2018 saw both an upward trend in data breaches coupled with public concern for federal and political security. To help organizations navigate the uncertainties of a changing regulatory landscape, The Chertoff Group spotlights the trends that will shape cyber policies in the year to come.

Hackers are constantly learning, innovating and developing new attack methods – a phenomenon that crippled and embarrassed many organizations in 2018. Data breaches rose 45 percent last year, underlining the success of hacking innovations, with healthcare and banking racking up hits and the business sector weathering more than half of all breaches.

Last night, House and Senate leaders released their draft Omnibus appropriations bill. The bill not only sets spending levels for the various Federal government agencies and departments, but also includes several important updates to the laws and policies governing lawful access to data. Among them is a revised version of The CLOUD Act, which includes changes designed to strengthen privacy protections and Congressional oversight made in response to concerns raised by civil liberties and privacy groups upon review of an earlier version of the bill.

Earlier this week, two dozen civil liberties-focused organizations, including the American Civil Liberties Union (ACLU), Center for Democracy and Technology (CDT), and Amnesty International USA, wrote to members of Congress to express their opposition to The CLOUD Act. These organizations are concerned that, if enacted, the bill would erode civil liberty protections in the United States, allowing foreign governments to circumvent U.S. legal protections while “empowering” them to engage in human rights violations. While I understand their concerns, I believe that these groups are mistaken about the impact that the act will have on civil liberty protections in both the U.S. and around the globe.

For those who have not been following The CLOUD Act, the bill aims to clarify the laws governing how law enforcement in the U.S. and other countries obtain access to data stored in the Cloud, meet the legitimate investigatory needs of law enforcement while helping to resolve the conflicts of law currently facing service providers. The act has drawn bipartisan support in Congress, as well as support from the technology community, the White House, and our allies in the United Kingdom. I’ve also expressed my support for the bill last month in the Wall Street Journal.

“Data is the new oil.” Or so say the pundits. If it is, then we are about to experience the first great international data transformation, much as oil transformed transportation.

Indeed, we are on the cusp of one of the most significant transitions in international governance since the fall of the Berlin Wall heralded the end of Communism. Perhaps that is an overstatement for dramatic effect, but if it is, the degree of excess is rather small.

Sitting in a small group setting with cyber policy experts in Washington, D.C., I heard a well-respected cyber policy analyst say: “The cyber security of the Internet of Things is a national security issue. It is long past time for the law to impose liability on those who write insecure code.”

The implications of this statement are far reaching. Let’s take the automobile industry as an example. For developers and manufacturers, the security of the systems they are deploying in cars they are currently designing is a matter of good engineering. They are worried about safety, effectiveness, cost, and efficiency. However, in Washington, government is worried about cyber-attacks. And with Washington being Washington, the way they will act is the way they do best – through law.

Few policy makers in Washington would disagree that the United States benefits when we have a safe, secure, reliable energy supply. In fact, because our electric grid and power generation are vital to the United States economy, most support it. However, at this moment, I fear we are missing a critical opportunity when it comes to investing in our nation’s nuclear energy program.

The Chertoff Group continues to closely monitor the WannaCry ransomware attack. The story is still evolving, but we wanted to provide a brief summary for those of you who may not have had time to review in detail and assess appropriate actions for your organization.

Last week’s global ransomware cyber-attack that upended hospitals across the globe reminds us that every innovation comes with challenges. In all industries, especially the healthcare industry, connectivity offers tremendous benefits but also increased risk. Although these attacks disrupted healthcare services and others, the risk extends to every aspect of connected healthcare, including connected medical devices. This industry must come together to address growing challenges.