In recent years, governments have had the opportunity and time to learn how to manage major crisis situations, such as the one caused by the pandemic, and the related consequences. They have certainly learned not to rely on decisions based on last minute changes in the scenario and today they are able to look more consciously to the future, imagining what the next “shocks” might be, to anticipate them and be ready to face them.
And in the current scenario it is increasingly probable that events with impactful and negative consequences, the “shocks”, will occur more and more often. They can manifest more or less quickly, regionally or globally, varying in scope and nature, but certainly requiring proactive strategies thought out now.
In this context of continuous change, the IBM Institute for Business Value and the IBM Center for The Business of Government, in collaboration with the National Academy of Public Administration and the Center for American Studies, have prepared a report to support governments in winning the cyber resilience challenge.
Leadership and investments
To be ready, it will be necessary to prioritize leadership and investments, as well as define and orchestrate strategies, with fundamental skills to be better prepared for the challenges that may arise in the future in the most diverse fields. Starting with cybersecurity.
Cybersecurity 360Summit: new strategies, new threats and new defenses!
Every year, the volume of cyberattacks and their impact reach ever-increasing levels. In the second half of 2022, the number of cyberattacks targeting governments increased by 95% globally, compared to the same period in 2021. High-profile attacks, such as that of Solar Winds, have shown how closely cybersecurity is linked to business continuity and operational resilience.
The role of governments
Governments have a key role in fostering collaboration among key stakeholders to identify cyber risks, build responsiveness, and remain resilient in the face of these risks. Institutions today also have an important leadership role to drive change towards a more resilient future in the context of the objectives of their government programs.
Five key actions for cyber resilience
The study highlights 5 key actions globally to develop and implement cyber security strategies that promote resilience through a public-private partnership. The main ones are:
- Increase specialized cyber security talent
To address the growing gap between demand and supply of cyber security professionals, roundtable participants ranked the importance of increasing cyber security talent high on their priority list. As pointed out by several participants, the IT skills shortage affects a wide range of disciplines, including software analysis, design and development, threat intelligence, penetration testing, auditing and consulting, digital forensics and cryptography.
- Improve collaboration to respond to attacks faster
Despite recent progress in improving public-private coordination, increased cooperation between cybercriminals continues to be a constant threat. In fact, cyber attackers linked to hostile governments and criminal associations are developing infrastructures and services to be used for fraudulent purposes. In addition, they are also rapidly adopting new technologies to penetrate networks and thwart threat containment efforts, which often depend on coordination between entities with differing standards, goals, and priorities.
Coordination and collaboration are key themes of the National Cybersecurity Strategy document released by the White House in March 2023. This strategy emphasizes partnerships between civil society and industry and promotes collaboration with allies to strengthen norms of behavior responsible for States, to make countries guilty of irresponsible behavior responsible and to destroy the criminal networks behind cyber attacks.
- Align cybersecurity priorities between the public and private sectors
Attendees highlighted numerous ideas for industry-government cooperation to improve cybersecurity at scale, identifying common challenges and sharing best practices. In this sense, the recruitment of cyber professionals from different backgrounds should be promoted. It is also important to focus more on innovation in security, seeing it as a competitive advantage, and to support zero-trust approaches, based on the assumption that cybersecurity is always at risk from threats, internal and external. Furthermore, it is important to invest in awareness of IT issues within institutions and public administration. It is therefore necessary to improve the standards, metrics and data relating to cyber security to strengthen the understanding of threats and promote public and private investments aimed at countering and containing them.
- Study ways to support democratic institutions against cyber attackers
Cyber attacks are designed to influence citizen support and engagement in electoral, legislative or regulatory processes, seeking to manipulate public opinion or undermine norms of democratic behavior. While the primary goal of these campaigns, overt or covert, is to sow social confusion in the short term, participants recognized that, in the long run, these efforts could be successful in permanently influencing public opinion. Due to the complexities represented by these cyber challenges especially compared to the most representative forms of government, the participants did not unequivocally agree on the most effective ways to defend against this growing threat and asked for further research on measures capable of countering cyber threats to the democracy.
- Train leaders resilient to cyber risks, able to face the future
The global reliance on open technology is all that drives communities forward, especially social connectivity, communications and collaboration. These factors are crucial for national and international well-being, and at the same time, its dependence on technologies makes it a prime target for cybercriminals. Current security measures work to some extent, but in too many cases they are insufficient.
Article originally published on Apr 21, 2023
@ALL RIGHTS RESERVED