Cybersecurity is a topic that is obtaining more and more interest around the world. After the 2007 cyberattacks in Estonia, the world started realizing that cybersecurity is going to be a challenge they will have to address sooner or later, hence the creation of the Tallinn Manual by NATO two years later. This manual suggests how could cyberattacks be taken in the context of a war, but there is yet to exist an international law such as IHL regarding this sphere, nor there are any universal regulations whatsoever.
Many western countries started adopting new cybersecurity strategies to tackle the cyber-threats posed to them, and so we find that NATO and the European Defense Agency (EDA) have strict programs aiming to deter such attacks. On a country level, the US Department of Homeland Security (DHS) has a very well defined position on how to address such attacks, and it set the parameters on when a cyberattack will be considered a matter of national security, as well as what infrastructures are key to protect, as seen in their Cybersecurity Strategy.
Other interesting countries rapidly advancing in the cyberspace are the Russian Federation and the People’s Republic of China. Both States are strongly focusing on setting well defined norms on the cyberspace. Russia calls it Information Security, and published in 2016 their Doctrine of Information Security of the Russian Federation, in which their national interest on the cyberspace is shown. For instance, Russia is trying to put forward a new set of cyberspace governance regulations at the UN.
In the other hand, China developed an even stricter Cybersecurity Law which allows the collection and usage of personal information, and gives the State a greater degree of control in this new sphere. These norms added to the Chinese Social Credit System that the country wants to implement at least by 2020 in all big cities, could have interesting developments on Chinese society.
It is also important to note that both countries are part of the Shanghai Cooperation Organization, which is trying to not only set a standard on all its members in the topic of cybersecurity, but it is trying to propose the same guidelines in the UN General Assembly as well. China declared in 2017 that it is ready to improve security cooperation among its members, as a result of the Chinese International Strategy of Cooperation on Cyberspace.
What about Latin America (LAC)?
According to the Internet Security Threat Report 2018 (ISTR) by Symantec, Brazil and Mexico rank 7th and 8th regarding most ransomware attacks worldwide, while Brazil, Argentina, and Mexico occupy globally the 3rd, 8th and 10th place in country of origin in cyberattacks.
Security ompany Kaspersky noted in 2017 that cyberattacks increased from 2016 to 2017 by 59%, which, put in context, means that internet users in Latin America suffer an average of 33 cyberattacks per second. Brazil, Mexico, Colombia, Honduras, Panama, Guatemala, and Chile registered the most number of attacks in 2017.
Kaspersky’s 2017 Latin America prognosis for 2018 were an increase of cyber-threats, cyberattacks to the financial sector, cyber-military operations, attacks on small and middle enterprises, cryptocurrency mining abuse, and even more attacks on the IoT, among others.
The Cybersecurity Report for Latin America and the Caribbean 2016, written by the Cybersecurity Observatory and the OAS, asks whether the region is ready or not. The report indicates the LAC region is accelerating their development over cybersecurity matters, and adds, that major countries such as Mexico, Brazil, Argentina, Chile, and Colombia have achieved an intermediate level of preparedness for cybersecurity, yet their capabilities are still limited due to the lack of regional advancements, compared to their European counterparts.
The report also shows that the majority of the countries count with no coordinated capabilities to fully respond to cyber-threats, meaning that their vulnerability to cyberattacks in any sector is high. Especially if we take into account that the financial sector is a key environment for a functioning country, having a weakness in cybersecurity should not be a low priority national interest.
A good example is the recent cyberattack to Banxico, Mexico’s central bank, in which 836 bank accounts from 10 different institutions were victims of fraud, and the attack had a cost of roughly 300 million Mexican pesos (almost 16 million USD). In Brazil, Banco Inter was apparently hacked and sensitive information was leaked, falling 11% in market shares. In Chile, Banco de Chile was also target of a cyberattack, where the hackers stole 10 million USD.
These three examples occurred in 2018, and are just a small number of examples compared to the many attacks that happen on a daily basis.
Latin America’s response
Slowly, countries in Latin America & the Caribbean (LAC) started creating their own cybersecurity strategies, designed to address the different sectors relevant to their countries.
Both Chile and Mexico published their Cybersecurity Strategies last year, and demonstrate a broad panorama on what, how and when to address cybersecurity risks in order to create a comprehensive framework. Mexico will focus in economy and innovation, civil society and rights, public security, national security, and public institutions, while Chile seeks to improve their infrastructure, people’s rights in cyberspace, develop a cybersecurity culture, cooperation, and promotion of the cybersecurity industry.
Argentina took a similar approach and created a program called Programa Nacional de Infraestructuras Críticas de Información y Ciberseguridad. With this program, Argentina seeks to improve the creation and adoption of a regulatory framework for the identification and protection of key infrastructures, be it private or governmental, against cyber-threats.
Additionally, cooperation is fundamental in order to achieve a better coordinated response to cyber-threats. Slowly, countries are building better ties in respect to cybersecurity, as one could observe during the XIII Pacific Alliance Summit that took place in Mexico between the 23rd and 28th of July. During the Summit, the presidents of Brazil, Chile, and Mexico talked about strengthening collaboration in cybersecurity, among other matters. The Summit, being of an economical nature, is concerned about the cyberspace, and thus making it a new high priority issue.
What is the future for Latin America?
As stated in the prior mentioned report, the LAC region is advancing rapidly towards a better cybersecurity strategy. The biggest challenge of the region is to develop a concise strategy, and set it into motion effectively. For this, LAC countries need to seek help from other countries that have a broader experience in the matter, say Estonia, the European Union, South Korea or Israel, just to mention a few.
The Organization of American States (OAS) is doing a great job at facilitating cooperation between LAC and the rest of the world, and has achieved that at least every country counts with a Computer Security Incident Response Team (CSIRT). The organization is also constantly promoting cybersecurity culture, so that all countries prioritize this matter further. Latin America has to be able to adapt to new incoming technologies fast enough, as well as build a resilient cyber-framework to deal with any risks that the cyberspace may portray.
The recent attacks at the countries’ financial sectors demonstrate how vulnerable LAC States are, and those cyber-attacks are not going to stop, hence the urgent need for a rapid advancement in cybersecurity. This advancement will only be achieved with the cooperation of external States that have more experience in the field and can provide better guidelines on how to prepare, deter, defend, and adapt against such attacks. Additionally, communication among LAC countries will be an important action in order to coordinate a strong defense, as the majority of the attacks are extraterritorial.
Christian Schreiber is an International Relations student from Tec. de Monterrey, Campus Ciudad de México.