Cybersecurity in Power: Regulatory Trends

GlobalData Thematic Research 23 September 2020 (Last Updated September 23rd, 2020 11:22)

Many governments are tackling the challenge of securing critical infrastructure against cyberattack, and are attempting to respond to increasing cyber-risks.

Cybersecurity in Power: Regulatory Trends

Cybersecurity is key enabler of trust in a smarter energy system and without that trust, all the promised applications are difficult to deploy.

Regulatory Trends

Listed below are the key regulatory trends impacting the cybersecurity industry, as identified by GlobalData.

California’s own GDPR

The May 2018 introduction of Europe’s GDPR has proved to be a worldwide catalyst for data protection regulation, with several countries following suit. From 1 January 2020, Californian consumers, vendors, and foreign companies selling into the state have to respect the new California Consumer Privacy Act (CCPA). The act has teeth, and its introduction will be monitored closely by tech companies operating in Silicon Valley. However, as with GDPR, corporate lawyers will do their level best to test its scope or find ways around it.

The UK’s new cyber strategy

The UK government is reviewing its national cybersecurity strategy ahead of the creation of a new plan. A key focus of the current plan is ensuring all organisations in the UK are effectively managing their cyber risk so that the UK economy is safe, secure, and prosperous. A Department for Culture, Media, and Sport (DCMS) Regulation and Incentives Review in 2016 concluded that GDPR and the European Directive on Security of Network and Information Systems (NIS Directive) had the potential to drive improved cybersecurity behaviours.

US federal plan will drive more government cyber spending

A bipartisan commission charged with recommending a reorganisation of the US federal government’s cybersecurity operations wants to see the appointment of a national cyber director. The recommendation for the new position comes from the Cyberspace Solarium Commission, which has argued the appointment is needed to ensure federal agencies are adequately protecting themselves against cyberattacks. However, the White House is expected to veto the idea.

Among its other recommendations, the Commission wants to reform the US government’s structure and organisation for cyberspace. It also recommends Congress create a cyber state of distress that is accompanied by a cyber response and recovery fund.

Cyber bills pass through US Congress

The US government has stepped up its legislative activity and enacted several laws to try and reduce its vulnerability to cyberattacks. Cybersecurity-related bills for Washington departments and agencies to prevent cyber breaches include the Cybersecurity Vulnerability Remediation Act, which would allow the Department of Homeland Security’s Cybersecurity Agency to issue protocols to mitigate vulnerabilities, the Federal Risk Authorization and Management Program, which enables the US federal government to access cloud computing services using a risk-based approach, and the 2019 IoT Cybersecurity Improvement Act, which gives the National Institute of Standards and Technology the authority to manage IoT cybersecurity risks for devices acquired by the federal government.

According to a report published in June 2020 under the Federal Information Security Modernization Act of 2014, the number of cybersecurity incidents recorded at US federal agencies in 2019 was down by 8%, at 28,581. However, not all agencies could claim to be successful in their efforts.

This is an edited extract from the Cybersecurity in Power – Thematic Research report produced by GlobalData Thematic Research.