Chair of the judging panel, Derek Wilding, writes: ‘The topic of this year’s future leaders essay competition, ‘Cybersecurity on the Edge?’, prompted diverse and high quality entries on how to design policy and regulation that promote effective cybersecurity and protect consumers’ privacy. Our overall winner, Nicole Darabian from Ofcom in the UK, impressed the judges with her polished and insightful analysis. This year, in view of the strong field of essays, we decided to recognise a further three entries as Highly Commended: Amjad Iqbal from the CRTC in Canada, Joel Christoph from the European University Institute in Italy and Existential Risk Alliance in the UK, and Alejandro Ferat from BBVA Financial Group in Mexico. Congratulations to Nicole and our other top 10 finalists, and thanks to all of the entrants who took the time to send us their thoughts on a topic that is sure to occupy IIC members in 2024 and beyond.’
Winner – Nicole Darabian, senior associate, policy, Ofcom, UK
As often encountered in life, we are faced with a trade-off: on the one hand the opportunities afforded from communications networks, services and end-user devices are seemingly endless, but on the other hand, our reliance on them has proven to be an attractive target for cyber criminals to cause disruption. The risk becomes greater when the technology falls short on cybersecurity. This essay recognises there are no silver bullets preventing all cyber attacks and data breaches, but looks at the various means to minimise the risks of exposure to them. I argue that governments are taking proactive steps in establishing what good cybersecurity practices should look like and industry has more incentives than ever to ensure cybersecurity is not neglected. However, security is only as strong as the weakest link, so fostering a shared sense of responsibility to act on cybersecurity, both at the individual and organisational level, are paramount. Read Nicole’s essay in InterMedia.
Highly commended – Joel Christoph, incoming director of effective thesis and economics PhD researcher at the European University Institute, Italy
This essay explores the complex landscape of ‘Cybersecurity on the Edge,’ examining the challenges and possibilities in an interconnected world dominated by the internet of things and edge computing. The paper dissects the security implications of edge computing, investigating whether ‘security by design’ can effectively mitigate threats. It discusses the role of agile policy-making in keeping up with rapid technological evolution and underlines the need for international cooperation. It further scrutinizes the intricate relationship between cybersecurity and privacy, positing privacy as a shared responsibility across individuals, organizations, and governments. It ultimately presents a comprehensive analysis of the current state of cybersecurity, evaluating technological, policy-based, and privacy-related considerations, and emphasizes the need for a harmonious coexistence of technological innovation, robust cybersecurity, and user privacy. Read Joel’s essay.
Highly commended – Alejandro Ferat, cybersecurity architecture specialist, BBVA Financial Group, Mexico
The widespread use of technologies, as well as their economic incentives, has caused the process of technological innovation to accelerate at dizzying rates, giving rise to the emergence of the Pacing Problem in cybersecurity: the gap between the speed at which new digital technologies appear and the creation of laws and policies that regulate their operation and ensure the security of users’ information. Therefore, this essay presents a series of public policy proposals that combine traditional laws and soft governance instruments to guarantee the mandatory implementation of security controls while allowing the necessary ﬂexibility to update them as technologies evolve. This approach provides a legal framework that guarantees privacy rights for users of online technologies and requires secure digital operating environments for companies while assisting them by guiding their efforts to address the complex challenge posed by cyber threats. Read Alejandro’s essay.
Highly commended – Amjad Iqbal, consumer research and communications, CRTC, Canada
In IT sector, the common approach to achieve cybersecurity is improving the design of cyber networks by embedding security features in software design, adding cascaded layers of encryptions, and installing firewalls. In the face of evolving technology, these layers do not guarantee cybersecurity from all kinds of cyber threats. Incidents of data breaches for individuals, small businesses, municipalities, and organizations are continuously rising. Achieving cybersecurity only by design is not a sufficient solution in the face of changing dynamics of cyberspace due to the imminent AI revolution and advanced computing algorithms. In contrast, the applicable regulations hold a plenty of room for revisions to control the origins of cyber threats. The regulations can improve cybersecurity by regulating evolving technology, revising cybersecurity engineering standards, restraining users’ data collection, sharing, and selling. This essay appreciates the limitations of the secure-by-design approach and recognises the need for tailored regulations and standards to mitigate cybersecurity challenges. Read Amjad’s essay.
Rodman Deleveaux – regulatory officer, Utilities Regulation & Competition Authority, Bahamas
This paper provides a brief overview of the cybersecurity threats and risks posed to critical infrastructure and essential services by the increasing digitisation of the world. Additionally, this paper advocates for the widespread adoption of cybersecurity policies, laws, and regulations in the Caribbean to safeguard against devastating disruptions to critical infrastructure and essential services. To effectively safeguard the burgeoning digital economy, Caribbean policymakers and regulators must educate themselves on the positive and negative implications of technologies such as the internet of things and edge computing. Lastly, this paper proposes multi-stakeholder collaboration amongst Caribbean stakeholders to combat cybercrime and highlights action points for each stakeholder in this regard. Read Rodman’s essay.
