Cybersecurity policies to undergo significant changes in 2021, says tech lawyer
"I expect this year to bring new strategies, regulations, and partnerships in the U.S., including with the private sector to bolster cybersecurity," noted Vered Zlaikha, a partner and the head of Cyber Affairs & Artificial Intelligence practice at Lipa Meir Law firm
Following a clear rise in cybersecurity threats last year, 2021 is set to be a year of change in cyber policy and regulations, and is also expected to continue to reshape the relationship between states and tech giants, said Vered Zlaikha, a partner and the head of Cyber Affairs & Artificial Intelligence practice at Lipa Meir Law firm.
Zlaikha, who previously served as the Legal Advisor for Technology and Cybersecurity Affairs at the Israel Defence Forces (2013-2017) and as the Head of International Cyber Policy and Initiatives at the Israel National Cyber Directorate (2017-2019), believes the dynamic atmosphere characterizing the cyber sector at the start of 2021 will ensure some interesting developments in the coming year.
"From a global perspective, it seems that 2021 is starting with a dynamic cyber atmosphere and this goes hand in hand with some expected changes in cyber policy and regulations in the U.S. and the EU. The transition to a new administration in the U.S. has been happening at a challenging time for cybersecurity. It was no coincidence that one of the last executive orders by the Trump administration dealt with cybersecurity, probably on the back of the SolarWinds hack. President Joe Biden has stated that his administration will make cybersecurity a top priority at every level of government and also referred to specific steps that will be taken, including strengthening partnerships with the private sector. As reported, Biden has also mentioned lately an 'urgent initiative' to improve resilience in cyberspace.
Vered Zlaikha, a partner and the head of Cyber Affairs & Artificial Intelligence practice at Lipa Meir Law firm. Photo: Aya Ben Ezri
"I expect this year to bring new strategies, regulations, and partnerships in the U.S., including with the private sector to bolster cybersecurity," Zlaikha added. "It is also interesting to note that by the end of 2020, the European Commission and the High Representative for Foreign Affairs and Security Policy had presented a new comprehensive cybersecurity strategy in order to bolster Europe's mutual resilience and capacities against cyber threats, as well as further advance the EU’s global position in cyber affairs. It also includes the Commissions’ proposals to revise NIS Directive (EU rules on the security of Network and Information Systems) to increase the level of cyber resilience of major sectors, public and private, such as transport or energy. I think we are in for a very interesting time because as we can see, there are going to be changes and developments in policies and strategies both in the U.S. and the EU."
Prior to joining Lipa Meir, Zlaikha also represented the State of Israel at the UN OEWG (Open-Ended Working Group), on cybersecurity affairs. She was a Vice-chair and bureau member of the Working Party on Security in the Digital Economy at the OECD.
In her roles at the Military Advocate General’s Corps, she worked with high-level decision makers and provided legal advice in fields of international law, administrative law and civil law. She represented legal positions at the Knesset (Israel Parliament) and before ministerial committees, participated in contract negotiations and provided legal advice regarding legal proceedings.
While clearly there has been an increase in cyberattacks during last year, Zlaikha said it may not have been as dramatic as some think. "From my experience in the area, there has been a change, but not such a big change. There were many incidents, and even significant incidents, before last year, but perhaps they escaped the public's attention," she explained. "I think there has also been a change lately in the way this topic is perceived by the public. I think that what we are witnessing is a combination of a more dynamic period, with an objective increase in incidents, which is enhanced by being covered by the media more than ever before."
Zlaikha noted that over the past few months a rise in incidents in several specific sectors have been reported globally, for example, the health sector. One known example occurred last September in Germany when local police launched a negligent homicide investigation after a woman died following her transfer from a hospital that suffered a ransomware attack to another hospital.
With hackers disabling computer systems at Düsseldorf University Hospital, the patient had to be transferred to another hospital and eventually died. “Regardless of the outcome of the investigation, this case may have raised the public awareness to the perils of cyberattacks, that are beyond concerns such as privacy, property or profits."
Zlaikha noted that new advisories coming out of the U.S. Department of the Treasury last October, as well as a Ransomware Annex to a G7 statement, seem to be indicating that ransomware is perhaps beginning to be perceived also as a national security threat.
From a broader point of view of the digital sphere, she also believes that 2021 will see countries continue to grapple with the growing power of tech giants of the likes of Google, Amazon, Facebook, Apple and Microsoft.
"I think that we are in the midst of a period in which the balances between countries and tech giants are being reassessed, as apparent in different respects. We see some states consider regulation as a response to the growing power of the tech giants," said Zlaikha. "In this broader context, just in recent weeks, for example, it was reported that Google may react to an expected regulation on news media payments in Australia, and withdraw its search engine services in Australia; consequently, as reported, Microsoft and the Australian government have held discussions, in regards to the use of Microsoft’s search engine; from what it has been reported since, it seems that this has become a hybrid situation of governance and commercial considerations, where each tech giant takes its place in the game in relation to the governments’ position, as well as the other company’s commercial standing. It was also reported last month, that the EU lawmakers have invited the chief executives of some leading tech giants to Brussels while considering EU digital regulation. So I expect we're going to see more of these kinds of developments in States - tech giants relations in 2021, reflecting delicate balances and choices between confrontation and cooperation."