Cybersecurity Regulations: A Sign of the Times

Author photo: Daniel Keyser

Keywords: Cybersecurity, Regulations, CFR 17, EU Cyber Solidarity Act, SEC regulation, Ransomware, Breach, Cyberwarfare, ARC Advisory Group.

Overview

Cybersecurity RegulationsHistorical trends in cybersecurity alongside sociopolitical actions have brought a renewed interest in regulatory practices related to cybersecurity that may affect their business operations. Although some regulations have existed for some years at both the national and industry levels, global events and trends have led to countries seeking possible changes in their own cybersecurity regulatory environment. It is important for both end users and suppliers to track these developments to be better prepared for potential increased expectations.

Geopolitical Events in Europe

The ongoing conflict in Ukraine was preceded by a wave of cyber-attacks targeting critical businesses and infrastructure that continued into the actual first weeks of the invasion by Russian ground forces. Cyberwarfare is an active domain of the war that is seeing continuing attack and defense scenarios from both sides in targeting businesses and critical infrastructure.

NATO-aligned countries, The European Union, and just about every other nation on the planet are observing the happenings in the conflict. Particular attention has been paid by those countries with dual memberships in both The European Union and NATO and has led to these countries’ governments asking several challenging questions that include:

  • Is our society and its critical infrastructure protected enough? 

  • How much do we rely on our critical infrastructure and specific industries? 

  • How secure are our critical infrastructure and industries? 

The European Union is seeing a great internal push from its member states to revamp and increase their cybersecurity considering the events happening within the continent. And where there are internal states looking to revamp their cybersecurity regulations, the parliamentary body usually follows. The European Union exists as one of the largest regulatory bodies on the planet, and in its ability to set standards, it can and has forced changes to business operations worldwide multiple times. The combination of the very real fears about cyber resiliency in industrial operations with a need to set new minimum standards is leading to the examination of potential new regulations.

Targeting Manufacturing and Industrial Systems

The issue of targeting industry and business has been an increasingly steady global trend on the rise since the release of the Stuxnet virus targeting Iranian infrastructure dedicated to nuclear fuel enrichment. Cybersecurity has seen an increasing play in the daily operations of businesses and governments, and as a result the cybersecurity industry has become one of the fastest growing market sectors. 

Connectivity Leads to Vulnerability

With virtually everything connected to the internet, if a machine on the assembly line needs to talk to the controller above it in the hierarchy, and that controller reports to the data historians or MES, it can be breached. 

Recent Examples

In recent memory since the COVID-19 outbreak, industry has seen an increasing confluence of cybersecurity breaches and attacks by both non-state actors and state backed resources. 

The National Healthcare System (NHS) in the UK has been hit with large-scale ransomware attacks both in 2017 and 2022, paying almost £100 million for data recovery in the first instance. 

 

ARC Advisory Group clients can view the complete report at the ARC Client Portal. 

Please Contact Us if you would like to speak with the author.

You can learn more about cybersecurity at Industrial Cybersecurity Market Analysis Research

Engage with ARC Advisory Group

Representative End User Clients
Representative Automation Clients
Representative Software Clients