Cybersecurity has been a growing concern for the Obama administration over the last couple years, especially in the wake of 2014’s catastrophic spate of large-scale data breaches, which saw a billion records compromised worldwide.
The President has regularly called for improved cybersecurity legislation since he took office, only to be stymied by Congress at every turn. He’s now renewing his efforts to address the issue: last month he proposed a new federal data breach notification law, and this month he held a cybersecurity summit at Stanford University, which gathered experts, government representatives, and industry leaders (albeit with some notable exceptions – more on that below).
The need for cooperation between the government and private sector
At The White House Summit on Cybersecurity, the President called for greater cooperation between the government and the private sector in order to address cybersecurity issues.
Acknowledging that cyber threats challenged America’s national and economic security, as well as “the wellbeing of our children”, the President remarked: “it’s one of the great paradoxes of our time that the very technologies that empower us to do great good can also be used to undermine us and inflict great harm.”
He added that there was “only one way to defend America from these cyber threats, and that is through government and industry working together, sharing appropriate information as true partners.”
Strained industry relations
This partnership may be hampered by the froideur that has existed between the White House and certain tech firms since Edward Snowden’s revelations of NSA surveillance went public. Apple chief exec Tim Cook was present at the summit, delivering a brief but pointed speech on customer trust, privacy, and security, but notable absences included senior executives from Google, Yahoo!, and Facebook, many of whom have expressed concern about online privacy.
The President seemed at times to be attempting to placate these dissenting voices, spending much of his speech emphasizing how difficult he found it to balance the privacy of American citizens with the need to protect them. “[Grappling] with how government protects the American people from adverse events while, at the same time, making sure that government itself is not abusing its capabilities is hard,” he said.
International cybersecurity best practice
Until federal cybersecurity legislation is approved by Congress and a proper framework of cooperation is established, American organizations are advised to employ international best practice to address their cybersecurity obligations. ISO 27001, the international standard for information security management systems, sets out the requirements of a risk-based information security management system – an enterprise-wide approach to data security that encompasses people, processes, and technology.
IT Governance has led hundreds of ISO 27001 registrations around the world, and has now developed a series of fixed-price ISO 27001 Packaged Solutions to allow organizations of all sizes, sectors, and locations to implement the Standard at a speed and for a budget appropriate to their individual needs.
For more information on how IT Governance can help your organization implement cybersecurity best practices, click here >>
For further guidance on implementing cybersecurity best practices in your organization, sign up for our free webinar: