Cybersecurity has now become a feature of modernized US trade agreements, with new cybersecurity provisions in the US-Mexico-Canada Agreement and the US-Japan Digital Trade Agreement. The United States has begun the process of negotiating several additional trade agreements - including with China (Phase II), the European Union, Japan (Phase II), Kenya, and the United Kingdom.
The parties to these agreements should take the opportunity to expand on the cybersecurity section to better reflect its importance to global trade. One important way to do this would be to incorporate vulnerability disclosure into trade agreements. Below are Rapid7’s thoughts on how to do that and why.
[For an update on trade agreements as of Jan. 2020, please check out this blog post. For more information on Rapid7’s efforts to include cybersecurity risk management principles in USMCA, please check out this blog post.]
Integrating vuln disclosure in trade negotiations
"Vulnerability disclosure" is a voluntary process for communicating information about specific cybersecurity vulnerabilities, including processes for disclosure and receipt, for the purpose of encouraging voluntary mitigation of the vulnerability. Vulnerability disclosure has been written about extensively by cybersecurity risk management experts and is the focus of two international standards (ISO/IEC 29147 and ISO/ ..
Support the originator by clicking the read the rest link below.
