I was honored this week to be asked to serve as a discussion leader at the World Economic Forum’s Global Future Councils and the Cybersecurity Conference in Dubai UAE.
The three-day event was the first time the Forum has merged cybersecurity into the overall work of the Future Councils and represents the recognition of the need to integrate cybersecurity into the overarching issues of our time and not treat it as an isolated operational. “IT” issue.
As Forum President Borge Brende noted in his opening keynote address “technology needs to be understood not as a tool we use but as a system that we live in.”
In a separate keynote, Adar Al SAid, Chairman of the Board at the Regional Cybersecurity Center in Oman, illustrated the global maturity of cyber understanding by emphasizing the need to approach cybersecurity from an economics perspective, it is the misplaced incentive structure rewarding cyber criminals that is the root cause of the massive cybercrime we see — not simply technical vulnerabilities.
The section I led focused on a unique need to reconsider cyber issues from an economics perspective. A highlighted element of the session focused on the need for government regulators to create a unified and metrics driven framework of governance for cybersecurity. Such a framework is needed to replace the massive, and wasteful, duplications existing in cyber regulatory regimes across nation strategy. As was the case at the Forum’s Paris cyber conference earlier this year creating a cost-benefit basis for government mandates was promoted to alter the focus of cyber regulation from “compliance” to effectiveness.
The day’s final session featured a surprising challenge by attendees to speakers from governments and the vendor community who provided what some saw as an all too rosy view of the state of cybersecurity citing new government mandates and various available security products. Questions highlighted the lack of progress being made on cybersecurity over the past few decades leading to a reality of hundreds of millions of cyber-attacks a day, the losses of trillions of dollars in value and the scary predicament of adversarial entities taking ownership of critical infrastructure. This question highlighted the fact that despite decades of awareness programs and government mandates the world cybersecurity posture has only grown — and continues to grow much worse.
Reframing cybersecurity in economic terms such as providing tax credits for smaller players in the supply chain, economic incentives to aid critical infrastructure owners to withstand nation-state attacks and greater investment in government law enforcement efforts would be among the elements of the rethought approach to cybersecurity.
