Cyber security Report on Latin America and the Caribbean

The Inter-American Development Bank, in association with the Organisation of American States, launched a publication: Cybersecurity: Are We Ready in Latin America and the Caribbean

image

According to the blurb on the website: 

The 2016 Cybersecurity Report is the result of the collaboration between the Inter-American Development Bank (IDB), the Organization of American States (OAS), and the Global Cyber Security Capacity Centre (GCSCC) at the University of Oxford. The report presents a complete picture and update on the status of cybersecurity (risks, challenges, and opportunities) of Latin America and the Caribbean countries.

Importantly, the report was the result of self-assessments by key stakeholders within each jurisdiction under review.

In respect of the key findings, a good summary comes from the preface by the current IADB President, Luis Alberto Moreno, who notes that:

The analysis of its 49 indicators shows that several countries in the region are vulnerable to potentially devastating cyberattacks. Four out of five countries do not have cybersecurity strategies or critical infrastructure protection plans. Two out of three do not count on command centers and cybersecurity control. The vast majority of prosecutors lack the legal capacity to pursue cybercrime actions.

Among the more noteworthy aspects of the report is the model developed to assess the state of cybersecurity in LAC. The report applies a “Cybersecurity Capability Maturity Model” (CMM). The CMM is based on a model developed by the Global Cyber
Security Capacity Centre
at Oxford University and has five designations: startup; formative; established; strategic; and dyamic.  After analysing each country’s situation, that country is graded using the CMM designations in respect of 49 specific indicators. In turn, the 59 indicators were grouped into five broad categories:  

  1. National Cybersecurity Policy
    and Strategy (Policy and Strategy); 
  2. Cyber Culture and Society
    (Culture and Society); 
  3. Cybersecurity Education, Training and
    Skills (Education); 
  4. Legal and Regulatory Frameworks (Legal
    Frameworks); and 
  5. Standards, Organizations and Technologies
    (Technologies).
image

From a Caribbean perspective, the report is very comprehensive. All 12 Commonwealth Caribbean Countries and 14 CARICOM-party states overall (Haiti and Suriname are also included) are covered in the report. For context, 32 Latin America and Caribbean countries were surveyed in total.

To my mind, the biggest value of this report for Caribbean states is the quick diagnosis it provides of the weak area(s) in various states. This understanding should significantly assist in determining which areas should be prioritised by governments in the region and, by extension, where scarce state resources should be directed. The report should also be useful to civil society actors and organisations in determining which cybersecurity and ICT issues need flagging and actioning in their respective territories.

Implicit in the foregoing, is another important purpose of the report: it underscores the nuanced challenges faced in various jurisdictions in respect of not just cybersecurity, but ICT issues generally. By extension, the findings confirm that the one-size-fits-all-in-the-region approach to analysing and addressing cybersecurity challenges is woefully outdated.

You can directly download the report as a pdf (English | Español

Also, I should mention that the IADB has shared the dataset that was mined to create the report. If you are interested in sifting through the data yourself (and have the time), you can access it here.