U.S. policy on cybersecurity and privacy is at a crucial point of its development. Although the country has not made moves as loud or far-reaching as the European Union, its policy-making actors have made waves in areas such as cybersecurity standardization and public-private information sharing.
The country is being forced to analyze its technological policies in light of recent cases such as the Cambridge Analytica scandal, which involved the inappropriate collection of personally identifiable information on upwards of 87 million people, of which it was estimated that more than 70 million were from the U.S. In order to obtain a better understanding of what is happening in this policy area in the U.S., the AEGIS project has developed an analysis of the cybersecurity and policy landscape in the country.
AEGIS project partners developed a common cybersecurity taxonomy based on work being carried out in the U.S. cybersecurity and privacy research communities, in order to categorize the findings in a more structured way and enable an analysis of the strength and effectiveness of U.S. cybersecurity policy from a technological, legislative and market perspective.
Importance of analyzing the U.S. landscape
The “Cybersecurity and Privacy Landscape in the United States” report provides a comprehensive picture of the entire landscape using the critical areas defined by the Federal Cybersecurity Research and Development Strategic Plan as reference points.
It is important to understand the U.S. cybersecurity and privacy landscape in order to facilitate better EU-U.S. collaboration in R&I. The AEGIS report analyzes the U.S. cyber strategy as well as the strengths and weaknesses of U.S. policy in this area. It also covers the technology involved, risk management, human aspects, workforce development and framework activities – including the NIST Framework – among others.
From the technological perspective, at a high level, there is good synergy with the ongoing work in the EU in the U.S.; however, it was highlighted that in the U.S. there is possibly more of a focus on Critical Infrastructure protection. There is a strong emphasis on standardization, especially in key areas of interest such as the Internet of Things, cyber-physical systems, cloud computing and international promotion of the Cybersecurity Frameworks activities.
In terms of policy and legislation, the U.S. has focused on various aspects over the past few years. These include improving the nation´s critical infrastructure, improving federal cybersecurity policies and practices, using risk management principles to assess vulnerabilities and select mitigations, fostering public-private partnerships and promoting the NIST Cybersecurity Framework, among others.
There has been swift reaction in relation to the misuse of private data, although it is unclear whether this reaction has been spurred by the Cambridge Analytica scandal or the implementation of the EU´s General Data Protection Regulation. Additionally, there is agreement that global cooperation on cybersecurity-related challenges and solutions is important despite the rise of the “America First” mindset.
From a market perspective, our analysis indicates that the U.S. seems to have addressed, or started to address, a large number of concrete recommendations and actions in relation to innovation and acceleration of investment for the security and growth of digital networks and the digital economy.
Finally, it is evident that the cybersecurity landscape in the U.S. foresees a deep connection between cybersecurity and the economic prosperity of the nation. The sharing of ideas, innovations, and opinions will enable organizational and government leaders to coordinate the cybersecurity efforts and manage the challenges that could impact the security and the resilience of organizations.
Read the “Cybersecurity and Privacy Landscape in the United States” in full here.