National policies regarding cybersecurity can have a positive or negative effect on global trade efforts, says Allan Friedman, research director of the Brookings Institution's Center for Technology Innovation.

Take, for example, a congressional report from 2012, which recommends that government systems, particularly sensitive IT systems, refrain from using equipment and component parts manufactured by two Chinese companies, Huawei and ZTE, the world's largest and fifth-largest telecom equipment makers, respectively (see House Panel: 2 Chinese Firms Pose IT Security Risks).

"To name-check a country of origin ... is actually a pretty egregious thing to do in international trade, in diplomatic circles, because it really does invite other countries to retaliate in time," Friedman says in an interview with Information Security Media Group (see transcript below).

Friedman recently wrote a paper, Cybersecurity and Trade: National Policies, Global and Local Consequences, which addresses the intersection of two of the largest dynamics shaping the cyberworld today - the connectivity arising from global trade and data networks and the risk introduced by that connectivity.

An example of how IT security can have a positive impact on global trade is the voluntary cybersecurity framework that's part of President Obama's executive order (see Obama, CEOs Meet on Cybersecurity Framework).

"The philosophy behind the voluntary framework is [the government] said it isn't going to be in the business of regulating specific standards," Friedman says.

The framework recommends assessing what standards exist, conducting gap analysis to encourage various industrial sectors to adopt those standards and working toward developing new standards for areas that are neglected.

"That has the potential to promote a positive impact on trade because it really is drawing in companies that potentially have an international audience to say, 'We need to have some sort of way of demonstrating security; find a general partner solution that you can then export,'" Friedman says.

"It gives companies an incentive to find a way to make the solutions that they find something that's globally shareable and won't discriminate against any country or any set of companies."

In the interview, Friedman:

Outlines the challenges nations face in implementing cyber-protection policies without interfering with global trade (see Securing the Network Supply Chain); Explains why revelations of National Security Agency electronic snooping on foreign allies could harm U.S. manufacturers (see Did NSA Influence Taint IT Security Standards?); Explores the motivation behind China's cyber-protection and trade policies.

Before joining Brookings, Friedman was a fellow at the Center for Research on Computation and Society at Harvard's computer science department, where he worked on cybersecurity policy, privacy-enhancing technologies and the economics of information security. Friedman also was a fellow at the Belfer Center for Science and International Affairs, where he worked on the Minerva Project for Cyber International Relations.

Cybersecurity and Trade

ERIC CHABROW: Please take a few moments to summarize the highlights of your paper.