How governments around the globe are tackling data security
As Congress pushes through a new cybersecurity bill while awaiting President Trump’s cybersecurity executive order, why not take this time to look at how other governments around the world address the issue?
Every country has secrets. Every government has data or information that it cannot afford to lose or have stolen. Across the globe, the risks to each country’s data varies. Governments in global superpowers know they’re potential targets for cybercrime.
So what are they doing to defend themselves?
The United Kingdom
While the National Audit Office recently published a report condemning the poor state of general IT security across UK government departments, central government has made a bold and decisive move in forming the National Cyber Security Centre (NCSC), led by experienced security professionals. The Centre has laid out clear plans for its approach.
The government has recognized that it needs to work with industry experts and forward-looking companies to share the responsibility of keeping society safe as networks and software become the lifeblood of our critical infrastructure and daily lives.
The approach is more threat-based – analyzing the types of attacks the government might face – than “monster under the bed” scare tactics used by some security vendors.
The NCSC has also made the brave and unusual step of announcing a policy of “active defense” – in simple terms, hacking back the hackers. Active defense is controversial, especially if it is pre-emptive. But with more risk attached to network outages or data breaches, it’s increasingly being seen as a necessary weapon in the fight against cybercrime and cyber attackers.
Published last year, the NIS Directive aims to solve several of the most troubling practical issues of harmonizing the various standard of the member states. The goal is to enable an efficient and effective Europe-wide system of defense against cyber attacks. Until now, members have implemented defenses and response systems that differ in simple but inconvenient ways, such as having differing definitions of security levels, and different models for security authorities and response bodies.
The Directive also requires each member to operate a Computer Emergency Response Team (CERT) and seeks to tighten control of “essential industries,” such as power, water, transportation and big finance, to ensure they are cyber protected as they undergo digital transformation.
China’s government approved a broad new cyber-security law aimed at tightening and centralizing state control over information flows and technology equipment.
The new legislation requires agencies and enterprises to improve their ability to defend against network intrusions, and demands security reviews for equipment and data in strategic sectors. In principle this sounds sensible, but many companies have called the new legislation harmful to innovation.
As this new law won’t come into effect until June, it remains to be seen if it proves as restrictive to enterprises as some are predicting.
India has embarked on an ambitious and impressive program called “Digital India,” which seeks to get the whole country online. From accessing government services to casting a vote, all interactions with government have been pledged to be made on an easy, fast, modern, online system.
The initiative aims to create a “cradle-to-grave identity” for every citizen, allowing access to seamlessly integrated services and enabling participatory governance. The initiative also intends to solve non-governmental problems of modern digital living, such as creating private spaces in the cloud and realizing a secure system of electronic and cashless financial transactions.
The possibilities for a streamlined, contemporary democracy and digital economy are tremendous, but so are the opportunities for hackers and fraudsters. Cyberthreats are a key concern of the policymakers, government leaders and security experts working on Digital India.
Approaches to cybersecurity vary across the globe, but clear to all is the risk that cyber attackers pose to government – and sensitive citizen – data. The world is constantly changing, and recognizing when the attackers are getting ahead is going to be vital. Literally.