Last Month, the Inter-American Development Bank, in association with the Organisation of American States, launched a publication titled:
According to the blurb on the website:
The 2016 Cybersecurity Report is the result of the collaboration between the Inter-American Development Bank (IDB), the Organization of American States (OAS), and the Global Cyber Security Capacity Centre (GCSCC) at the University of Oxford. The report presents a complete picture and update on the status of cybersecurity (risks, challenges, and opportunities) of Latin America and the Caribbean countries.
Importantly, the report was the result of self-assessments by key stakeholders within each jurisdiction under review.
In respect of the key findings, a good summary comes from the preface by the current IADB President, Luis Alberto Moreno, who notes that:
The analysis of its 49 indicators shows that several countries in the region are vulnerable to potentially
devastating cyberattacks. Four out of five countries do not have cybersecurity strategies or critical infrastructure
protection plans. Two out of three do not count on command centers and cybersecurity control. The vast
majority of prosecutors lack the legal capacity to pursue cybercrime actions.
Among the more interesting aspects of the report is the model developed to assess the state of cybersecurity in LAC. The report applies what they describe as a “Cybersecurity Capability Maturity Model” (CMM). The CMM is based on a model developed by the
Security Capacity Centre at Oxford University and has five designations: startup; formative; established; strategic; and dyamic. After analysing each country’s situation, that country is graded using the CMM designations in respect of 49 specific indicators. In turn, the 59 indicators were grouped into five broad categories:
- National Cybersecurity Policy
and Strategy (Policy and Strategy);
- Cyber Culture and Society
(Culture and Society);
- Cybersecurity Education, Training and
- Legal and Regulatory Frameworks (Legal
- Standards, Organizations and Technologies
From a Caribbean perspective, the report is very comprehensive. All 12 Commonwealth Caribbean Countries and 14 CARICOM-party states overall (Haiti and Suriname are also included) are covered in the report. For context, 32 Latin America and Caribbean countries were surveyed in total.
To my mind, the biggest value of this report for Caribbean states is the quick diagnosis it provides of the weak area(s) in various states. This understanding should significantly assist in determining which areas should be prioritised by governments in the region and, by extension, where scarce state resources should be directed. Similarly, it should also be useful to civil society actors and organisations in determining which cybersecurity and ICT issues need flagging and actioning the most in their respective territories.
Implicit in the foregoing, is another important purpose that this report serves: it underscored the nuanced challenges we face from jurisdiction to jurisdiction in respect of not just cybersecurity but ICT issues generally. By extension, the findings confirm that the one-size-fits-all-in-the-region approach to analysing and addressing challenges is woefully outdated.
Also, I should mention that the IADB has shared the dataset that was mined to create the report. If you are interested in sifting through the data yourself
(and have the time), you can grab it here.