When “Security” Regulations Overreach

posted by in Cybersecurity, Global Markets July 9, 2012
Jul 09

Cybersecurity has justifiably become a front-burner policy concern for governments around the world. But what happens when security regulations are effectively used to bolster the prospects of local firms at the expense of foreign competitors?

We are starting to find out, especially in emerging markets, where many governments have recently begun implementing security-related measures that stray far into the commercial sphere. The development of these overreaching security-related regulations is one of several IT-focused market barriers detailed in BSA’s latest policy report, “Lockout.” They not only create barriers to foreign IT products, but also have the unintended consequence of denying local consumers and businesses access to the best security solutions. And in some instances, they actually undermine security rather than bolster it.

Take the current restrictions on procurement in China’s Multi-Level Protection Scheme (MLPS). The MLPS classifies information networks in China based on their relative importance to national security, social order, and economic interests. Any network that is considered “sensitive” is subject to certain limitations, including requirements that all IT security products used in the network are owned by Chinese citizens and have core technology and key components that are based on domestic intellectual property. The problem is that the MLPS take a highly expansive view of what should be considered “sensitive” networks — far out of step with global norms. It includes within its scope Chinese enterprises in the areas of finance, transportation, health and education. The end result is that foreign suppliers of IT security products are excluded from selling to a significant segment of the Chinese economy.

Similarly, there are policies in India that when fully implemented will require products sold to telecommunications networks to be tested and certified in Indian laboratories, and will force technology vendors to submit to onerous facility-inspections requirements. This imposes significant costs and burdens on foreign IT suppliers, particularly those whose products have already been certified in non-Indian labs as meeting global standards for security assurance. This will lead many foreign IT companies to stay out of the Indian market while local suppliers reap the benefits.

But that “benefit” comes with a steep cost: These kinds of security policies can actually undermine security by denying government and private-sector purchasers that ability to choose the best IT solutions to meet their needs.

That’s why BSA is urging leading IT economies to address this and other IT-focused trade barriers through a comprehensive new trade agenda for the digital economy — a trade agenda that provides a fair global playing field for IT products and enhances security at the same time.

Leave a Reply