Cybersecurity, Privacy and Data Protection. Jay Taylor Director Global Standards, Code and Environment

Transcription

1 Cybersecurity, Privacy and Data Protection Jay Taylor Director Global Standards, Code and Environment

2 Executive Summary ICT Enables Personal Productivity Telecom/ICT Is A Policy Focus for Governments Allows Governments to do More With Less Facilitates Resource Efficiency In The Economy Recent Global Regulations and Legislation Practices are Evolving and May Become Disruptive to Business Practices and Supply Chain 2

3 Affecting Data Across Business Segments Cybersecurity Privacy Data Security Cloud Computing Smart Cities (Grid) Healthcare (EMR) Smart Transport Energy Industry Big Data Internet of Things Data Center/ICT Market Place 3

4 Affecting Data Across Business Segments Cybersecurity Privacy Data Security Supply Chain Cloud Computing Smart Cities (Grid) Healthcare (EMR) Smart Transport Energy Industry Big Data Internet of Things Data Center/ICT Marketplace 4

5 Localization Barriers to Trade Defined as: Local content requirements, i.e., requirements to purchase domesticallymanufactured goods or domestically-supplied services Subsidies or other preferences that are only received if producers use local goods, locally- owned service providers, or domestically-owned or developed IP, or IP that is first registered in that country; Requirements to provide services using local facilities or infrastructure; Measures to force the transfer of technology, IP or Licensing Requirements to comply with country- or region-specific or design-based standards that create unnecessary obstacles to trade Unjustified requirements to conduct or carry out duplicative conformity assessment procedures in-country. Requirements to restrict supply chain to exclude countries Requirements to restrict information flow outside of a country or group of countries 5

6 Policy Venn Security National Infrastructure Protection Plans Critical Infrastructure at Greatest Risk Cybersecurity Equipment Restrictions And Testing Requirements Privacy, Data Protection Incident, Individual Control of Vulnerability Personal Information Reporting Cloud Cloud Privacy Privacy Unified Requirements Supply Chain Across Boundaries Restrictions Cross Border, Data Transport, Location Restrictions Required Local IP, Encryption Licensing Import Licensing Restrictions Forced Localization Local Content Local Content Purchasing Requirements Ban of Foreign Products 6

7 Treat Vector Action Plan Identify Identify New Regulatory Efforts Early, Work with Industry Groups to Mitigate, Identify to BU Address Upon Implementation, Identify Criterion, Enroll BU Resources For Corrective Action, Use SPoT to Schedule/Track Through Next Generation Assessment Evaluate Language, Review Interpretations, Engage Outside Council: Inform BU 7

8 Business Impacts Formalized Vulnerability/Incident Reporting to Competent Authorities Drive Common Format, Content, and Common Timing Law Enforcement Accommodation Supply Chain Sourcing Restrictions Restrictions Based On Locations (Business Types) Business and Certification Costs, Supply Chain Complexity Regional/National Critical Infrastructure & Architecture Requirements Changes to Reference Architectures, Related Product Platforms Restrictions on End Use Customer Data Movement and Housing Potentially Limits Remote Infrastructure Management Follow the Sun Personally Identifiable Information; Warranty Registration, Customer Relationship Management 8

9 Going Forward Globally Anticipate More, Creative Localization Regulations Listed as: Cybersecurity, Privacy, and Data Protection More National Security Exceptions for: IT/Telecom Government Equipment Purchases Expanding to National Critical Infrastructure Energy, Utility Grid Telecom/Internet May Lead to Supply Chain Restrictions Types Of Companies Components Manufacturers 9