All Research
Advisory Note

Why don't you like this?

I like this
I don't like this

Federal Regulations on Cybersecurity

Phillip Messerschmidt
Federal Regulations on cybersecurity are regularly published at the national level. However, these national regulations also impact federal regulations in other countries. Therefore, looking at other countries' regulations can help you proactively prepare for upcoming regulations in your own. This document compares Executive Order 14028, the Network and Information Security (NIS) Directive, and IT Security Act (IT-SIG) 2.0 to demonstrate the relationship between these national regulations and future developments in cybersecurity.

1 Introduction / Executive Summary

Due to increasing digitization and the associated rise in the number of cyber-attacks, companies must protect themselves, their customers and their assets at the technical level. Federal regulations help to pass on experience by defining area-wide standards. The minimum required defenses set by the standards provide a basic level of protection for all stakeholders and businesses. Even though cyberattacks occur as global events, most countries prefer to have their own standards.

In the United States, Executive Order 14028 was issued in 2021 to modernize cybersecurity defenses, improve information sharing between the U.S. government and the private sector, and strengthen incident response capabilities. Experts believe this Executive Order will become a new security standard for non-regulated companies as well.

In the European Union, the Network and Information Security (NIS) Directive, published in summer 2016, provides a framework for cybersecurity development at the national level. It supports the Member States, by encouraging each of them to adopt a national strategy and by improving EU-wide cooperation as well as national and global reporting. Therefore, it creates a framework for cooperation and leaves enough room for national specifications.

In Germany, IT-SIG 2.0 was published in May 2021. In addition to translating the framework set by the NIS Directive into a national strategy, it provides detailed operational guidance for cybersecurity measures. Although there is a strong focus on critical infrastructure, most companies accept IT-SIG 2.0 as a minimum-security standard and best practice without being bound by any law.

From a global perspective, all these federal regulations provide a good safety standard at the national level, but also additional guidance for other countries. The recently published Executive Order is expected to set a new standard for all national sectors but will also have an impact on other regulations around the world. Therefore, looking at advanced and recently published regulations of other forward-looking countries can help proactively prepare defensive best practices even before they become a national standard in one' s own country.

Full article is available for registered users with free trial access or a paid subscription.
Log in
Become a Member and read on!
Create an account and buy a Membership package or use our 7-days free trial period to access this and 600+ other in-depth and up-to-date insights.
Register and request your 7-day free trial
Register
Already convinced? Check out our packages
Choose a package

Stay up to date

Subscribe for a newsletter to receive updates on newest events, insights and research.
I have read and agree to the Privacy Policy
I have read and agree to the Terms of Use