In a recent speech, Tom Wheeler, Chairman of the Federal Communications Commission (FCC) - the US body responsible for regulating interstate and international communications - has suggested that the private sector should take responsibility and accountability for managing cyber threats and risks and that a “new paradigm” of cyber readiness must be created through private sector leadership.
Mr Wheeler set out the FCC’s future strategy for cyber security which centres around a private sector led approach and challenges private sector organisations to create business driven cyber security management. In his speech Mr Wheeler suggests that to effectively develop cyber security solutions the dynamism and innovation of competitive markets must be harnessed, as it will be impossible to keep up with the fast changing digital world if a prescriptive, rule based regulatory approach is adopted.
In this new approach Mr Wheeler argues that the network ecosystem must step up to assume new responsibility and market accountability for managing cyber risks. This private sector led effort must be more dynamic than traditional regulation and more measurably effective than blindly trusting the market or voluntary best practices.
Mr Wheeler went on to outline the principles on which the FCC’s work on cyber security will be guided in the future, which are:
- a commitment to preserving the qualities that have made the internet an unprecedented platform for innovation and free expression. This means not sacrificing the freedom and openness of the internet in the name of enhanced security;
- a commitment to privacy, which is essential to consumer confidence in the internet;
- a commitment to cross-sector coordination; and
- support of a multi-stakeholder approach to global internet governance that successfully guides its evolution, and opposes any efforts by international groups to impose internet regulations that could restrict the free flow of information in the name of security.
Well, firstly, the Internet is essential to our sector, whether as hardware, software and network suppliers or e-tailers or otherwise. Secondly, the increasing cost of cyber crime emphasises the importance of cyber security to both governments and the private sector. In a recent report by McAfee and the Centre for Strategic and International Studies the likely annual cost to the global economy from cyber crime was put at more than $400 billion, and growing. The report states that the most important cost of cyber crime comes from its damage to company performance and to national economies as cybercrime damages trade, competitiveness, innovation and global economic growth.
Clearly an effective approach to cyber security is needed to combat the threat of cyber crime. Mr Wheeler’s “new paradigm” which seeks to broaden responsibility for dealing with the threat is to be welcomed. However, it remains to be seen how effective it will be and if and when it will be embraced by the private sector.
In the UK the approach of public and private collaboration forms a key part of the Government’s £650 million National Cyber Security Programme launched in 2011. At a recent event Francis Maude, Minister for the Cabinet Office with overall responsibility for cyber security, commented on the progress of the programme stating that it was“bringing together government and industry to debate current threats and work on solutions and opportunities”. Mr Maude went on to say that cyber crime in fact presents “opportunities for business and government…it enables innovation and enterprise and also supports jobs and greater prosperity”.
At present it seems that strategy is still being led by public sector bodies, albeit in collaboration with private sector companies. As the cost of cyber crime continues to increase, the issue inevitably becomes a board level issue and this in turn will no doubt prompt investment by those companies seeking better more cost efficient ways to protect their business from cyber threats.
In any case, both Mr Wheeler and Mr Maude appear to be in agreement on the fact that all stakeholders must contribute to the evolving strategies to combat cyber crime.