictments against them is under discussion.
Congress’s demonstrated lack of understanding of issues related to Facebook point up a knowledge gap limiting legislation, Rhoades said. Lack of knowledge slows down their ability to act.
[ Photo Credit: Bruce Silcox Photography ]