The tech industry needs a global body to legislate on security standards, according to an IBM security expert.
At the current time, common criteria is not a modern enough approach and “something needs to happen on a global stage,” said Kristin Lovejoy, vice president of security strategy at IBM.
An organisation needs to be established, perhaps within the UN, to govern security standards, although it is likely this would take “a long time”, Lovejoy explained.
“Here’s the problem, if the Russians, the Chinese, the US, the EU and Singapore – if they all come up with their own standards, what happens is it becomes impossible for organisations to compete globally because they have to rebuild their products for every geographical market,” she told IT PRO.
With nation-set standards, manufacturers would be required to provide their source code to that national government and this would bring with it intellectual property (IP) issues, she said.
“It’s not simply the potential IP theft issue, it’s the fact that those national governments now have insight into your protection profiles,” Lovejoy explained.
“On some levels, security is still about obscurity, and the more they know the more there is a potential for them to create backdoors into those technologies. We’re in this state now where we are stuck because we don’t have an international standard other than common criteria, which I think everybody agrees... needs to be improved, modernised.”
She called for an international best practice to be accepted by national governments across the world and provide multi-nationals with a “safe harbour.”