Posted by: Ben Cole
CIO, compliance, cybersecurity strategy
Federal governments all over the world have become increasingly hands-on with cybersecurity strategy and online privacy, but businesses have sometimes been critical of new rules that they say will hurt their bottom line.
Look at the controversy surrounding the U.S. House of Representatives’ Stop Online Piracy Act. The act would allow the Attorney General to seek injunctions against foreign websites that steal and sell American innovations and products, and would increase criminal penalties for individuals who traffic in counterfeit medicine and military goods. While these traits may sound like music to online businesses’ ears, a letter protesting the act (signed by representatives from names you may have heard of like AOL, eBay, Facebook, Google and Twitter) expresses concern that it poses a “serious risk to our industry’s continued track record of innovation and job creation, as well as to our nation’s cybersecurity.”
But in announcing new details that are part of its new £650m cybersecurity strategy, the U.K. government is trying to strike a balance between protecting consumers, online information and good business sense. Just look at the government’s tagline when heralding the initiative, which it calls “a new era of unprecedented cooperation between the government and the private sector on cybersecurity.”
The cybersecurity strategy is unique in that it sets up a joint public/private-sector cybersecurity “hub” designed to allow the U.K. government and the private sector to exchange actionable information on cyberthreats and manage cyberattack response. A pilot program surrounding this initiative will begin in December with five business sectors: Defense, telecommunications, finance, pharmaceuticals and energy.
The strategy is also encouraging industry-led cybersecurity standards for private-sector companies. Instead of just selling this as new mandatory regulations, the U.K. cabinet says the standards would give businesses a competitive edge by promoting themselves as certifiably cybersecure. The U.K. will also develop a program to certify cybersecurity specialists by March, with the ultimate goal to increase the skill levels of information assurance and cybersecurity professionals.
Minister for Cyber Security Francis Maude said a closer partnership between the public and private sectors is crucial to the success of the cybersecurity strategy, and this is what some of the U.S. efforts are missing. When working to strike this proper balance between the interests of cybersecurity and business, it’s obviously important to take into consideration the best interests of both parties. The U.S. and other countries could learn from the U.K.’s cybersecurity initiative. Working closely with the private sector will likely create a more congenial environment by demonstrating that the government is trying to help, rather than impose heavy-handed restrictions to secure online information.