Cybersecurity is a critical issue that must also be seen from the legal and regulatory arena. Cyber security, security, and integrity of people, their assets, countries, and information, are many angles that address cybersecurity, a term coined to identify these types of risks and limit the different strategies to protect assets.
Cybersecurity has always existed, the only difference being that in the past maybe 12 or 18 months we have had a dramatic increase in the number of attacks and in the number of penetration strategies for information theft or to change things.
Specifically, from the point of view of security infrastructure, cybersecurity should be thought of as a tactic, with a series of processes involving different types of actions, in particular, to be able to have information protection.
Based on the fact that you can not assure what is not possible to see, what we used to know as video surveillance, physical security in the streets, shopping malls, university campuses, today, all that is transferred to the computer world and that world can only be protected from a viewpoint of visibility of information and traffic data moving from one site to another.
Transparency in the handling of information, from the governments themselves, particularly from the point of view of the protection and safeguarding of mission-critical information, is a strategic operation for a country. An obvious example of this is the cybercrime attack on strategic facilities in Ukraine, where cybercriminals penetrated the GRID system of electricity, which had the country practically detained for almost two days.
These types of attacks will be much more recurring, and some countries can support this level of attacks. Unfortunately, current technology is on the side of attackers; it is not on the side of those who protect it.
China passed a cybersecurity law with effect from June 1, 2017. This controversial law will have both adverse and beneficial effects, depending on the position with which it is analyzed. This law significantly strengthens access and control of information in a country that is criticized for the level of intervention in virtually everything that involves the Internet and communications.
Its provisions apply specifically to what the law calls “Critical Information Infrastructure” (CII), which defines as key industries holding data that may pose a national security or public interest risk if they are damaged or lost. Companies in the energy, finance, transportation, telecommunications, medicine and health, electricity, water, gas and social security sectors have been identified as CII.
From the point of view of cybersecurity, everyone mistakenly acknowledges that the subject of cybersecurity is in the hands of experts and perhaps in the highest technical sense itself. Cybersecurity is a crucial issue that should be present in all users with a mobile device in their hands, taking care that the applications they have on their phones.
What countries are doing today is radically changing their cybersecurity agenda in an urgent manner and the reason is that no country in the world is 100% protected.
Cybersecurity risks have grown dramatically over the past 18 months. In many cases, they have exceeded any political agenda from the point of view of protection of information and the more connected the countries.
Europe and Asia are regions where they begin to have an entirely different and advanced technological and cybersecurity agenda. At the end of the day, what marks a real advance is the legislation from information technologies and from the point of view of data protection.
Cybersecurity becomes a set of strategies and actions that are not just a single technology or product but are processes, structures, legal decisions, laws that together must evolve continuously and quickly.