Experts say US must not let EU lead on cybersecurity

Cybersecurity experts argued on Tuesday that the U.S. is falling behind the European Union when it comes to being a leader in the realm of cyber security.

Experts called the bloc’s General Data Protection Regulation, a law governing data privacy and security rules, the global standard. The law, adopted in 2018, renewed how businesses handle personal data in Europe, with large fines for companies that fail to comply.

Panelists at a virtual Council on Foreign Relations event echoed recommendations made in a new cybersecurity report by the foreign policy think tank. 

The experts, including former Rep. Will Hurd (R-Texas), said the U.S. needs to build cyber coalitions with allied nations, create a digital trade agreement and create an international cybercrime center, among other policy suggestions.

At the event, moderated by New York Times technology reporter Cecilia King, experts detailed a multitude of cyber threats, including ransomware, sewing social discord on social media, interfering in elections and vital infrastructure attacks. 

The new reality of cyberspace, they argued, proliferates threats against individuals and nations and policymakers need to address these issues to bolster national defense. 

Hurd said Americans are becoming increasingly aware of the dangers. 

He pointed to a 2021 incident in Florida, where a hacker gained access to a water treatment facility and adjusted the amount of sodium hydroxide to dangerous levels but was thwarted by an employee.

“The hack of the water treatment plants in south Florida. Someone tried to poison the water,” Hurd said. “That made it real to people.”

The current prospects for congressional action, though, seem bleak, with King noting there has been little to no movement on legislation. Panelists said the issue is clearly not a policy priority in the U.S. at the moment.

Hurd said the House and Senate need to “step up” and legislate in the space where the European Union has been leading. 

Experts said the U.S. has failed to adapt to a cyberspace that is fragmented, with countries like China and Iran harnessing their own version of the internet. They said the reality is a far cry from the open and free vision for the internet that U.S. policymakers hoped for, with change in the space coming fast and furious over the past two decades.

While efforts from lawmakers have been dormant, it has left private companies to adopt their own rules for handling data. 

Niloofar Razi Howe, a senior operating partner at the global investment platform Energy Impact Partners, said government leadership is needed to steer privacy and security norms.

“Cyber is no longer a domain where the private sector sits on one side and the government sides on the other,” Howe said. “There is a role that only the government can play when it comes to policy. The private sector has to have a seat at the table.”

Hurd left lawmakers with a warning, saying that should Congress act now, the “best case scenario is we’re tied with the Chinese.”