IDB and OAS urge Latin America and the Caribbean to strengthen cybersecurity | Inter-American Development Bank
A new report published this week by the Inter-American Development Bank (IDB) and the Organization of American States (OAS) called on countries in Latin America and the Caribbean (LAC) to step up their efforts on cybersecurity or face “potentially devastating” cyber attacks.
While the “2016 Cybersecurity Report: Are we ready in Latin America and the Caribbean?” recognized that countries in the LAC region are accelerating their focus on cybersecurity and moving it upwards on their policy and social agendas, it ultimately concluded that most LAC countries are unprepared for the security challenges of the digital age.
The report—which was the result of a major collaboration among OAS, IDB, Oxford University, the Potomac Institute, the Center for Strategic International Studies, the Getulio Vargas Foundation, the FIRST organization, the European Council, and the World Economic Forum—analyzes the state of preparedness of the 32 OAS countries based on 49 indicators. It is the first significant examination of the level of preparedness against growing cyber threats in Latin America and the Caribbean based on two unique frameworks.
The preliminary evaluation of countries in the LAC region was based on the Oxford Cyber Security Capacity Maturity Model (CMM), which consists of 49 indicators in five areas, namely policy and strategy, education, culture and society, legal framework, and technology. LAC countries’ cyber readiness was subsequently assessed and validated using portions of the Cyber Readiness Index 2.0 (CRI 2.0), which includes over 70 unique data indicators across seven indices, namely national strategy, incident response, e-crime and law enforcement, information-sharing, investment in research and development, diplomacy and trade, and defense and crisis response. While the two frameworks differ in their analytical approaches to measuring cyber capacity and readiness, they are complementary and together provided a powerful tool to uncover interesting insights and assess country-level cyber preparedness in the LAC region.
The results? While a few major Latin American countries, like Brazil, México, Argentina, Chile, and Colombia have achieved an “intermediate level of preparedness,” they still lag far behind countries like the United States, Israel, Estonia, and the Republic of Korea.
Worse yet, sixteen countries in the region have no coordinated capacity to respond to cyber incidents and only six have adopted a national cybersecurity strategy—one of the most important elements of a country’s commitment to securing their cyber infrastructure and critical services upon which their digital future and economic wellbeing depend. Internet penetration in the LAC region is still quite low (averaging less than 50%) and society is largely unaware of the risks and vulnerabilities associated with the use of Internet-based technology. Two out of three countries do not have a command and control center for cybersecurity, and the absence of recognized clearinghouses or brokers of authoritative information compounded by the mistrust among stakeholders still hamper the ability of most LAC countries to establish formal information-sharing mechanisms. Moreover, although most LAC countries have increased their law enforcement efforts domestically and have updated national legislation to combat cybercrime and strengthen data protection and privacy laws, the successful prosecution of cybercrimes is still hindered by the absence in most states of a mechanism to report cyber incidents and the inability by a large majority of criminal justice systems to handle electronic evidence and conduct sufficient forensics investigations.
Government leaders in the LAC region cannot ignore the fact that cyber incidents are increasing in both scope and scale. Recognizing their responsibility to their countries and citizens, they must take the necessary steps and investments to address the resilience of their country’s core services and infrastructures to enable them to be better prepared for and speedily recover from cyber incidents, while at the same time continue to embrace the opportunities that come from having a connected society. As IDB President Luis Alberto Moreno stated at the time of the report’s release, the LAC “region arrived late to the Industrial Revolution. We cannot miss the opportunity that the Digital Revolution offers us. Because of that, cybersecurity must be a priority.”