Regulations Impacting Digital Security in Global Context
Discover how regulations around the world, from the US to the EU and the United Nations, are shaping the landscape of digital security. Explore the fragmented nature of US security regulations, the stringent requirements of the EU GDPR, and the upcoming UN regulations on vehicle cybersecurity. Learn which countries have signed on to these regulations and their timelines for implementation.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
Software Security WORLD VIEW
US Security regulation Fragmented with a few exception HIPAA Heath Insurance Portability and Accountability Act Initially meant for digital data exchange FISMA, which applies to every government agency, "requires the development and implementation of mandatory policies, principles, standards, and guidelines on information security." However, the regulations do not address numerous computer-related industries, such as Internet Service Providers (ISPs) and software companies Requirements are vague e.g. reasonable level of security
US (2) National Institute of Standards and Technology Special Publication 800-171. Regulations around services and data provided to government contracts Often part of government contracts/ bids But nothing in terms of minimum standards for commercial products
EU Three major regulations within the EU include the ENISA, the NIS Directive and the EU GDPR. They are part of the Digital Single Market strategy. GDPR Consent plays a major role in the GDPR. Companies that hold data in regards to EU citizens must now also offer to them the right to back out of sharing data just as easily as when they consented to sharing data GDPR also restricts the transfer of a citizen's data outside of the EU
United Nations The two new UN Regulations, adopted by UNECE s World Forum for Harmonization of Vehicle Regulations, require that measures be implemented across 4 distinct disciplines: Managing vehicle cyber risks; Securing vehicles by design to mitigate risks along the value chain; Detecting and responding to security incidents across vehicle fleet; Providing safe and secure software updates and ensuring vehicle safety is not compromised, introducing a legal basis for so-called Over-the-Air (O.T.A.) updates to on- board vehicle software. The regulations will apply to passenger cars, vans, trucks and buses. They will enter into force in January 2021. UN Regulations on Cybersecurity and Software Updates to pave the way for mass roll out of connected vehicles | UNECE
Who has signed on? Japan has indicated that it plans to apply these regulations upon entry into force. The Republic of Korea has adopted a stepwise approach, introducing the provisions of the regulation on Cybersecurity in a national guideline in the second half of 2020, and proceeding with the implementation of the regulation in a second step. In the European Union, the new regulation on cyber security will be mandatory for all new vehicle types from July 2022 and will become mandatory for all new vehicles produced from July 2024.
Borders dont exist Fragmented and complex regulations Cyber adversaries do not stop at countries borders, nor do they comply with different jurisdictions. Organizations, meanwhile, must navigate both a growing number and increasingly complex system of regulations and rules, such as the General Data Protection Regulation the California Consumer Privacy Act the Cybersecurity Law of the People's Republic of China and many others worldwide.
New challenges It s a remote world These are the top cybersecurity challenges of 2021 | World Economic Forum (weforum.org)
No one is an island Dependence on other parties Organizations operate in an ecosystem that is likely more extensive and less certain than many may recognize. Connected devices are expected to reach 27 billion by 2021 globally, driven by trends such as the rise of 5G, the internet of things and smart systems. In addition, the boom in remote work that began with the pandemic is expected to continue for many. The concentration of a few technology providers globally provides many entry points for cyber criminals throughout the digital supply chain. The ecosystem is only as strong as its weakest link. The recent attacks against FireEye and SolarWinds highlight the sensitivity of supply chain issues and dependence on providers of IT functionality and services.
Other challenges Lack of cybersecurity expertise - Ransomware is the fastest-growing cybercrime - Organizational priorities should include a proactive plan for each business to build and maintain its own cybersecurity workforce. Difficulty tracking cyber criminals Being a cyber criminal offers big rewards and few risks since, until recently, the likelihood of detection and prosecution of a cybercriminal was estimated to be as low as 0.05% in the US.
Conclusion Software and security are inextricably linked We are only at the beginning of this journey A well informed public is our greatest asset But is also one of our biggest challenges A knowledgeable workforce is a critical enabler to security (that is you!)
