Durbin on Government's Role in CybersecurityISF Director Says More Collaboration, Less Regulation Needed
Cyberattacks have gained regulatory attention worldwide. But the world doesn't need more regulation to address new threats, says Steve Durbin of the Information Security Forum. Instead, government must work more closely with the private sector.
Durbin, managing director of the ISF, says government and the private sector must evaluate how to address cyber threats from an approach that doesn't just focus just on regulatory compliance, but also on the notion of business resilience.
"I'm a fan of government providing broad-based frameworks," Durbin says in this video interview conducted at Information Security Media Group's recent Washington Fraud and Breach Prevention Summit. "I think we do need regulation, of course. We always need legislation in this [cybersecurity] area. But government for me needs to do a better job of working collaboratively with business, with the private sector, to understand some of the implications of what they're doing."
As an example of how government decisions can adversely business, Durbin points to the European Court of Justice's declaration in October 2015 that the European Commission's safe harbor provisions for breach disclosure are invalid.
"Safe harbor was taken away, almost overnight for a lot of businesses," he says. "From a business perspective, it went [away] overnight. That left a gaping hole. We shouldn't have those types of situations."
In this interview, Durbin also discusses:
- Why the NIST framework works as a pragmatic approach;
- Budgetary constraints plaguing cybersecurity investments; and
- Why organizations struggle to find qualified cybersecurity professionals.
At the Information Security Forum, Durbin's main areas of focus include the emerging security threat landscape, cybersecurity, mobile security, the cloud and social media across both the corporate and personal environments. Previously, he was a senior vice president at the consultancy Gartner.