BSA | The Software Alliance outlines elements for effective cybersecurity government policy
Narendra Modi-led Government has put a strong thrust to digitize the country. In his latest speech at GCCS, he mentioned, “The global community needs to approach the issue of cyber-security with confidence, as much as with resolve. Cyber-space technologies must remain an enabler for our people.”
Given that effective cybersecurity requires close collaboration between the private and public sectors,BSA | The Software Alliance urges the Indian Government to expand its leadership in improving cyber security both here and abroad. In its latest report, BSA asserts technologies such as cloud computing services and artificial intelligence are also connecting businesses and governments, and transforming their operations.
The report purviews half the world population today is not only online through smartphones,web browsers but also through home appliances and industrial manufacturing robots. These online connections brings opportunity, they also create risk, including large-scale data theft, privacy violations, phishing scams, ransomware, and malicious information operations that affect millions of people in India and around the world each year. Cybercrime will cost up to $6 trillion by 2021. Beyond the financial costs, these threats erode trust in the online environment, disrupt global commerce, and cause physical damage to critical infrastructure, ultimately putting lives at risk.
To address this challenge to the connected economy, cybersecurity practices and tools must defend the integrity, privacy, and utility of the Internet ecosystem. Although businesses, private citizens, and government agencies all share responsibility for enhancing cybersecurity, the government plays a singular role.
BSA supports a robust partnership of government and industry:
» Promote a secure software ecosystem by creating industry benchmarks, developing tools to understand critical information, and strengthening security research and vulnerability disclosure
» Strengthen government’s approach to cybersecurity by modernizing government IT and harmonizing cybersecurity regulations
» Pursue international consensus for cybersecurity action by supporting international standards development as well as adopting and streamlining international security laws
» Develop a 21st century cybersecurity workforce by increasing access to computer science education and opening new paths to cybersecurity careers
» Advance cybersecurity by embracing digital transformation, leveraging the potential of emerging technologies and forging innovative partnerships to combat emerging risks.
This cybersecurity agenda should be rooted in the realities of today’s complex global digital economy and built upon past successes. Working together, government and industry can help the world’s citizens reap the benefits of the digital economy while protecting our safety, security, and privacy.
Specifically, elements of a Cybersecurity Agenda should:
Promote a Secure Software Ecosystem
- Establish an industry benchmark for software security: Support development of a set of widely recognized, industry-driven software development and management best practices to elevate cybersecurity practices.
- Develop tools to communicate critical cybersecurity information to consumers and enterprise stakeholders: Establish widely used, market-driven tools for providing relevant cybersecurity information to consumers and enterprise stakeholders to inform purchasing decisions, network operation, and risk management.
- Strengthen identity management: Work to expand adoption of identity management technologies across public and private sector organizations, and to increase emphasis on identity management in cybersecurity policies and frameworks.
- Promote security research and vulnerability management: Strengthen investment in security research aligned to coordinated vulnerability disclosure programs, and ensure the policy environment is conducive to research that drives stronger cybersecurity.
Create a Stronger Government Approach to Cybersecurity
- Modernize government IT: Invest in IT infrastructure for state, and local governments with an eye toward cybersecurity, including through adoption of cloud computing, defense-in-depth, continuous monitoring, data analytics, and other innovative security technologies.
- Harmonize cybersecurity regulations: Review regulations and standards across sectors and promote a consistent, cross-sector approach to cybersecurity policies.
- Improve cybersecurity in government acquisition: Incentivize cybersecurity by creating competition for cybersecurity performance in government acquisition processes.
Pursue International Consensus for Cybersecurity Action
- Harmonize global cybersecurity laws to align security and economic growth: Support both cybersecurity and economic growth by promoting harmonization of laws and policies across countries to foster innovation, security advancements, free flows of data, and market access.
- Advance international cybersecurity norms: Encourage international dialogue and drive agreements on cybersecurity practices in bilateral and multilateral frameworks.
- Support international standards development and adoption: Support industry and non-governmental efforts to develop and update international standards. Encourage global adoption of international standards.
Develop a 21st Century Cybersecurity Workforce
- Increase access to computer science education: Expand cybersecurity education for schools as well as in undergraduate computer science programs, increase scholarships, and incentivize minority students.
- Promote alternative paths to cybersecurity careers: Launch careers through apprenticeship programs, community colleges, cybersecurity “boot camps”.
- Modernize training for mid-career professionals:Update other mid-career re-training programs, to provide Indian workers with high-demand cybersecurity and IT skills as digitalization transforms the global economy.
- Improve the exchange of cybersecurity professionals between the government and private sector: Enable private sector experts to join the government for periodic or short-term assignments.
Advance Cybersecurity through Digital Transformation
- Leverage emerging technologies to enhance security: Target investments and constructive policies to capitalize on the tremendous potential of artificial intelligence, quantum computing, block chain, and other emerging technologies to enhance security.
- Build on momentum of public-private collaboration to combat botnets and other automated threats: Expand public-private collaboration to confront the botnet threat.
- Drive IoT cybersecurity through adoption of proven software security best practices: Integrate security-by design principles into IoT standards and guidance, and develop frameworks for assessing risk and identifying security measures.
- Help Smart Cities stay cyber resilient: Provide planning support, threat information, and incident response support to municipal planners and managers to enhance the resilience of Smart Cities against cyber threats.