(ISC)² and the Royal United Services Institute (RUSI) have released a new research report titled ‘Global Approaches to Cyber Policy, Legislation and Regulation’. The report finds that, as cyber security policies and regulations evolve rapidly around the world, greater standardization and collaboration is necessary to ensure stronger and more resilient frameworks to support shared learning and best practices.
The report reviews cyber security legislation and regulation within Canada, the European Union, Japan, Singapore, the United Kingdom and the United States, identifying various challenges shaping cyber policy. These issues include the shortage of skilled cyber security professionals, the complexities of the critical national infrastructure (CNI), and international cooperation on norm development for cyberspace.
By bringing together insights from different jurisdictions and stakeholders, the report shows the importance of cooperation between private and public stakeholders and that policy makers increasingly seek harmonization of cyber policy.
"While the report identifies a number of trends in the cyber policy landscape, the increasing reliance on binding cyber security obligations for the critical national infrastructure sectors and beyond stand out, but the obligations different jurisdictions impose to increase cyber resilience vary," said Pia Hüsch, Research Analyst for Cyber, Technology and National Security at RUSI. "The report therefore draws crucial attention to the need to better understand which policies are effective in increasing cyber resilience and how they impact businesses and the cyber workforce implementing them."
"Policymakers must take a proactive, rather than reactive, approach toward cyber security policy and collaborate across borders, industries and sectors to establish common standards, protocols and best practices," said Clar Rosso, CEO of (ISC)². "Findings from this report provide valuable insight into top legislative and regulatory priorities, which emphasizes the need for greater harmonization between policymakers, cyber security professionals and other stakeholders to improve cyber resilience and address pressing cyber security challenges in 2023 and beyond. To protect our national security, economies, critical infrastructure, and the data and privacy of our citizens, we need consistent, strong, forward-looking and joined up policies that enable cyber security professionals around the world to stay laser-focused on the most critical aspects of their jobs."
The report delves into several other key headlines, including:
- More regulations are coming; organizations must prepare now – not later.
- No country or government is immune to the cyber security skills and workforce gap.
- Global standardization is critical, and full international cooperation is needed, to protect and uphold ethical principles and standards.
- Fortifying critical infrastructure is a top priority for all jurisdictions — especially with more interconnectedness and ‘state lines’ blurring.
- Collective defense / defence is needed between the public and private sectors and across jurisdictions to support norm development.