An Agenda for Government and Industry to Step up Their Role in Cybersecurity
19/10/2017 Terry Gaul
Cybercrime will cost up to $6 trillion by 2021, according to a report recently released by Cybersecurity Ventures. This colossal number is equivalent to nearly half of today’s US Gross Domestic Product (GDP) and more profitable than the global trade of all major illegal drugs combined.
The report links cybercrime costs to damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.
Beyond the financial consequences, cybercrimes jeopardize the trustworthiness of the connected economy, disrupt global commerce, and threaten critical infrastructure, ultimately putting lives at risk.
BSA | The Software Alliance, a leading advocate for the global software industry, has been an ongoing industry champion of software innovation, anti-piracy, and security and recently released their cybersecurity agenda, Security in the Connected Age. The agenda defines elements of cybersecurity that government policymakers can evaluate and help them to prioritize legislation that will most effectively strengthen policies to protect citizens from cyber threats. The agenda urges the US government to expand its role in improving cybersecurity, both domestically and abroad, and to work closely with industry to:
Promote a secure software ecosystem by creating industry benchmarks, developing tools to understand critical information, and strengthening security research and vulnerability disclosure;
Strengthen government’s approach to cybersecurity by modernizing government IT, harmonizing federal cybersecurity regulations, and incentivizing adoption of the National Institute of Standards and Technology’s framework;
Pursue international consensus for cybersecurity action by supporting international standards development, as well as adopting and streamlining international security laws;
Develop a 21st century cybersecurity workforce by increasing access to computer science education and opening new paths to cybersecurity careers; and
Advance cybersecurity by embracing digital transformation, leveraging the potential of emerging technologies and forging innovative partnerships to combat emerging risks.
One key area of emphasis in the agenda is the need to drive IoT cybersecurity through adoption of proven software security best practices. Organizations are encouraged to integrate security-by-design principles into IoT standards and guidance, and develop frameworks for assessing risk and identifying security measures. This is where industry can play a major role through participating in global organizations like the Industrial Internet Consortium, Trusted Computing Group, and the Silicon Trust whose members are working diligently towards developing standards and best practices that address cybersecurity among other important industrial initiatives.
A good example of such an initiative is the IIC Industrial Internet Security Framework (IISF), a technical report developed by members from 25 different organizations. The IISF is the most in-depth cross-industry-focused security framework comprising expert vision, experience and security best practices. It reflects thousands of hours of knowledge and experiences from security experts, collected, researched and evaluated for the benefit of all IIoT system deployments.