The face of cybersecurity is constantly evolving, with cybercrime becoming an inescapable fact of our daily lives. It affects everyone from the general consumer to Fortune 500 corporations and has even crept into the military sphere, with the threat of cyber warfare looming over conflicts worldwide. Governments around the world have taken notice and are responding by creating and debating cybersecurity regulations to help secure enterprises and organizations from evolving cyber threats.
In the UK, the Telecommunications Security Act was passed in 2022, implementing tougher security standards on Internet service providers (ISPs). The goal is to minimize breaches that could expose the private data of millions of consumers. Similarly, the US-based Cybersecurity and Infrastructure Security Agency (CISA) has urged enterprises to adopt a more proactive approach to defending against cyberattacks. They recommend automated continuous validation of security controls to mitigate the constantly evolving threat landscape.
The term “cyber warfare” is contentious, with experts debating its definition and whether it can truly be distinguished from traditional warfare. However, the RAND Corporation provides a reasonable working definition, stating that it involves a nation-state or international organization attacking and attempting to damage another nation’s computers or information networks through tactics like computer viruses or denial-of-service attacks. Given society’s reliance on computers and information networks, it’s understandable why governments would want to strengthen their defenses against potential cyberattacks, especially during times of geopolitical unrest.
There have been instances that demonstrated the havoc cyberattacks can wreak on a nation’s infrastructure. The Colonial Pipeline incident in 2021 serves as a memorable example. It caused gasoline prices in the US to skyrocket, fueled panic buying, and led to a state of emergency being declared by President Joe Biden. Such incidents have prompted governments to change their attitudes towards cybersecurity.
The US government has emphasized collaboration between the private and public sectors in protecting critical national infrastructure. However, the 2023 US National Cybersecurity Strategy places a stronger emphasis on regulation. It calls for the establishment of cybersecurity regulations to secure critical infrastructure, the harmonization and streamlining of new and existing regulations, and enabling regulated entities to afford security. This demonstrates a shift in the federal government’s views on cybersecurity in response to significant events.
Several events have influenced the US government’s changing attitudes towards cybersecurity. The COVID-19 pandemic, which forced many employees to work from home, resulted in a 75% increase in cybercrime, according to the FBI. The Colonial Pipeline incident, orchestrated by a cybercriminal group with ties to Russia, caused mass fuel shortages and brought about a state of emergency. In addition, the invasion of Ukraine by the Russian army in February 2022 further intensified concerns about state-sponsored cyberattacks on US infrastructure.
The private sector has also been dragged into conflicts to an extent not seen since the Second World War. Private organizations are now legitimate targets for military campaigns, posing a significant concern for countries like the United States, which are unaccustomed to fighting battles on their own soil. Therefore, the private sector has a crucial role to play in national security, extending beyond organizations classified as critical national infrastructure. Any organization could be targeted by state-backed hackers, and it’s more important than ever for the private sector to take responsibility for their cybersecurity.
Considering the importance of cybersecurity for critical national infrastructure, it could be argued that cybersecurity itself should be classified as critical national infrastructure. All industries rely on cybersecurity to operate, and if it fails, a country’s essential services could be compromised. Moreover, critical national infrastructure suffers more frequent, diverse, and sophisticated cyberattacks than any other sector. If the cybersecurity sector fails, an entire nation’s critical infrastructure could be at risk.
In conclusion, the prospect of cyber warfare has had a significant impact on government attitudes towards cybercrime. Governments worldwide are enacting or considering cybersecurity regulations to protect enterprises and organizations. The private sector is also being pushed to take responsibility for their cybersecurity as the threat landscape evolves. Tools like breach and attack simulation (BAS) provide deep insights into an organization’s environment and are crucial for assessing risk. As more stringent cybersecurity regulations are on the horizon, businesses must be prepared to adapt to the changing landscape. The role of cybersecurity in securing critical national infrastructure cannot be underestimated, and it’s essential for organizations to prioritize their cybersecurity efforts to protect themselves and their respective nations.