Framework outlines 48 key elements every government should consider when creating or assessing their national cybersecurity policy

WASHINGTON – April 25, 2018 – Today, BSA | The Software Alliance released an International Cybersecurity Policy Framework to serve as a tool both for policymakers considering foundational cybersecurity legislation and for those examining gaps and shortfalls in existing policies.

Governments around the world face an increasingly complex and diverse array of cybersecurity threats every year, from power outages and compromised financial transactions to interferences in national elections. Their ability to effectively confront threats depends on smart, agile policies that support a balanced, comprehensive strategy on cybersecurity. Yet, because cybersecurity threats are evolving so quickly, governments are often playing catch-up, with little guidance on best practices or model policies.

Consequently, many countries are taking different approaches to cybersecurity, relying on data localization requirements, country-specific standards, and domestic preferences that undermine international cooperation. The risks of these inadequate policies are increasingly catastrophic as cybersecurity threats become more sophisticated and more dangerous. Laws that promote a global approach to strong cyber defenses are essential to effectively combat cyberthreats.

“Thoughtful, robust cybersecurity policies are critical to the stability of the Internet and the vibrancy of the global economy,” said Victoria Espinel, President and CEO of BSA | The Software Alliance. “We hope policymakers will use this framework as a resource to craft policies that will help prevent, mitigate, and respond to cyberattacks.”

BSA recommends that policymakers around the world adopt cybersecurity policies that are:

1. Aligned with internationally recognized technical standards;
2. Risk-based, outcome-focused, and technology-neutral;
3. Market-driven where possible;
4. Flexible and adaptable to encourage innovation;
5. Rooted in public-private collaboration; and
6. Oriented to protect privacy.

Based on these principles, BSA’s framework outlines 48 elements that every national cybersecurity policy should consider regarding government strategy, the private sector, citizens, criminal codes, and international cooperation.

To explore all 48 key policy elements, visit www.bsa.org/cybersecframework.

To learn more about BSA’s cybersecurity efforts, visit www.bsa.org/bsacybersecurity.