It would be hard to overstate the importance of technology in today’s digitally-driven economy and world. The World Economic Forum (WEF) projected that 60% of global gross domestic product (GDP) is tied to digital systems and platforms. Everywhere we turn we interact with, consume, and engage via digital systems.
Digital systems have facilitated an economy and society unlike any other previously. However, all of this digital enablement and interconnectivity comes with a cost. Many leaders are increasingly raising the alarm that our digital economy lacks sufficient oversight and cybersecurity leadership at the highest levels.
The Need for Cyber Resilience
While digital transformation and electronic platforms have enabled dramatic transformation in our daily lives, there is an accompanying need to ensure these digital systems and platforms are cyber-resilient.
The past two years have emphasized just how critical digital systems are to the way we work, communicate, and engage in countless daily activities. This ubiquity of digital connectivity comes with the realization that an interruption in the digital ecosystem can and will have a cascading effect across many areas of our personal and professional lives.
The Right Approach to Cyber Resilience
Cyber resiliency of our digitally enabled economies and governments requires a whole of society approach. Private-sector organizations must take steps to instill effective cybersecurity awareness, habits, and a security-centric culture to drive down organizational and industry-wide risks. On the public sector front, governments must take steps to bolster a legacy regulatory environment that largely has yet to catch up with the rapid pace of innovation and proliferation of digital technologies and data.
Due to this national and international lag, businesses and citizens are often left to wrestle with a patchwork of incoherent regulatory and legal frameworks that aren’t unified or aligned. On the defense front, governments must work to procure, integrate and operationalize technologies at the speed of relevance to outpace near-peer adversaries and national security threats.
Given the widespread use of technology across all aspects of our lives, societies must also take steps to improve citizen digital literacy and cybersecurity awareness. Educational curriculums must be overhauled to facilitate the next generation of digitally capable citizens.
Cybersecurity Expertise in the Boardroom
Regulatory bodies, particularly in the U.S. have recently taken steps to try to improve and increase the requirements around requiring cybersecurity expertise in the boardroom.
In short, the SEC proposed rules requiring U.S. publicly traded companies to disclose the cybersecurity expertise of their corporate director makeup. This parallels previous efforts which required financial expertise to be present in the boardroom as well.
Regulatory bodies and governments are realizing that these corporations operating in the digitally driven economy need to have cybersecurity leadership at the highest levels to drive the exact sort of cyber resilience we previously discussed above. Knowing that there is a shortage of board-equipped cybersecurity leaders to fill this void, organizations such as the Digital Directors Network (DDN) have established a Qualified Technology Expert (QTE) credential to help fill this void and position technology leaders to serve in these forthcoming roles.
Raising Industry Standards
Industry standards bodies are also stepping up their role in building cyber-resilient systems. The U.S. National Institute of Standards and Technologies (NIST) has released an update of their flagship 800-160 Vol. 2 Rev1 “Developing Cyber-Resilient Systems: A Systems Security Engineering Approach”.
This guidance focuses on utilizing cyber resilience engineering and associated disciplines to ultimately build survivable, trustworthy, and secure systems. There are also efforts underway to bring long lacking visibility into the broader software supply chain.
Organizations such as the National Telecommunications and Information Administration (NTIA) and Cybersecurity Infrastructure Security Agency (CISA) are championing the use of a Software Bill of Materials (SBOM) to help digitally driven organizations and enterprises understand exactly what software they’re consuming, its inherent vulnerabilities, and position themselves better to respond when the next zero-day vulnerability emerges. We previously discussed SBOM here.
Final Thoughts
Needless to say, we have a lot of work ahead of us to improve the trust in and resilience of the digital systems our society endlessly depends on. Technology inherently brings innovation and improvement to our lives in many ways but it isn’t without its perils as well. If these digital systems and more broadly our society doesn’t implement cyber survivable and resilient systems, we would be in for a world of hurt, literally.
Want more cybersecurity insights? Visit the Cybersecurity channel:
