Governments and private companies are cooperating well in an effort to more successfully battle cyber threats. The main problem they face is in devising effective Internet security measures that do not breach consumer privacy. Regulatory issues are also cropping up where client information is concerned, making it more difficult to draw up feasible anti-cybercrime proposals.
Everyone agrees that specific legislation to combat cyber threats is needed. But drawing up regulatory policies is proving to be a difficult task. Comprehensive regulation is the easiest way to manage the threats, but privacy rights do not allow for many of these regulations to be implemented across the board. Authorities say that the sharing of information between the government and private companies is needed. This information is crucial for research in the development of strategies to combat attacks. But consumer data cannot be shared without explicit permission.
Greater Information Sharing Needed to Combat Cybercrime
The US government has allowed greater sharing of information about known security threats to help companies, their customers, and the general public to better combat threats. But rules on the sharing of company data is not as easily as it involves the personal information of citizens who are protected by privacy laws. Companies may be required to report attacks, which is a start. But without specific information on what was stolen, developing defense systems is like a shot in the dark.
Belgium is proposing the adoption similar policies on attack reporting within the European Union. The proposed system of watchdogs in each member state will oversee the reporting.This way they hope to gather a wide range of information on different types of attacks. The information will give security analysts an idea of the different attacks used against companies in all industries. It will also help them understand different risk factors so they can suggest appropriate security upgrades.
These proposals are intended to provide government agencies with the means to deal with system-wide attacks. It is a global perspective on protecting infrastructure that is dependent on the Internet rather than company-specific solutions. Large businesses are affected because they play a bigger economic role. Their consumer databases are also unavoidably larger. This is where the problems begin. The broader scope of general reporting and information sharing is bound to be burdensome to companies. Other than cost factors, safeguarding systems and network security alone with the sharing policy in place would be very tricky. Jonathan Murray of Digital Europe says that such a proposal “could weaken trust at a time when we need to build on real-time information sharing and collective response.”
Comprehensive Information Sharing Regulations Unlikely to Succeed
The cyber threat to global economic infrastructure is a serious one. But bigger picture answers in the form of a wide-reaching policy that requires the open sharing of information is not likely to materialize. In addition to the burden on companies, privacy rights will always stand in the way of systematic data sharing.
In Europe, trust and cost are the major issues surrounding the proposal. Experts worry that increased costs will result in budget cuts that will affect production and stunt product innovation. There may also be looming privacy concerns as the EU works on data protection and privacy regulation relating to how
Personal information is used by companies. A conflict with cyber security regulations similar to that faced by US legislators may be inevitable. As it is, the reporting system will have to be in line with the existing ePrivacy Directive and the proposed General Data Protection Regulation.
In the US, the proposal is viewed as a resurrection of the Cyber Intelligence Sharing and Protection Act (CISPA). Already viewed as a huge threat to privacy rights by civil rights organizations and the public, similar legislation will not easily be accepted. The immunity that CISPA offers to companies in exchange for more freely sharing information is one major bone of contention. Many feel that it will release any positive tensions within companies that now prevents them from releasing to the government the private personal information they hold.
The gravity of the situation does not give lawmakers and security professionals much time to come up with a suitable solution. In light of the urgency of upgrading Internet security for all businesses and individuals, some security experts are leaning more and more towards small-scale solutions.Securing networks and devices with virtual private networks (VPNs) is one viable option that they recommend businesses and individuals seriously consider. Although they fully recognize that a permanent solution is needed, VPN protection can buy everyone some time. There is no time at present to waste on drafting and redrafting policies when such complex issues relating to privacy rights exist. Companies and their customers need immediate solutions.
