Cybersecurity Minimum Standards Needed to Keep North America Secure

October 5, 2021 by Victoria Turner
Cybersecurity Minimum Standards Needed to Keep North America Secure
Manuel Balcazar, consultant at MB Consultores

North American governments should come together to create a trilateral strategy to assess and address threats in a holistic risk-based approach to cybersecurity that includes a minimum set of standards, said three experts yesterday.

As much as the pandemic has accelerated the rate in which governments have taken on new risks, it has left “some vulnerability windows open,” said Manuel Balcazar, consultant at MB Consultores, who presented this trilateral cyberthreat assessment idea during Monday’s Center for Strategic & International Studies event, Establishing a Cybersecure North America.

All three panelists agreed that a mandatory reporting requirement needs to be implemented across the continent, or at least minimum standards set, particularly for critical infrastructure sectors like electricity or transportation. 

The USMCA was signed as a revamped North American trade treaty that became effective in July 2020. Despite the agreement including cybersecurity commitments within Article 19.15 of its digital trade provision, all three panelists agreed on the need for setting standards focused on cybersecurity to set the bar for a whole-of-continent approach. 

“The issue here is that I see some asymmetrical treatment for cybersecurity” across all three countries, Balcazar added. Cyberattacks have been increasing and becoming more sophisticated. What has not matched, however, is the number of incident reports in comparison to the number of uncovered incidents, Balcazar said, pointing out that some companies in Mexico might be afraid to tarnish their prestige by admitting a breach. A lack of reporting that is not exclusive to Mexico. 

“We all know there is tremendous, tremendous underreporting when it comes to cyber incidents from the private sector,” said Vincent Rigby, former national security and intelligence adviser to Canadian Prime Minister Justin Trudeau. “It’s not just that they inform us late, sometimes they don’t inform us at all.”

But what happens, Balcazar asked, when these attacks escalate to a terrorist attack on the continent’s critical infrastructure like the power grids?

The cybersecurity provision in the USMCA does emphasize a voluntary risk-based approach which is “dead on,” said Suzanne Spaulding, senior adviser for the Department of Homeland Security. However, she added, this approach needs to “rely on consensus-based standards and risk management best practices…to identify, protect, detect, respond and recover” from cyberattacks. 

Setting these standards and mandatory requirements has been gaining traction in the market, Spaulding said,“It’s always been best to rely on market forces and voluntary approaches.” 

The trilateral strategy should look into operationalizing the 19.15 provisions, Rigby said. Right now the infrastructure most vulnerable to a cyberattack would be the power grid, which is intrinsically linked between Canada and the U.S. 

“A hit on one country is going to have a tremendous impact on the other,” he said, pointing out both countries have been looking at energy sector initiatives for cybersecurity cooperation beyond their current security and resilience strategies. 

The U.S. and Mexican power grids also overlap at some points. But the strategy cannot focus on siloed sectors, as there are a lot of critical infrastructures and it will come down to information sharing best practices between the countries with extensive collaboration from the private sector. 

This is why the trilateral strategy needs to begin with a threat assessment all three nations agree on in scope and importance, followed by a minimum standard of a national approach and then a regional one, while simultaneously implementing information sharing best practices. 

“Cyber knows no borders,” Spaulding said, and it’s not “really about protecting computers, or even its networks, but about protecting the functions that they enable.”

A+
a-
  • cybersecurity
  • Establishing a Cybersecure North America
  • Manuel Balcazar
  • Suzanne Spaulding
  • USMCA
  • Vincent Rigby
  • In The News

    Health

    Voting

    Cybersecurity

    June 24, 2025
    by Tom Ramstack
    US in ‘Heightened Threat Environment’ After Iranian Threat of Reprisal for Bombing

    WASHINGTON — Tenuous international efforts to reinstate a ceasefire between Iran and Israel continued Tuesday but did nothing to eliminate... Read More

    WASHINGTON — Tenuous international efforts to reinstate a ceasefire between Iran and Israel continued Tuesday but did nothing to eliminate the warnings of reprisal against the United States. The result is security alerts in Washington, D.C., and throughout the nation. The U.S. Department of Homeland Security... Read More

    April 29, 2025
    by Tom Ramstack
    FBI Reports Sharp Increase in American Cybercrime Victims

    WASHINGTON — The FBI’s new Internet Crime Report released last week shows Americans lost $16.6 billion to cybercrime in 2024... Read More

    WASHINGTON — The FBI’s new Internet Crime Report released last week shows Americans lost $16.6 billion to cybercrime in 2024 despite an intensified government effort to stop it. The losses were up by one-third from a year earlier.  Fraud was the most common crime, particularly among... Read More

    December 31, 2024
    by Tom Ramstack
    Chinese Accused of Hacking US Treasury Dept. Computers

    WASHINGTON — A Chinese intelligence agency recently hacked the workstations and unclassified documents of the U.S. Treasury Department, the Biden... Read More

    WASHINGTON — A Chinese intelligence agency recently hacked the workstations and unclassified documents of the U.S. Treasury Department, the Biden administration announced Monday. The hack attack is one of several Chinese-sponsored incidents the U.S. Cybersecurity and Infrastructure Security Agency says have compromised the data privacy of... Read More

    The US and Microsoft Disrupt a Russian Hacking Group Targeting American Officials and Nonprofits

    WASHINGTON (AP) — A hacking group tied to Russian intelligence tried to worm its way into the systems of dozens... Read More

    WASHINGTON (AP) — A hacking group tied to Russian intelligence tried to worm its way into the systems of dozens of Western think tanks, journalists and former military and intelligence officials, Microsoft and U.S. authorities said Thursday. The group, known as Star Blizzard to cyberespionage experts,... Read More

    Americans Reporting Nationwide Cellular Outages From AT&T, Cricket Wireless and Others

    A number of Americans are dealing with cellular outages on AT&T, Cricket Wireless, Verizon, T-Mobile and other service providers, according... Read More

    A number of Americans are dealing with cellular outages on AT&T, Cricket Wireless, Verizon, T-Mobile and other service providers, according to data from Downdetector. AT&T had more than 73,000 outages around 9:30 a.m. ET, in locations including Houston, Atlanta and Chicago. The outages began at approximately... Read More

    States and Congress Wrestle With Cybersecurity at Water Utilities Amid Renewed Federal Warnings

    HARRISBURG, Pa. (AP) — The tiny Aliquippa water authority in western Pennsylvania was perhaps the least-suspecting victim of an international... Read More

    HARRISBURG, Pa. (AP) — The tiny Aliquippa water authority in western Pennsylvania was perhaps the least-suspecting victim of an international cyberattack. It had never had outside help in protecting its systems from a cyberattack, either at its existing plant that dates to the 1930s or the... Read More

    News From The Well
    scroll top