Insights on the state of cyber security in 2013 in seven out of thirteen Caribbean countries, as reported by the Organisation of American States and Symantec in their Latin American + Caribbean Cyber Security Trends report.

A few months ago, the Organisation of American States (OAS), in collaboration with Symantec, a leading network security firm, published Latin American + Caribbean Cyber Security Trends. This report, which was published in June 2014, highlights key cybersecurity and cybercrime related developments in Latin America and the Caribbean in 2013. It also includes individual country reports on the state of cybersecurity in select countries – 13 Caribbean countries were in included.

In this article, part one of two, a snapshot of cybersecurity in seven Caribbean countries is presented below – Antigua and Barbuda, Barbados, Belize, Dominica, Dominican Republic, Grenada and Guyana. For each country, the state of cybersecurity is drawn directly from the Latin American + Caribbean Cyber Security Trends report, to provide insights on the following:

  • whether there are national strategies and/or policies on cybersecurity
  • whether a Computer Security Incident Response Team (CSIRT) or Computer Incident Response Team (CIRT) has been established
  • whether cybersecurity awareness campaign have been implemented
  • the extent to which in depth cybersecurity training is available in country
  • a brief summary of recent cyber incidents activities or trends in country
  • any recent developments or improvements that have been implemented
  • key concerns expressed either by the country or the report authors, and
  • critical factors to advance cybersecurity, as identified by the country or the report authors.

 Antigua and Barbuda

http://en.wikipedia.org/wiki/Antigua_and_BarbudaNational cybersecurity strategy and policy: In train, but none adopted

CSIRT: No

Cybersecurity awareness campaign: None undertaken as yet

In depth training nationally: No specialized cybersecurity training programmes

Cyber incidents status/trends: In 2013, the Regional Cyber Investigation Laboratory, which is housed within the Antigua and Barbuda Police Force, received only a very small number of reports of hacked personal email accounts. However, due to the lack of reporting, especially by the private sector, national authorities cannot pinpoint any trends or significant cybersecurity incidents that may have taken place within the country.

Recent developments: In 2013, passage of the Electronic Transactions Bill, the Electronic Evidence Act, the Electronic Crimes Act, and the Data Protection Act

Key concerns: There is no official body tasked with responding to cyber incidents, and neither are there frameworks requiring private sector entities to report cybersecurity incidents.

Critical factors to advance cybersecurity: Buy-in from policymakers; developing a cybersecurity policy; launching a national CSIRT.

Barbados

Barbados flagNational cybersecurity strategy and policy: In train, but none formally adopted

CSIRT: In the process of being created

Cybersecurity awareness campaign: A series of campaigns have been undertaken since 2010

In depth training nationally: No specialized cybersecurity training programmes

Cyber incidents status/trends: Although no hard numbers are available yet, the government reports that the Telecommunications Unit is collecting data on cyber attacks and incidents across government departments. Also reported were a series of incidents in early 2014 that affected numerous government offices

Recent developments:  None reported

Key concerns: No legal requirement for private sector entities to report cybersecurity incidents, though government recognizes it as a priority and is likely to be addressed with new legislation

Critical factor to advance cybersecurity: Securing sufficient funding.

Belize

http://en.wikipedia.org/wiki/BelizeNational cybersecurity strategy and policy: None

CIRT: None

Cybersecurity awareness campaign: A series of campaigns have been undertaken since 2010

In depth training nationally: None available

Cyber incidents status/trends: Although it does not presently maintain official statistics, the Government of Belize reported a notable increase in cybersecurity incidents over the past year.

Recent developments: None reported

Key concerns: Inadequate legal framework; the need for resources (including personnel, training, equipment, software and office space)

Critical factors to advance cybersecurity: Capacity building; policy development; adopting a national strategy; reforming the legal system; and establishing a national CIRT.

Dominica

Dominica flagNational cybersecurity strategy and policy: None, but efforts underway to prepare one

CSIRT: None, but work underway to establish one

Cybersecurity awareness campaign: None has been undertaken

In depth training nationally: None available

Cyber incidents status/trends: Financial institutions have circulated sporadic advisories in the wake of phishing and other attacks, but no other details or other types of incidents were provided

Recent developments: None reported

Concerns: Lack of a national policy and strategic framework; absence of capacity building and awareness raising initiatives

Critical factors to advance cybersecurity: Capacity building; policy development; adopting a national strategy; reforming the legal system; and establishing a national CIRT/Cyber Security Centre.

Dominican Republic

Dominican_Republic FlagNational cybersecurity strategy and policy: Cybercrime laws exist, but no official overarching national strategy or policy for cybersecurity

CSIRT: None

Cybersecurity awareness campaign: A series of campaigns have been undertaken

In depth training nationally: None currently available, but work underway to develop relevant coursework and certification programs

Cyber incidents status/trends: As the number of Internet users in the Dominica Republic has steadily increased, so has the number of victims of attacks and exploitation. Available statistics indicate an increase in cyber incidents in the country of approximately seven to ten percent (7–10 percent) per year over the past three years. The most common incidents reported include: credit card cloning, defamation through email and social networks, digital identity theft, phishing, and telephone-related scams. There were also numerous attacks against and defacements of government websites, largely by carried hacktivist groups.

Authorities reported having opened 654 cybercrime related cases in 2013, resulting in 300 submissions for prosecution. They also reported having successfully dismantled hacktivist groups within the country.

Recent developments:  None reported

Key concerns: Lack of a national policy and strategic framework; absence of capacity building and awareness raising initiatives; no formal framework for private sector reporting of cyber incidents

Critical factors to advance cybersecurity: Capacity building and training are seen as key priorities.

Grenada

Grenada flagNational cybersecurity strategy and policy: None

CIRT: None

Cybersecurity awareness campaign: None has been undertaken, but is being considered

In depth training nationally: None available

Cyber incidents status/trends: National authorities report not having observed an increase in the number of cyber incidents or other illicit cyber activity in the past year, and have no record of any significant cyber incidents having taken place

Recent developments: None reported

Key concerns: Lack of a national policy and strategic framework; absence of capacity building and awareness raising initiatives; no reporting frameworks or active collaboration with the private sector

Critical factor to advance cybersecurity: Establishing a national CIRT.

Guyana

http://en.wikipedia.org/wiki/GuyanaNational cybersecurity strategy and policy: None, but efforts underway to prepare one

CIRT: Yes, the Guyana National Computer Incident Response Team (GNCIRT)

Cybersecurity awareness campaign: Currently being planned

In depth training nationally: None available

Cyber incidents status/trends: Since GNCIRT’s creation in August 2013, the country has experienced numerous cybersecurity incidents ranging from the defacement of government websites to credit card fraud to the defrauding of a prominent businessman. Although authorities do not have hard data indicating a quantitative increase or decrease in the number of incidents, there has been a clear rise in the number of incidents reported by the public

Recent developments: Establishment of the Guyana National Computer Incident Response Team, or GNCIRT in August 2013

Key concerns: No legal requirement for private sector entities to report cyber incidents to government; CIRT-to-CIRT collaboration has been low

Critical factor to advance cybersecurity: Capacity building and training opportunities; though recognized as a priority, cybersecurity must be viewed as a first level security imperative.

 

Image credits:  Free Press Pics (flickr); All flags – Wikipedia

____________