Across the globe, a tsunami of cybersecurity-related legislation, regulations and policies have assaulted already overstretched teams. The focus of scrutiny ranges from critical national infrastructure (CNI), artificial intelligence (AI) and quantum computing to incident reporting, workforce development and secure software development.
As governments and organizations work to improve their cybersecurity posture, it’s imperative that the public and private sectors work together to create solutions and strengthen our cyber defenses. This lets policymakers get a deeper understanding of what individuals and businesses are experiencing, as well as supports the private sector in building a better understanding of cyber defenses for nation states. Such an approach ensures we are taking effective and sustainable steps in the fight against a volatile cyber threat landscape.
Maximizing the enduring and tangible impact of public policies requires policymakers to adopt a harmonized approach to cybersecurity legislation and regulation worldwide. After reviewing the attitudes and regulatory frameworks of six major jurisdictions, including the U.S., UK, EU, Canada, Japan and Singapore, it’s clear that major powers worldwide agree on where we should spend resources to shore up cybersecurity on a global scale.
Among the top priorities for the cybersecurity industry in all jurisdictions are strengthening CNI and growing a skilled cybersecurity workforce. Here’s what needs to happen:
Critical national infrastructure
Ensuring the safety and security of critical infrastructure and increasing cyber resilience has become a global priority. We all know cyberattacks are inevitable. And while no one wants credit card details stolen from their favorite local restaurant, the complexities take on a whole new level of concern with CNI, especially given that so many suppliers are operating under conditions that feature outdated physical systems, such as operational technology (OT) and industrial control systems (ICS). CNI sectors, from energy to transportation to financial services and telecommunications are so interconnected that one chink in the armor can send multiple systems off course, causing chaos ranging from long lines at gas stations to a lack of clean water supply.
The patchwork quilt of regulations across CNI sectors makes it extremely difficult for OT and ICS operators to comply systemically and operate efficiently. And that’s notwithstanding gaps in the technology, skills and compliance needed to collaborate on a global scale.
International harmonization of standards could relieve some pressure on cybersecurity professionals and go a long way to creating efficiencies to support CNI operators. Whether this collaboration takes the form of global CNI security summits or heads of national cybersecurity agencies in constant communication, we must take tangible steps to set up critical infrastructure security for success. Resilience can move from a “wish” to a reachable goal – but we must thoughtfully and deliberately open the floodgates of collaboration now.
The effects of the cybersecurity workforce gap of 3.4M professionals are felt every day on a global scale. Every country needs skilled professionals to protect them against cyber threats, and we’re far from reaching even an acceptable level of cybersecurity staffers.
Throughout 2023, “big tech” companies have laid off thousands of workers. If we could take all of those employees and give them jobs in cybersecurity, it would only make a minuscule difference in shrinking the gap. A dent is a dent, but making a meaningful impact will require international cooperation.
First, governments must continue to develop programs and policies to attract, recruit and grow the cyber workforce. This includes programs that encourage graduates or career changers from non-technology backgrounds to pursue careers in cybersecurity.
Initiatives such as the National Cyber Security Centre’s (NCSC) CyberFirst program, the EU's Cybersecurity Skills Academy, the Biden White House's National Cyber Workforce and Education Summit and ENISA's European Cybersecurity Skills Framework, are investments that should continue.
Next, companies can take simple steps to help shrink the gap. Organizations can prioritize hiring people from non-traditional cybersecurity career paths. They can lower time and money resource-related barriers to entry and prioritize on-the-job skill development.
And that’s just the tip of the iceberg. With continued investment and collaboration between the public and private sectors, we will move the needle and build a strong cybersecurity workforce that supports global security, not just one state or country.
Critical national infrastructure resilience and strengthening the cyber workforce gap are only two areas out of several that major jurisdictions must prioritize.
We live in pivotal times. Cyber defense and cyber offense requires collaboration and joint defenses against forces that seek to take cybersecurity away from both Fortune 500 companies and everyday individuals. If we’re going to put up a fight and redefine our future, it’s critical that we join forces and ignite our collective defenses.
Clar Rosso, chief executive officer, ISC2