For years, hackers have abused the registration process to obtain new domain names which they then use to orchestrate cyber intrusions. More recently, security researchers revealed that a previously unknown hacker group carried out a series of attacks on government agencies in 13 countries by redirecting agency computers to hacker-controlled servers through the manipulation of Domain Name System (DNS) infrastructure.  News reports from earlier this year have also indicated manipulation of DNS infrastructure in Venezuela (likely by the Maduro government) to redirect users attempting to access an opposition humanitarian aid website to a malicious page.

When the network of the internet and related systems was first imagined, those who built it had a rose-colored view of humanity. They created a cyber-world without borders and, to a very large degree, without regulation or limitation.

This network sparked the growth of a digital economy that, today, contributes to roughly one-quarter of the growth of the world’s GDP. The internet and digital economy are global in ways that we could have only imagined just a few short years ago. For service providers and most end users, the network knows no boundaries and the practical barriers to making a purchase or providing a service to a customer in another country are minimal.

In early January, The Chertoff Group released a series of predictions around key cyber threat, policy, and market trends shaping the landscape in 2019. On the tails of the RSA conference, here are our thoughts on how those predictions are faring and highlights of important trends to watch.

Privacy breaches, large-scale hacks and other security incidents have exposed critical cybersecurity inefficiencies to the public eye in the last few years. With consumers experiencing first-hand consequences of these breaches, including compromised personal data and financial losses, companies and consumers are paying close attention to cybersecurity. As the public becomes more security-conscious, these cyber market trends will dominate 2019.

2018 saw both an upward trend in data breaches coupled with public concern for federal and political security. To help organizations navigate the uncertainties of a changing regulatory landscape, The Chertoff Group spotlights the trends that will shape cyber policies in the year to come.

Hackers are constantly learning, innovating and developing new attack methods – a phenomenon that crippled and embarrassed many organizations in 2018. Data breaches rose 45 percent last year, underlining the success of hacking innovations, with healthcare and banking racking up hits and the business sector weathering more than half of all breaches.

Last night, House and Senate leaders released their draft Omnibus appropriations bill. The bill not only sets spending levels for the various Federal government agencies and departments, but also includes several important updates to the laws and policies governing lawful access to data. Among them is a revised version of The CLOUD Act, which includes changes designed to strengthen privacy protections and Congressional oversight made in response to concerns raised by civil liberties and privacy groups upon review of an earlier version of the bill.

Earlier this week, two dozen civil liberties-focused organizations, including the American Civil Liberties Union (ACLU), Center for Democracy and Technology (CDT), and Amnesty International USA, wrote to members of Congress to express their opposition to The CLOUD Act. These organizations are concerned that, if enacted, the bill would erode civil liberty protections in the United States, allowing foreign governments to circumvent U.S. legal protections while “empowering” them to engage in human rights violations. While I understand their concerns, I believe that these groups are mistaken about the impact that the act will have on civil liberty protections in both the U.S. and around the globe.

For those who have not been following The CLOUD Act, the bill aims to clarify the laws governing how law enforcement in the U.S. and other countries obtain access to data stored in the Cloud, meet the legitimate investigatory needs of law enforcement while helping to resolve the conflicts of law currently facing service providers. The act has drawn bipartisan support in Congress, as well as support from the technology community, the White House, and our allies in the United Kingdom. I’ve also expressed my support for the bill last month in the Wall Street Journal.

“Data is the new oil.” Or so say the pundits. If it is, then we are about to experience the first great international data transformation, much as oil transformed transportation.

Indeed, we are on the cusp of one of the most significant transitions in international governance since the fall of the Berlin Wall heralded the end of Communism. Perhaps that is an overstatement for dramatic effect, but if it is, the degree of excess is rather small.

Sitting in a small group setting with cyber policy experts in Washington, D.C., I heard a well-respected cyber policy analyst say: “The cyber security of the Internet of Things is a national security issue. It is long past time for the law to impose liability on those who write insecure code.”

The implications of this statement are far reaching. Let’s take the automobile industry as an example. For developers and manufacturers, the security of the systems they are deploying in cars they are currently designing is a matter of good engineering. They are worried about safety, effectiveness, cost, and efficiency. However, in Washington, government is worried about cyber-attacks. And with Washington being Washington, the way they will act is the way they do best – through law.