Cisco Blogs
Share

A Modern Approach to Cybersecurity & Privacy in the U.S.-Mexico-Canada Agreement


October 12, 2018 - 1 Comment

As was noted in a companion blog by my colleague Jen Sanford, the new U.S.-Mexico-Canada-Agreement (USMCA) covers a wide range of trade issues between these nations.  We are particularly excited for the provisions around cybersecurity which address what our customers and the industry have been saying for a while: that regulatory and compliance-driven security doesn’t work. Along those lines, the Digital Trade Chapter of USMCA calls for risk-based cybersecurity mechanisms over prescriptive regulations. While not mentioning the document by name, the USMCA agreement actually calls out the five core functions in the NIST Framework—identify, protect, detect, respond, recover.

This result demonstrates all three governments share a common vision and commitment to effective cyber-risk management. Our three nations are connected in many ways physically via our roads, railways, and energy distribution systems. Those critical systems, in turn, increasingly leverage information technology underscoring the importance of developing a harmonized approach to cybersecurity. Therefore, a coordinated approach to cyber risk management—using a common set of tools—makes tremendous sense.

The inclusion of these new digital trade provisions will also facilitate the development of a unified market for cybersecurity products and services. Developers of these technologies can be confident that they will have access to selling into all three countries. Buyers of these technologies will in turn have greater certainty about how to map their capabilities to a commonly used approach to cyber risk management.

USMCA also establishes a series of important protections against non-tariff trade barriers around digital services. These include: 1) ensuring that data can flow freely within the trade bloc; 2) restricting the use of data storage or processing localization requirements; advancing the development of interoperable data protection mechanisms—specifically referencing the APEC Cross Border Privacy Rules under which Cisco is certified; and 4) limiting government demands source code for technology as a precondition for sale.

Cisco looks forward to to working with the three governments to turn the USMCA’s commitments around cybersecurity, privacy, and more into action once it is implemented.

 

Leave a comment

We'd love to hear from you! Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed and HTML formatting will not appear.

1 Comments

  1. Thanks for sharing the descriptive information on Cyber Security.It’s really helpful to me since I'm taking Cyber Security Training. Keep doing the good work and if you are interested to know more on Cyber Security, do check this Cyber Security Tutorial.:-https://www.youtube.com/watch?v=Dl7p-stFpoc&t=187s