What Countries and Companies Can Do When Trade and Cybersecurity
In the “internet of things” era, almost all products can be connected to the internet, and most of them can also be used for spying and other malicious activities. And since data is considered a critical asset, services, from international banking to payment systems to consumer websites, are part of this too. As part of our initial research on this topic, we identified 33 cases of a country blocking the import of a product or service because of cybersecurity concerns. In each case, different circumstances and actions led to different outcomes. Countries and companies need to consider their options. We have developed a framework to systematically organize these cases, basing it on our in-depth interviews with domain experts.
What options do countries have?
— DO NOTHING. Governments can accept the po- tential risk of a cybersecurity situation and choose to ignore it.
— DEVELOP IMPORT TRADE BARRIERS. Some nations will take actions to implement trade policies or regulations that will directly restrict the import of international trades. — RESTRICT GOVERNM EN T PROCUREMENT. Government s can prohibit the use and p u rc h a s e of certain products. — DEVELOP NORMS. Count r ies can agree to not engage in certain types of be- havior.
— AMPLIFY THE CONFLICT. On the other hand, some nations can choose an opposite option and escalate the conflict.
What options do companies have? — RECOMMEND
TION.
— ACQUIESCE. — COMPROMISE. Google exited the Chinese market eight years ago to avoid having to censure its search results to meet Chinese government rules. The company has recently decided to re-enter, with modest changes to its search engine operation. It is not yet clear that this compromise will be accepted by both parties. — AVOID.
— DEFY. An organization may challenge or attack cybersecurity regulations. — COLLABORATE. Finally, organizations can choose to work with countries to mitigate the negative impact of regulations, or even to be involved in the regulation-making pro- AC- cess.
As the digital economy continues to develop, cybersecurity will play a critical role in international trade. Instead of considering security only a regulation issue, governments need to consider ways to avoid unnecessary confrontations, and organizations should become proactively involved to address concerns and influence policy to improve outcomes for everyone.
(Stuartmadnickisaprofessoratthemitsloanschool ofmanagementandthe Mitschoolofengineer - ing.simonjohnsonisa professoratthemitsloan Schoolofm anagement, wherekemanhuangisa researchscientist.)