(ISC)² and the Royal United Services Institute (RUSI) have released a new research report titled “Global Approaches to Cyber Policy, Legislation and Regulation.”
Findings from the report underscore the growing necessity for greater standardization and collaboration to ensure stronger and more resilient frameworks that support shared learning and best practices, amidst rapidly evolving cybersecurity policies and regulations around the world.
The report reviews cybersecurity legislation and regulation within Canada, the European Union, Japan, Singapore, the United Kingdom and the United States, identifying various challenges shaping cyber policy.
These issues include the shortage of skilled cybersecurity professionals, the complexities of the critical national infrastructure (CNI) and international cooperation on norm development for cyberspace. By bringing together insights from different jurisdictions and stakeholders, the report shows the importance of cooperation between private and public stakeholders and that policymakers increasingly seek harmonization of cyber policy.
This is particularly critical for Singapore as its digital economy and the corresponding cyber ecosystem continue to expand rapidly. While the country is recognized for its advanced cybersecurity regulation and policies, Singapore has experienced a high number of cyberattacks in recent years.
For example, the country saw an influx of SMS-phishing scams targeted at bank customers in 2022. The Cyber Security Agency of Singapore (CSA) saw a 54% year-on-year increase in the number of ransomware cases being reported to them in 2021.
“While the report identifies a number of trends in the cyber policy landscape, the increasing reliance on binding cybersecurity obligations for the critical national infrastructure sectors and beyond stand out, but the obligations different jurisdictions impose to increase cyber resilience vary,” said Pia Hüsch, Research Analyst for Cyber, Technology and National Security at RUSI. “The report, therefore, draws crucial attention to the need to better understand which policies are effective in increasing cyber resilience and how they impact businesses and the cyber workforce implementing them.”
“Policymakers must take a proactive, rather than reactive, approach toward cybersecurity policy and collaborate across borders, industries and sectors to establish common standards, protocols and best practices,” said Clar Rosso, CEO of (ISC)². “Findings from this report provide valuable insight into top legislative and regulatory priorities, which emphasizes the need for greater harmonization between policymakers, cybersecurity professionals and other stakeholders to improve cyber resilience and address pressing cybersecurity challenges in 2023 and beyond. To protect our national security, economies, critical infrastructure, and the data and privacy of our citizens, we need consistent, strong, forward-looking and joined up policies that enable cybersecurity professionals around the world to stay laser-focused on the most critical aspects of their jobs.”
The report delves into several other key headlines, including:
- More regulations are coming; organizations must prepare now – not later.
- No country or government is immune to the cybersecurity skills and workforce gap.
- While Singapore’s shortage in the cyber workforce has decreased significantly in 2022, the city-state has been investing in cyber workforce development and has issued a number of measures to attract highly skilled workers such as through visa programs like TechPass.
- Global standardization is critical, and full international cooperation is needed, to protect and uphold ethical principles and standards.
- On this front, Singapore is actively engaging with a wide range of actors in the field, including the UN working groups. It has established the ASEAN Singapore Cybersecurity Centre and hosts the annual Singapore International Cyber Week.
- Fortifying critical infrastructure is a top priority for all jurisdictions — especially with more interconnectedness and “state lines” blurring.
- To ensure further resilience of its Critical Information Structure and supply chains, Singapore continues to advance regulation, e.g. in the form of the Complimentary Code of Practice (CCoP 2.0) providing measures and standards implemented by businesses that are part of the critical information infrastructure.
- Collective defense is needed between the public and private sectors and across jurisdictions to support norm development.