In previous issues, we have discussed the relative paucity of cybersecurity laws in the United States. Despite the relative lack of legislation in the United States, 2024 saw tremendous changes to cybersecurity rules across the globe. Here are some of those changes:
The E.U.’s NIS2 – With a 21-month implementation period, this direction was designed to strengthen cybersecurity resilience for healthcare networks and transportation services while unifying regulations across the European Union. Additionally, this directive is set to enhance cooperation amongst national authorities while also forcing organizations to report cyber breaches within 24 hours (which is six days sooner than most U.S. federal regulations demand).
The U.S. National Cybersecurity Strategy – Although this strategy is not technically a federal law, it does help bolster weak areas in the United States’ cybersecurity approach. There has been notable progress on a variety of objectives such as helping critical infrastructure owners better prepare for cyberattacks and ensuring that the U.S. is at the forefront of developing cybersecurity standards. Additionally, this strategy is working to reduce the burden on individuals and communities and direct responsibility back to those organizations best prepared to manage cyber risks. It is a necessary step toward a comprehensive cybersecurity plan.
Singapore’s Operational Technology Cybersecurity Masterplan – The goal of this legislation is to increase cybersecurity support surrounding operational technology (e.g., traffic lights, fuel station pumps, etc.). These pieces of technology are rarely considered when it comes to cyberattacks, but they are essential for a functioning nation. More than 60 organizations contributed to the plan, which reflects a collective cybersecurity buy-in across Singapore.The E.U.’s Cyber Resilience Act – Finally, this last piece of legislation covers the other side of technology—smaller products and software with digital components (e.g., baby monitors and smart watches). For these pieces of technologies to be properly protected, the cybersecurity protocols surrounding them must be maintained across their entire lifecycle. This means that consumers are protected throughout every step of the production and usage process.
