Cybersecurity Minimum Standards Needed to Keep North America Secure

October 5, 2021 by Victoria Turner
Cybersecurity Minimum Standards Needed to Keep North America Secure
Manuel Balcazar, consultant at MB Consultores

North American governments should come together to create a trilateral strategy to assess and address threats in a holistic risk-based approach to cybersecurity that includes a minimum set of standards, said three experts yesterday.

As much as the pandemic has accelerated the rate in which governments have taken on new risks, it has left “some vulnerability windows open,” said Manuel Balcazar, consultant at MB Consultores, who presented this trilateral cyberthreat assessment idea during Monday’s Center for Strategic & International Studies event, Establishing a Cybersecure North America.

All three panelists agreed that a mandatory reporting requirement needs to be implemented across the continent, or at least minimum standards set, particularly for critical infrastructure sectors like electricity or transportation. 

The USMCA was signed as a revamped North American trade treaty that became effective in July 2020. Despite the agreement including cybersecurity commitments within Article 19.15 of its digital trade provision, all three panelists agreed on the need for setting standards focused on cybersecurity to set the bar for a whole-of-continent approach. 

“The issue here is that I see some asymmetrical treatment for cybersecurity” across all three countries, Balcazar added. Cyberattacks have been increasing and becoming more sophisticated. What has not matched, however, is the number of incident reports in comparison to the number of uncovered incidents, Balcazar said, pointing out that some companies in Mexico might be afraid to tarnish their prestige by admitting a breach. A lack of reporting that is not exclusive to Mexico. 

“We all know there is tremendous, tremendous underreporting when it comes to cyber incidents from the private sector,” said Vincent Rigby, former national security and intelligence adviser to Canadian Prime Minister Justin Trudeau. “It’s not just that they inform us late, sometimes they don’t inform us at all.”

But what happens, Balcazar asked, when these attacks escalate to a terrorist attack on the continent’s critical infrastructure like the power grids?

The cybersecurity provision in the USMCA does emphasize a voluntary risk-based approach which is “dead on,” said Suzanne Spaulding, senior adviser for the Department of Homeland Security. However, she added, this approach needs to “rely on consensus-based standards and risk management best practices…to identify, protect, detect, respond and recover” from cyberattacks. 

Setting these standards and mandatory requirements has been gaining traction in the market, Spaulding said,“It’s always been best to rely on market forces and voluntary approaches.” 

The trilateral strategy should look into operationalizing the 19.15 provisions, Rigby said. Right now the infrastructure most vulnerable to a cyberattack would be the power grid, which is intrinsically linked between Canada and the U.S. 

“A hit on one country is going to have a tremendous impact on the other,” he said, pointing out both countries have been looking at energy sector initiatives for cybersecurity cooperation beyond their current security and resilience strategies. 

The U.S. and Mexican power grids also overlap at some points. But the strategy cannot focus on siloed sectors, as there are a lot of critical infrastructures and it will come down to information sharing best practices between the countries with extensive collaboration from the private sector. 

This is why the trilateral strategy needs to begin with a threat assessment all three nations agree on in scope and importance, followed by a minimum standard of a national approach and then a regional one, while simultaneously implementing information sharing best practices. 

“Cyber knows no borders,” Spaulding said, and it’s not “really about protecting computers, or even its networks, but about protecting the functions that they enable.”

A+
a-
  • cybersecurity
  • Establishing a Cybersecure North America
  • Manuel Balcazar
  • Suzanne Spaulding
  • USMCA
  • Vincent Rigby
  • In The News

    Health

    Voting

    Cybersecurity

    Americans Reporting Nationwide Cellular Outages From AT&T, Cricket Wireless and Others

    A number of Americans are dealing with cellular outages on AT&T, Cricket Wireless, Verizon, T-Mobile and other service providers, according... Read More

    A number of Americans are dealing with cellular outages on AT&T, Cricket Wireless, Verizon, T-Mobile and other service providers, according to data from Downdetector. AT&T had more than 73,000 outages around 9:30 a.m. ET, in locations including Houston, Atlanta and Chicago. The outages began at approximately... Read More

    States and Congress Wrestle With Cybersecurity at Water Utilities Amid Renewed Federal Warnings

    HARRISBURG, Pa. (AP) — The tiny Aliquippa water authority in western Pennsylvania was perhaps the least-suspecting victim of an international... Read More

    HARRISBURG, Pa. (AP) — The tiny Aliquippa water authority in western Pennsylvania was perhaps the least-suspecting victim of an international cyberattack. It had never had outside help in protecting its systems from a cyberattack, either at its existing plant that dates to the 1930s or the... Read More

    December 6, 2023
    by Dan McCue
    HHS Unveils Next Steps to Enhance Cybersecurity of Health Care Records

    WASHINGTON — The bad guys in cyberspace want your health care records.  Between 2018 and 2022, there was a 93%... Read More

    WASHINGTON — The bad guys in cyberspace want your health care records.  Between 2018 and 2022, there was a 93% increase in large breaches in the health care sector, with a 278% increase in large breaches involving ransomware, according to the Department of Health and Human... Read More

    Insider Q&A: Pentagon AI Chief on Network-Centric Warfare, Generative AI Challenges

    The Pentagon's chief digital and artificial intelligence offer, Craig Martell, is alarmed by the potential for generative artificial intelligence systems... Read More

    The Pentagon's chief digital and artificial intelligence offer, Craig Martell, is alarmed by the potential for generative artificial intelligence systems like ChatGPT to deceive and sow disinformation. His talk on the technology at the DefCon hacker convention in August was a huge hit. But he's anything... Read More

    October 31, 2023
    by Tom Ramstack
    US Workforce Unprepared for AI, Technology Experts Tell Senate

    WASHINGTON — President Joe Biden’s executive order Monday setting regulatory standards for artificial intelligence prompted witnesses at a Senate hearing... Read More

    WASHINGTON — President Joe Biden’s executive order Monday setting regulatory standards for artificial intelligence prompted witnesses at a Senate hearing Tuesday to say it is only a first step in a process likely to transform American workplaces. “Artificial intelligence will not only disrupt lives, it will... Read More

    July 18, 2023
    by Tom Ramstack
    Congress Told AI Holds Great Risks and Benefits for US Military

    WASHINGTON — Artificial intelligence experts warned Tuesday during a congressional hearing of ominous dangers for the United States if it... Read More

    WASHINGTON — Artificial intelligence experts warned Tuesday during a congressional hearing of ominous dangers for the United States if it falls behind in developing the technology but a bright future by taking the lead. One of the greatest risks would be defending against a foreign enemy... Read More

    News From The Well
    scroll top