LIFESTYLE NEWS - Few things in the world seem to progress faster than technology. But despite technology’s inexorable march forward, security almost always seems to be a generation behind.
As society and industry become more dependent on internet-connected devices, and the online world becomes a central and underlying component of the physical world, the significance of cybersecurity increases commensurately. No longer can security be left to IT departments and security groups within companies. Rather, it requires engagement at the highest levels of both industry and government.
The private sector on its own cannot create a culture that emphasizes security practices, realign financial incentives that reward speed over security, or mend trust deficits with the public sector. However, together with the public sector, these challenges can be addressed to change the culture and incentives of security best practices.
Before that can happen, though, we must recognize that there are significant challenges that can make it difficult for the public sector to effectively address cyber security issues. Three particularly important issues stand out:
International fragmentation: Differences in approaches to cyber security, data jurisdiction, and legal enforcement (not to mention culture, language and politics) across jurisdictional and territorial boundaries can make it hard to effectively prevent, investigate, and prosecute cyberattacks.
International norm-setting: International political differences and country-specific agendas can make it difficult to develop a consensus when it comes to the norms around cybersecurity, let alone enforce those norms consistently and effectively.
Roles with respect to the private sector: The varying and sometimes confrontational roles that the public sector must play – from regulator to information sharer and collaborator – can create tensions with the private sector that can be counterproductive to trust and cooperation.
Similarly, there are numerous challenges that can make it difficult for the private sector to effectively address cybersecurity issues, including two particularly important obstacles:
Misalignment of incentives for cybersecurity best practices: Companies often fail to take basic steps to protect their systems and their users. Companies are placed in the difficult position of balancing the market pressures of rapid innovation against sustained investments in cybersecurity, which may raise costs or delay delivery of products to market.
