Thailand’s National Legislative Assembly (NLA) passed recently its cybersecurity bill that gives authorities the right to bypass court orders in "critical" situations, just like Singapore a year earlier. In fact, many jurisdictions in the region started to develop their own cybersecurity legislation to impose requirements on certain businesses to implement protections against cybersecurity risks into their computer systems.
In general, a spotlight is being put on Cyber Security Standards over the past few years, and Karen Scarfone, Dan Benigni and Tim Grance from the National Institute of Standards and Technology (NIST) published a comprehensive article regarding that. The writers highlight that a cyber security standard defines both functional and assurance requirements within a product, system, process, or technology environment, and if well-developed enables consistency among product developers and serves as a reliable metric for purchasing security products.
They state that cyber security standards cover a broad range of granularity, from the mathematical definition of a cryptographic algorithm to the specification of security features in a web browser, and emphasize that such standards must address user needs, but also be practical. In other words, cost and technological limitations must be considered in building products to meet the standard.
“Security technology has not kept pace with the rapid development of IT, leaving systems, data, and users vulnerable to both conventional and innovative security threats. Politically motivated adversaries, financially motivated criminals, mischievous attackers, and malicious or careless authorized users are among the threats to systems and technology that have the potential to jeopardize cyber security”, they explain. “While it is impossible to eliminate all threats, improvements in cyber security can help manage security risks by making it harder for attacks to succeed and by reducing the effect of attacks that do occur”, they conclude.
Furthermore, cyber security standards facilitate sharing of knowledge and best practices by helping to ensure common understanding of concepts, terms, and definitions, which prevents errors, besides other benefits: e.g. cost savings that result from the development, manufacture, sales, and delivery of standards-based, interoperable products and services.
Usually, international, regional, national, industry, and government groups are involved in the development of cyber security standards. Then there are as well consortia, industry alliances, and associations that promote standards development. Not to mention that there are many other cyber security standards developers who want to make sure that developments are in their favor or at least compatible with their critical interests.
Of course, talking about cyber security, means first of all firewalls, anti-virus software, intrusion detection and prevention systems, encryption, and login passwords. However, improving cybersecurity through regulation and collaborative efforts comes a close second. The US and Europe lead here by example, but Asian countries started to raise the bar as well.