請選擇您需要的產業:  

從美國新版資安架構看發展契機 (2019-09-17 IEK產業情報網 )

With the gradual commercialization of 5G services and the continued maturing of IoT (Internet-of-Things) and artificial intelligence applications such as autonomous driving and distant medicare around the world, the sectors and applications seeking to utilize AIoT and 5G are set to take off. However, this will come with increasing risks to cyber security and privacy leakage.
The European Union implemented the General Data Protection Regulations (GDPR) in May 2018. This is a sweeping set of stringent rules and stipulations for the protection of personal data. The €50 million fine imposed on Google in early 2019 by the French authorities is a case in point. Although authorization from users was obtained, there was insufficient transparency in data utilization and some vagueness in the statement on data use purposes. After this landmark event, governments and businesses have been placing privacy protection as a top priority. Tim Cook, Apple’s CEO, advocates that the U.S. government should learn from Europe in order to improve the privacy protection system in the U.S.
The National Institute of Standards and Technology (NIST) strives to promote innovation and enhance industry competitiveness in the U.S. with an emphasis on national standards and industry frameworks on key technology issues. This serves as a basis for the government’s policymaking and the template for R&D efforts in the industries.
In March 2019, the NIST released the new version of the Cyber Security Framework (CSF) by incorporating privacy security into the previous ICT security structure and listing in detail the technical classifications and items concerning privacy security. The purpose is to assist government agencies and corporates to better identify, assess and manage privacy risks and shed light on the R&D directions for cybersecurity companies to take in coming up with solutions for privacy security.
It is worth noting that the NIST believes the key to security risk management is authorization. It is about the benchmarking of cybersecurity or privacy security. Take smart grids for example, even though users have authorized the use of their data for the installation of smart meters and consumption behavior analysis, they still feel they are being “watched”. This is a privacy risk. In contrast, the unauthorized access by hackers to personal data of users via the grids is a cybersecurity risk.
Meanwhile, the new CSF is an extension of the previous version. In addition to the original five functions, i.e. identification, protection, detection, response and recovery for cybersecurity, the new framework adds two more functions, i.e. control and informing as core technologies in privacy security. These two functions are applicable to the loss of authorized data, and are specific to privacy security. This extends into the technical directions defined by the NIST regarding data management, workflow transparency, data processing and abnormality warnings. In comparison with the GDPR’s guidelines, requirements and huge fines, the NIST’s approach crystalizes the abstract concept of privacy security and sets clear directions for the technologies of privacy protection. It is expected that the stricter laws and rules governing privacy protection in Europe and the U.S. will scrutinize the management of user data privacy by networking equipment suppliers and connectivity service providers as never before. This is also pertaining to the future direction of privacy protection technology. As a result, the U.S. cybersecurity companies will accelerate their activities in the privacy security market.
For companies in Taiwan, there are a few highlights in the new CSF released by the NIST worthy of attention. First, it contrasts with the Data Loss Protection (DLP) solutions anchored on cybersecurity, as the latter fails to address the management issues in relation to the processing of data internally authorized in the corporate world and thus cannot meet with the requirement for privacy protection at all. Second, cybersecurity companies in Taiwan should explore how to properly implement control and informing functions. This requires development and investment in technical issues such as activity monitoring, data comparison, authorization management and workflow automation.
Meanwhile, cybersecurity companies in Taiwan should acknowledge the differences between data protection and privacy protection. The development of privacy protection solutions should go beyond the protection of data security and the prevention of data leakage. Rather, it is necessary to take a step further by ensuing the compliance with laws and regulations concerning the authorization, procedures and applications of corporate data. It should be possible to red-flag or report any unusual activities or rule breaches in the process of data utilization. The government in Taiwan may also promote the new CSF released by NIST to different parties as a template in the review of existing privacy protection measures. Taiwanese cybersecurity firms are encouraged to develop privacy protection products in order to capture emerging market opportunities.
本文原刊載於IEK產業情報網,著作權為工研院產科國際所所有。
加密貨幣
比特幣BTC 8021.22 32.66 0.41%
以太幣ETH 173.72 0.81 0.47%
瑞波幣XRP 0.290920 -0.00 -0.72%
比特幣現金BCH 218.73 4.75 2.22%
萊特幣LTC 54.02 -0.01 -0.02%
卡達幣ADA 0.039086 -0.00 -0.35%
波場幣TRX 0.015451 -0.00 -0.48%
恆星幣XLM 0.063495 0.00 0.64%
投資訊息
相關網站
股市服務區
行動版 電腦版
系統合作: 精誠資訊股份有限公司
資訊提供: 精誠資訊股份有限公司
資料來源: 台灣證券交易所, 櫃買中心, 台灣期貨交易所
依證券主管機關規定,使用本網站股票、期貨等金融報價資訊之會員,務請詳細閱讀「資訊用戶權益暨使用同意聲明書」並建議會員使用本網站資訊, 在金融和投資等方面,能具有足夠知識及經驗以判斷投資的價值與風險,同時會員也同意本網站所提供之金融資訊, 係供參考,不能做為投資交易之依據;若引以進行交易時,仍應透過一般合法交易管道,並自行判斷市場價格與風險。
請遵守台灣證券交易所『交易資訊使用管理辦法』等交易資訊管理相關規定本資料僅供參考,所有資料以台灣證券交易所、櫃買中心公告為準。 因網路傳輸問題造成之資料更新延誤,精誠資訊不負交易損失責任。