U.S. Can Learn a Lot from EU About Cybersecurity Legislation
Violence. Human rights. Universal healthcare. Cybersecurity initiatives. You may ask yourself what these four things have in common. Well, aside from being hot topics of political debate, they are also all areas in which the European Union has the United States beat by a landslide.
U.S. companies, and America as a whole, are arguably the largest targets for foreign-based hackers because of our immense intellectual property, for socio-political reasons, and because we have far less stringent rules and regulations when it comes to data protection. This isn’t the first – and surely won’t be the last – disagreement in policy between the U.S. and the E.U., but cybersecurity is becoming more and more of a talking point for both with each day that passes (and each data breach that is revealed and dominates the news headlines).
There has long been a disconnect between the two regions on how to strike a balance between safety and civil rights. It’s been said time and time again that Europeans value privacy more than Americans. In reality, though, it comes down to the way we both fundamentally think about privacy. Europeans tend to see the concept as a right to dignity – or how you present yourself to the public – while Americans might view privacy in terms of freedom and liberty – the right to separate your life from the state.
With the existing international regulations and the soon-to-be-launched E.U. General Data Protection Regulation aimed to unify data protection laws within the entirety of the European Union and significantly increase penalties for non-compliance, it’s become quite clear that Europe is miles ahead of the United States when it comes to protecting the sensitive data of its citizens and businesses. With such a wide gap between the two, and an obvious lack of structure and legislation on the United States’ part, it’s impossible to ignore the growing potential risks our country faces.
So what do we – the United States – need to do to catch up? For starters, we should completely change our approach. Historically, we are a country that likes to keep the government at arm’s length from business, which typically proves to be very beneficial. However, it also means that, unlike some of our opponents in the fight for cybersecurity, our critical infrastructure is not 100 percent within the government’s control. Additionally, the U.S. has put limitations on the sharing of information about security threats and incidents between the private and public sectors, which makes it difficult for the government to have a comprehensive understanding of the threat matrix.
This lack of communication and information sharing between the sectors boils down to the private versus public aspects involved, the regulations that go hand-in-hand with each, and the fact that, frankly, our government has a difficult time fully understanding the dynamics of a competitive landscape. The government tends to view itself as a separate entity from the private sector and, therefore, has created a divide between the two, resulting in little to no information-sharing and collaboration. If businesses were required to report breaches in a timely manner and there was more transparency encouraged between the sectors, the risk level would decrease drastically.
I believe the real driver of change should and will be to protect the intellectual property that will be critical in nourishing our economy. In recent history, America has been the first to innovate, as seen by its ability to benefit from the first wave of innovation before other areas of the world could reproduce the appropriate model at lower costs. Now, other countries have the capabilities to access our businesses, universities, media, and even government in a matter of minutes, and poach all of that intellectual capital at the earliest stages. In short, all of the investment we make in innovation could be wasted if we don’t get that first mover advantage. If we can come to that realization sooner, rather than later, we can avoid a lot of heartache and economic headaches.
About the Author:
Pat Clawson is chief executive of Blancco Technology Group. Clawson was named CEO in January 2015, bringing more than 20 years of experience in technology and IT security. Most recently, he served as chairman and CEO of Lumension Security, where he successfully grew the business to strong revenue growth and profitability. In addition to successfully launching new technologies into the marketplace and guiding four businesses through acquisitions, Clawson has also established himself as an IT security pundit within the media. His insights have been featured in many of the world’s most influential news publications, including WSJ, CNN, CNET, Washington Post, USA Today, Forbes, CIO and Infosecurity Magazine, just to name a few.
