NetworkTigers examines world cybersecurity and the variations in laws and advice in the USA, UAE, Germany, and China.
Cybersecurity affects the entire globe. A ransomware gang based in Indonesia can easily attack a US-based company, just as a US hacker might leak classified documents in Belarus. Cybercrime has no borders, which makes enforcing digital attacks a vital matter of international cooperation.
International cooperation on cybercrime
The global cost of cybercrime is estimated to hit $6 trillion annually, up from just $3 trillion in 2015. According to the United Nations Conference on Trade and Development, 80% of countries have some form of cybercrime legislation. European countries have the highest rate of anti-cybercrime legislation, with 90% of countries in Europe outlawing different kinds of hacks, phishing attempts, ransomware demands, and identity theft. The African continent has the lowest rates of anti-cybercrime legislation, but 72% of countries have adopted cyberspace laws.
The US and cybersecurity laws
The United States is one of the world’s largest economies and has some of the oldest cybersecurity laws. While cybersecurity is a growing focus in American state and federal law, according to the FBI, only 1 in 3,000 cyber crimes leads to an arrest in the United States.
The United States has certain privacy protections that can make governing cyberspace more difficult. While companies can freely collect consumer data for marketing and commercial purposes, government intervention and data access are often hampered by privacy statutes. That being said, these kinds of laws can also protect consumer data and criminalize identity theft efforts. Some of the most powerful American cybersecurity laws on the books include:
- Cybersecurity and Infrastructure Security Agency Act of 2018
- Health Insurance Portability and Accountability Act (HIPAA) Security Rule
- Gramm-Leach-Bliley Act safeguarding financial data
- Federal Trade Commission Act preventing unfair or deceptive business practices
The United States is part of several international accords revolving around catching cybercriminals, protecting the flow of information, and blocking payments to ransomware gangs. The Biden Administration has also launched the Civil Cyber Fraud Initiative, which makes it illegal for government contractors to fail to report data breaches and imposes financial penalties on companies that receive government funding and lack adequate cybersecurity protocols.
Germany and cybersecurity laws
Germany’s Office for Information Security (BSI) handles the country’s cybersecurity protocols and briefings, and predicts that cyberthreats are a growing risk to the German economy. From 2022 to 2023, 332,000 new malware variants per day were observed in Germany, according to a recent BSI briefing. Like in the United States, ransomware, identity theft, and advanced persistent threats (APTs) remain among the top priorities that must be brought to heel.
German law has a long history of prioritizing data protection and privacy, and many of the country’s standards have been in place long before they were widely adopted by the European Union. Notably, the General Data Protection Regulation (GDPR) is currently understood to be the world’s most robust privacy and data security protection law. With the passage of the GDPR already in place in Germany, the European Union has signaled that it is now a world leader in data protection. The GDPR imposes stiff financial penalties upon organizations or individuals that jeopardize the privacy of any EU citizen, no matter where the organization is headquartered. Data collection must come from a place of informed consent, and penalties can reach up to tens of millions of Euros.
Other than the GDPR, some important German regulations surrounding cybersecurity include:
- Federal Data Protection Act (Datenschutz-Anpassungs- und -Umsetzungsgesetz EU, the Act)
- Sec. 202a and 303a of the Strafgesetzbuch (German penal code)
The UAE and cybersecurity laws
The United Arab Emirates has become a popular target for hackers and cybercriminals due to its strong oil-based economy and embrace of technological advancements. The UAE has established the UAE Cert (Computer Emergency Response Teams) to address cyberthreats under the authority of the Telecom Regulatory Authority of UAE. The National Electronic Security Authority (NESA) regulates the country’s cyberspace and implements the UAE’s National Cyber Security Strategy 2019. This law governs data protection, privacy, artificial intelligence development, blockchain technologies, and digital signatures. This plan has also set out to train over 40,000 cybersecurity technology professionals in the UAE to respond to ongoing threats.
Other important laws governing cybersecurity in the UAE include:
China and cybersecurity laws
The three pillars of Chinese cyberspace laws are:
- Cybersecurity Law (CSL)
- Data Security Law (DSL)
- Personal Information Protection Law (PIPL)
These three laws allow governmental review of data processing by large network platforms suspected of being national security threats. The Cyberspace Administration of China can review network platform operators under new Draft Measures passed in 2021. Data processing outside of China is also governed under the DSL and PIPL, which apply to Chinese citizens and national interests instead of being restricted by national borders. Additionally, state secrets and more loosely defined “work secrets” are strongly protected in Chinese cyberspace.
Comparing cyberspace regulation across the globe
These four large world economies have very different standards for privacy protection, data collection, and governmental intervention. The United States has some of the world’s oldest cybersecurity statutes, but the European Union has fast surpassed them with more robust protections. Data privacy is second to national security in China, but in the United States and Germany, government intervention is more limited due to privacy protections. The United Arab Emirates has some of the newer cybersecurity laws, but it is working to train more cybersecurity professionals to grapple with emerging threats faster.
Even when cybersecurity laws differ, international cooperation is increasingly important in today’s cyberspace. A unified front is vital to limiting ransomware gangs’ power, regulating environmental threats from developing blockchain technology, addressing the potential of AI, and keeping all citizens safe.
About NetworkTigers
NetworkTigers is the leader in the secondary market for Grade A, seller-refurbished networking equipment. Founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms, NetworkTigers provides consulting and network equipment to global governmental agencies, Fortune 2000, and healthcare companies. www.networktigers.com
