Just as circumstances have changed in the world and now organizations must be aware of their cybersecurity and even allocate a budget for it, governments must also be prepared to prevent incidents in their structure and for their population as much as possible.
At this moment, Mexico is at a watershed, since a Cybersecurity Law was proposed. Its content will be analyzed and put to the consideration of the Congress of the Union. Let's start with the simplest and most important thing, how is the cybersecurity of a country measured?
There are various metrics, one of the best known is the National Cyber Security Index (NCSI). This ranks each country based on the strength of their cybersecurity measures and is prepared by the e-Governance Academy, an institution based in Tallinn, Estonia. According to this, Belgium currently has the highest score and the highest level of digital development as well.
What can be highlighted about the cybersecurity policies and instruments of various countries?
The United States, for example, is governed by the following instruments:
Federal Laws: The United States has several federal laws related to cybersecurity, including the Cybersecurity and Infrastructure Protection Act (CISA) that promotes the protection of critical infrastructure and sensitive information.
Personal data regulation: There is no comprehensive federal privacy law in the United States, but several states have enacted data privacy laws, such as the California Consumer Privacy Act (CCPA).
Regulatory Agencies: The Federal Trade Commission (FTC) plays an important role in regulating cybersecurity and online consumer protection.
Cybersecurity in the financial sector: The Financial Infrastructure Modernization Act (FISMA) and other regulations require financial institutions to maintain high cybersecurity standards.
On the other side of the world, in China, cybersecurity has a different approach:
Cybersecurity laws: China has specific cybersecurity laws, such as the "Cybersecurity Law", which establishes regulations on data management and cybersecurity in the country.
Control of online content: China has strict regulation over online content, including censorship and monitoring of social media platforms and websites.
Data storage requirements: China's Cyber Security Law requires companies operating in the country to store certain data within Chinese borders.
Cyberespionage and cyberwarfare efforts: China has been accused of carrying out cyberespionage activities and has been the subject of disputes with other countries, including the United States, over cybersecurity and cyberwarfare issues.
Belgium, the most cyber-secure country so far, has the following regulations and actions regarding cybersecurity:
Information Security Law: The Information Security Law regulates the security of networks and information systems. It establishes requirements for companies and institutions to protect their systems and data, and to report serious cybersecurity incidents to authorities.
Personal Data Protection Law: Belgium, as a member of the European Union, is subject to the General Data Protection Regulation (GDPR), which establishes strict rules for the protection of personal data and online privacy.
Security Coordination: There is security coordination between the Federal Government and regional authorities in Belgium to address cybersecurity issues. This involves different government agencies and stakeholders in policy formulation and response to cyber incidents.
Belgian Cybersecurity Agency (CISA - Center for War and Resilience Cybersecurity): This agency is responsible for supervising and promoting cybersecurity in Belgium, as well as coordinating the response to cyber incidents. Works closely with other security and defense agencies.
Critical Infrastructure Protection: Belgium identifies and protects critical infrastructure, such as energy, communications and transportation, from cyber threats. Companies operating in these sectors are subject to specific cybersecurity regulations.
Fight against Cybercrime: Belgian laws criminalize various acts of cybercrime, such as unauthorized access to computer systems, the distribution of malware and computer fraud. Violators may face legal sanctions.
International Cooperation: Belgium cooperates with other countries and organizations in the fight against cybercrime and promotes cybersecurity internationally.
In the coming months, a law on cybersecurity will be defined in Mexico. Deputy Javier López Casarín has proposed this initiative, which has already been debated since February of this year. The consensus of the different stakeholders of the Mexican ecosystem, which includes civil society, believes that a Cybersecurity Law must exist. The point under discussion is its scope and governance. The best practices in other countries can serve as an example to better focus our efforts. Cybersecurity is everyone's responsibility. At CyberLat we are ready to add to this very necessary and urgent initiative.