Jana Schmitz – policy advisor, auDa, Australia
Internet-connected ‘always on’ systems and devices present one of the greatest privacy and cyber security challenge to nations, their governments, economies, and societies. The fast-paced development of new digital technologies and the growing number of smart IoT devices amplify this challenge.
The success or failure to address cybersecurity and privacy challenges in this context will have implications for our trust in the internet. Therefore, it is vital for policymakers to address those challenges effectively and in a timely manner. Based on our secondary research and analysis of literature and governments’ policy initiatives, we identify and recommend tools that could lead to effective cyber threat mitigation.
We conclude that not one single actor or solution is able to combat cybersecurity threats and privacy risks. Instead, a holistic whole-of-nation approach must be adopted that involves all stakeholders and focuses on building cyber resilience across all sectors, industries, and societal groups. Read Jana’s essay.
Isabel María Álvaro Alonso, digital public policy, Telefónica, Spain
As the world progresses towards a digital transformation, it encounters new vulnerabilities that are susceptible to cybercrime. Cyber attacks pose significant threats to governments, companies, and society as a whole, involving malicious activities such as unauthorized access to sensitive or strategic data, disruption of digital services, or compromising the integrity of devices. However, what sets IoT cyber attacks apart is their capacity to inflict harm in the physical world, potentially endangering human lives. The internet of things is bridging the gap between the physical and digital worlds. Through edge devices, individuals are able to monitor and control their physical environment, giving everyday objects a new dimension. To adequately promote its opportunities and mitigate risks, it is crucial to promote new market dynamics that incentivise investment and research, introduce security incentives, raise users’ awareness and education, and reinforce international cooperation and standards. Read Isabel’s essay.
Dana Cramer, Toronto Metropolitan University, Canada
Emerging and evolving technologies put pressure on governmental regulators to safeguard cybersecurity. Where cybersecurity breaches involve the theft and/or release of personal data for potentially nefarious purposes, privacy policies offer a means of mitigating the amount of data collected and held that could be at risk in a breach. Policymakers have various regulatory options at their disposal such as privacy regulations, international and national alliances and forums, and cybersecurity by design and by default guidelines. This paper draws on primary and secondary documents and articles and uses a systems mapping approach to identify the complexity of cybersecurity and data security to ensure a robust security environment amongst countries. Read Dana’s essay.
Bree Hussaini, graduate, ACMA, Australia
In today’s rapidly changing digital world, ensuring robust cybersecurity and protecting privacy are of utmost importance. This essay explores the role of policy development in achieving these objectives, with a particular focus on the concept of ‘security by design’. It highlights the need to integrate security and privacy considerations right from the start of technology development. Agile policy responses, international cooperation, and shared responsibilities among governments, developers, organisations, and individuals are identified as vital elements for mitigating breaches, safeguarding privacy, and maintaining a secure digital environment. Read Bree’s essay.
Johnathan Charles, analyst, Plum Consulting, UK
Online technologies represent the best of human ingenuity and interconnectedness. The capabilities of the information technologies have expanded since the 70’s into the early 2000’s and now the 2020’s. In each iteration of information technologies, we have encountered enormous possibilities as well as a range of challenges. The nature of device-to-device communication over networks as an evolution means that vulnerabilities in traditional IT systems are augmented. With IoT, where devices are connected to devices and not just users, the risk of unauthorized access to private data, manipulation of data, and consequent harm presents difficulties similar to those of the past but also new challenges. Read Johnathan’s essay.
Lara Connaughton, strategy and economics analyst, international unit, ComReg, Ireland
This paper focuses on ‘cybersecurity on the edge’ in the EU and the electronic communications sector, arguing that policy needs to drive (i) cross-functional teams at both public and private organisations, and (ii) support for small and medium enterprises (SMEs) to understand the relevant legislative and regulatory frameworks. As digital security continues to climb higher on agendas for policymakers, firms and regulators, the language of cybersecurity fundamentals is now too important to be only understood by tech experts. Approximately only one fifth of SMEs in Ireland are aware of the necessary cybersecurity measures required to protect their data and digital assets. With the designation in the EU of ‘gatekeepers’ (under the DMA) and ‘very large online platforms’ (under the DSA), it is worth noting that cybersecurity capability may also impact competition dynamics in terms of new start-ups being able to enter and compete in digital markets. Read Lara’s essay.