In the rush to remote-working caused by the Covid-19 pandemic, many companies did not have time to worry about an alternative to virtual private networks (VPNs). The need to get employees working remotely in a hurry, coupled with the risk the naiveté of those employees posed, could mean fears about VPNs turn out to be justified. If a trusted user turns out to be a malicious user with stolen credentials gained in a phishing attack on a remote-worker, the organisation could face serious consequences.
Listed below are the key regulatory trends impacting the cybersecurity in defence theme, as identified by GlobalData.
California’s own General Data Protection Regulation (GDPR)
The May 2018 introduction of Europe’s GDPR has proved to be a worldwide catalyst for data protection regulation. From 1 January 2020, Californian consumers, vendors, and foreign companies selling into the state have to respect the new California Consumer Privacy Act (CCPA). The act has teeth, and its introduction will be monitored closely by tech companies operating in Silicon Valley.
The UK’s new cyber strategy
The UK government is reviewing its national cybersecurity strategy ahead of the creation of a new plan. A key focus of the current plan is ensuring all organisations in the UK are effectively managing their cyber risk so that the UK economy is safe, secure, and prosperous.
A Department for Culture, Media, and Sport (DCMS) Regulation and Incentives Review in 2016 concluded that GDPR and the European Directive on Security of Network and Information Systems (NIS Directive) had the potential to drive improved cybersecurity behaviours. DCMS is also reviewing which incentives or regulations would most effectively support the economy without placing unnecessary burden on organisations managing cyber risk.
US federal plan will drive more government cyber spending
A bipartisan commission charged with recommending a reorganisation of the US federal government’s cybersecurity operations wants to see the appointment of a national cyber director. The recommendation for the new position comes from the Cyberspace Solarium Commission, which has argued that the appointment is needed to ensure federal agencies are adequately protecting themselves against cyberattacks.
However, the White House is expected to veto the idea, having eliminated a cybersecurity coordinator position in 2018. Among its other recommendations, the Commission wants to reform the US government’s structure and organisation for cyberspace. The Commission’s recommendations are likely to lead to boost both US government cybersecurity spending and the speed at which software can be procured.
Cyber bills pass through US Congress
The US government has stepped up its legislative activity and enacted several laws to try and reduce its vulnerability to cyberattacks. Cybersecurity-related bills for Washington departments and agencies to prevent cyber breaches include the Cybersecurity Vulnerability Remediation Act, the Federal Risk Authorization and Management Program, and the 2019 IoT Cybersecurity Improvement Act.
According to a report published in June 2020 under the Federal Information Security Modernization Act of 2014, the number of cybersecurity incidents recorded at US federal agencies in 2019 was down by 8%, at 28,581. The National Aeronautics and Space Administration (NASA) had 1,468 cyber incidents in 2019, compared with 317 in 2018.
This is an edited extract from the Cybersecurity in Defense – Thematic Research report produced by GlobalData Thematic Research.