In 2023, nations worldwide continued to bolster their cybersecurity capabilities and systems to meet their national requirements, utilizing regulatory measures to improve their cybersecurity management. NSFOCUS conducted comprehensive monitoring and research to outline the evolution of global cybersecurity regulations and policies throughout the year. This analysis aims to offer valuable insights and guidance to stakeholders, policymakers, and cybersecurity experts navigating this ever-changing landscape.
The coverage spans four key areas: “Network Security,” “Data Security,” “Privacy Protection,” and “Tech Development and Governance,” with information presented in a chronological sequence.
April
The United States Cybersecurity and Infrastructure Security Agency (CISA) unveiled the “Zero Trust Maturity Model” (2nd edition), enhancing the specifications for Zero Trust implementation in homeland security.
Over recent years, the U.S. government has prioritized Zero Trust, issuing various policies and regulations related to this approach. The updated Zero Trust Maturity Model for homeland security refines the implementation specifics, building upon the initial version by detailing maturity stages, key functionalities, assessment indicators, and descriptions.
The Cyberspace Administration of China introduced the “Management Measures for Generative Artificial Intelligence Services (Draft for Comments).”
In light of the escalating global interest in generative AI technology, countries have been enacting regulations to fortify the development and security management of artificial intelligence. China’s policy documents, such as the Guiding Opinions on Accelerating Scenario Innovation and the Development Plan for the Next-Generation Artificial Intelligence, aim to drive strategic, industrial, and standardization initiatives to advance artificial intelligence.
May
The White House published the United States Government’s National Standards Strategy for Critical and Emerging Technology, reinforcing technological competitiveness.
This strategy underscores the pivotal role of standards in regulating and advancing technological progress, positioning the U.S. as a leader in global technological innovation.
The White House also released the 2023 Update of the “National Artificial Intelligence Research and Development Strategic Plan,” refining AI research and development directions.
This update aligns with the U.S. government’s focus on AI strategy, reflecting a concerted effort to steer artificial intelligence technology development effectively.
June
The White House updated the memorandum M-22-18, focusing on enhancing software supply chain security through secure development practices.
This memorandum aims to sustain policy consistency and leverage software supply chain security to reinforce U.S. dominance in technology sectors.
July
Seven Chinese government departments jointly issued the “Interim Measures for the Management of Generative Artificial Intelligence Services,” intensifying oversight of generative AI.
These measures address key security risks associated with generative AI, outlining security requirements and development elements to foster innovation in the cybersecurity sector.
August
The U.S. National Institute of Standards and Technology (NIST) released the draft of “Cybersecurity Framework 2.0” to bolster cybersecurity risk management.
This updated framework expands its scope, emphasizes cybersecurity governance, and underscores supply chain risk management.
NIST also issued three draft standards for post-quantum cryptography to advance post-quantum cryptographic technology.
These standards are crucial for cybersecurity companies to enhance their resilience against emerging quantum threats.
September
The United States Senate conducted a hearing on Legislating on Artificial Intelligence to enhance AI security protection.
This hearing proposed regulatory systems to strengthen AI security and guide the healthy development of related industries.
November
The Cybersecurity and Infrastructure Security Agency (CISA) released the AI Roadmap to outline strategic measures for AI security in cybersecurity.
This roadmap aligns with the U.S. government’s commitment to ensuring safe and trustworthy artificial intelligence.
December
The European Parliament and the Council of the European Union reached a provisional agreement on the “AI Act,” marking the world’s first comprehensive legislation on artificial intelligence.
This act emphasizes stringent regulations for AI systems, requirements for high-risk models, and measures to foster innovation, setting a precedent for AI legislation globally.
This summary encapsulates the key developments in cybersecurity regulations and policies in 2023, focusing on technological advancements and governance.
