Future of business cyber security tied to US election result
31 Oct 2012
Sydney Morning Herald
The Australian business community must remain acutely aware of cyber security developments in the US and be prepared to take an active role in any government-led response, write Associate Professor Philip Seltsikas and PhD candidate Max Soyref.
Hacker attacks targeting Gulf oil and gas companies and some of America's largest banks following September's political instability in the Middle East highlighted the cyber-security challenge facing businesses not only in the US but around the world.
Not surprisingly, the two US presidential candidates differ in their response to this challenge. The outcome of the election will, therefore, have a strong bearing on the direction the US takes in relation to cyber security and the impact it will have on allies such as Australia.
The Australian business community must remain acutely aware of developments in the US and be prepared to take an active role in any government-led response.
In the US, President Barack Obama has supported stronger partnerships between private companies and government agencies when it comes to the detection and elimination of cyber threats.
Writing in The Wall Street Journal in July, the President referred to cyber security as ''one of the most serious economic and national security challenges we face''. He went on to call for a unified standard that would set minimum cyber-security requirements for critical infrastructure companies such as those in telecommunications, transportation, banking and finance industries.
Mitt Romney, while much less clear on cyber security, has pledged to conduct a review of cyber-related policies in his first 100 days in office. Following the review, Romney says he will formulate a ''unified strategy'' to deal with cyber attacks, cyber terrorism and cyber espionage.
Republicans and Democrats have major disagreements around standards, information-sharing networks and mandatory breach disclosure related to critical infrastructure.
Both parties have bills before Congress with the Republicans calling for the government to be a facilitator of the information exchange between businesses and the Democrats aiming to create a much more regulated cyber security space.
The US Chamber of Commerce opposes the Democrat stance fearing that it may impede business.
Of course, if Obama wins we might never see Romney's policy in action. Indeed, there are signs that the President may act in the days immediately ahead of the election.
The White House has been preparing an executive order that will pave the way towards voluntary cyber security standards and information-sharing rules for critical infrastructure companies.
Here in Australia the Department of Prime Minister and Cabinet, which is responsible for Australia's cyber-security policy, called at the end of 2011 for submissions to inform a white paper on the future of ''Australia's relationship with and approach to cyberspace''.
The government received nearly 130 submissions from agencies and companies including the Australian Federal Police, Telstra, IBM, Google, McAfee, eBay and many others.
Despite some differences in the specifics, the submissions tended to focus on the need for stronger partnerships between the government and the private sector, data breach disclosure rules and voluntary or mandated security standards legislation.
The white paper was due in the first half of 2012, but has not yet appeared, perhaps because Canberra is waiting for the outcome of the US presidential election. If Australia follows an Obama-led US, businesses can expect greater government involvement in cyberspace, e-commerce and cyber security.
It is quite likely that following the rhetoric of a ''shared'' approach to an Australian digital future, the government will aim to create information-sharing infrastructure focused on cyber-security threat detection and prevention. Businesses need to become part of this conversation with the government to provide leadership and support in shaping this regulatory space.
If the government mandates public breach disclosure, companies need to prepare for the impact on their bottom line and public image. Instead of arguing about how this might impede competitiveness, businesses need to revisit their security investments and aim to avoid breaches by improving their existing defences.
Industry-wide standards similar to the Democratic platform in the US would provide businesses with an opportunity to ensure a baseline level of security and learn from best practice. Many Australian firms are already using internationally developed standards and new rules would not involve a painful transition. Those that are not need to consider future implementation costs.
Following the US election, Australian businesses should actively prepare for greater legislative activity around cyber security in the next year. Engaging in a thoughtful dialogue with the Australian government will help businesses avoid unnecessary surprises and contribute to consensus-based legislation that can protect the country's digital future.
Philip Seltsikas is chair of business information systems at the University of Sydney Business School.
Max Soyref is a PhD candidate at the University of Sydney business school.
First published in Sydney Morning Herald
Be the first to comment.