One third of countries have developed a national cybersecurity strategy, but mobilized capabilities are minimal

A dozen Latin American countries have already developed a national cybersecurity strategy, but in general the capacities mobilized in the region to deal with cybercrime and cyberattacks are still limited. In a continent with high use of social networks, but at the same time with some power network and internet access problems that make it difficult to react to cyber-attacks, the risk of widespread organized crime groups increasingly resorting to cybernetics is high.

article / Paula Suárez

In recent years, globalization has made its way into all parts of the world, and with it have emerged several threats in the field of cyberspace, which requires special treatment by the governments of all states. Globally, and not only in Latin America, the main areas under threat in terms of cybersecurity are, essentially, computer crime, network intrusions and politically motivated operations.

The latest reports on cybersecurity in Latin America and the Caribbean, conducted jointly by the Inter-American development Bank (IDB) and the Organization of American States (OAS), indicate that a third of the countries in the region have begun to take some steps to address the growing cybersecurity risks. However, they also note that efforts are so far limited, given the general lack of preparedness for the threat of cybercrime; they also suggest the need for a reform of protection policies in the coming years, especially with the problems that have come to light with the Covid-19 crisis.  

The IDB and the OAS (OAS) have collaborated on several occasions to publicize the status and raise awareness of cybersecurity issues, which have been increasing as globalization has become part of everyday life and social networks and the Internet have become more deeply integrated into our daily lives. To address this new reality, both institutions have created a Cybersecurity Observatory for the region, which has published several programs of study.

If until the 2016report cybersecurity was a topic little discussed in the region, currently with the increase of technology in Latin America and the Caribbean it has become a topic of interest for which states tend to be increasingly concerned, and therefore, to implement relevant measures, as highlighted in the 2020report .

Transportation, educational activities, financial transactions, many services such as food, water or energy supply and many other activities require cybersecurity policies to protect civil rights in the digital realm such as the right to privacy, often violated by the use of these systems as a weapon.

Not only socially, but also economically, investment in cybersecurity is critical to prevent the damage caused by online crime. For the Gross Domestic Product of many countries in the region, attacks on infrastructure can account for from 1% to 6% of GDP in the case of attacks on critical infrastructure, which translates into incompetence on the part of these countries to identify cyber dangers and to take the necessary measures to combat them.

According to the aforementioned study, 22 of the 32 countries analyzed are considered to have limited capabilities to investigate crimes, only 7 have a plan to protect their critical infrastructure, and 18 of them have established a so-called CERT or CSIRT (Computer Security Incident or Emergency Response Team). These systems are not currently developed uniformly in the region, and they lack the capacity and maturity to provide an adequate response to network threats, but their implementation is necessary and, increasingly, they are being supported by institutions such as the OAS to improve them.

In this area, the Forum for Incident Response and Security Teams (FIRST) has a work core topic, due to the great need in this region, to attend governments so that they can benefit from the identification of cyber threats and the association's strategic security mechanisms, mainly to protect the economies of these countries.

As already mentioned, awareness of the need for such measures has been increasing as cyber attacks have also increased, and countries such as Colombia, Jamaica, Trinidad and Tobago and Panama have established a proper strategy to combat this damage. In contrast, many other Latin American and Caribbean countries such as Dominica, Peru, Paraguay and Suriname have lagged behind in this development, and although they are on the way, they need institutional support to continue in this process.

The problem in combating such problems is usually rooted in the states' own laws. Only 8 of the 32 countries in the region are party to the Budapestagreement , which calls for international cooperation against cybercrime, and a third of these countries do not have appropriate legislation in their legal framework for cybercrime.

For the states party to this agreement, these guidelines can serve as a great financial aid develop domestic and procedural laws with respect to cybercrime, which is why the adherence or at least the observation of these guidelines is being promoted by organizations such as the OAS, with the recommendations of specialized units such as the REMJA Cybercrime work group , which advises on the reform of criminal law with respect to cybercrime and electronic evidence.

On the other hand, it was not until the beginning of this year that, with the incorporation of Brazil, 12 countries in Latin America and the Caribbean have established a national cybersecurity strategy, due to the lack of qualified human talent. Although it is worth mentioning the two countries in the region with the greatest development in the field of cybersecurity, which are Jamaica and Trinidad and Tobago.

Of the problems mentioned, we can say that the lack of national strategy in terms of cybersecurity exposes these countries to various attacks, but to this must be added that the companies that sell cybersecurity services and provide technical and financial support in the region are mostly from Israel or the United States, and are linked to a rather militarized security and defense perspective, which will be a challenge in the coming years because of the skill that China is showing on this side of the hemisphere, especially linked to 5G technology.

Cyber malpractices are a threat not only to the Economics Latin America and the Caribbean, but also to the functioning of democracy in these states, an attack on the rights and freedoms of citizens and the values of society. For this reason, the need for investment in civilian infrastructure and military capacity is becoming apparent. To achieve this, the states of the region are willing to cooperate, firstly, in the unification of their legal frameworks based on the models of the Budapest agreement and the instructions of the European Union, whose perspective to face the new challenges in cyberspace is having a great impact and influence in the region.

 Moreover, with the coming Covid-19 crisis, the states of the region are generally willing to collaborate by developing their own national strategies, consistent with the values of the organizations they are part of, to protect both their current means and their emerging technologies (artificial intelligence, quantum, high performing computing and others). Cyber threats are intended to be addressed through channels open to partnership and dialogue, since the Internet has no borders, and the harmonization of legal frameworks is the first step towards strengthening not only regional but also international cooperation.