Cybersecurity: Risks, Progress, and the Way Forward in Latin America and the Caribbean

This report, prepared in collaboration with the Inter-American Development Bank (IDB) and the Global Cyber Security Capacity Centre of the University of Oxford, analyzes the cybersecurity capacity of OAS member states and encourages countries to implement the most up-to-date standards in cybersecurity, while protecting the fundamental rights of their people. As in the previous edition, the study analyzes the cyber maturity of each country in the five dimensions identified in the Cybersecurity Capacity Maturity Model for Nations (CMM): (i) Cybersecurity Policy and Strategy; (ii) Cyberculture and Society; (iii) Cybersecurity Education, Training, and Skills; (iv) Legal and Regulatory Frameworks; and (v) Standards, Organizations, and Technologies. The progress made in the region—much of it with the support of the OAS—is evident. The 2016 report, for example, indicated that four out of five countries lacked cybersecurity strategies or a critical infrastructure protection plan. By the beginning of 2020, 12 countries had approved national cybersecurity strategies, including Colombia (2011 and 2016), Panama (2013), Trinidad and Tobago (2013), Jamaica (2015), Paraguay (2017), Chile (2017), Costa Rica (2017), Mexico (2017), Guatemala (2018), Dominican Republic (2018), Argentina (2019), and Brazil (2020), with several others in progress. With regard to data collection and validation carried out by our member states, the report represents an overview of the complex and changing universe of cyberspace. We hope that this study provides a perspective that allows us to appreciate where we are, that enables us to make decisions based on evidence, and that improves our collective understanding of the challenges and opportunities implied by cybersecurity in our region. The information and analysis in this report will help all stakeholders—governments, private sector, academia, and civil society—to work to build a safer, more resilient, and productive cyberspace in our hemisphere

The Role of Cybersecurity in the Public Sphere - The European Dimension

he aim of this paper is to present the areas in EU and domestic legal systems which cover currently applicable laws on cybersecurity and the related cyber-liability. Legal regulations related to cybersecurity that are currently in force embrace only a very narrow understanding of the notions of cyberspace and cybercrime. This paper aims to present those areas of the existing regulations in which the notions of cyber-liability have been preliminarily defined. Issues that are currently viewed as only marginally relevant to the functioning of states in the domain of cyberspace operations or artificial intelligence are also related to cyber-liability. The paper covers issues related to online platforms as well as the role of the state and public administration, network technologies and financial institutions in cybersecurity system especially from European perspective. It also investigates the issues related to strategic and political responsibility, cooperation mechanisms, obligations of telecommunication entrepreneurs, personal data and drone operations in public space. Part of the paper is also related to the movement of cultural assents, digital platforms, blocking injunctions and blocking access, threats of the cyberterrorism, cybersecurity, cybercrime in Hungary, including COVID-19 environment, as well as authorities competent for cybersecurity in Germany. This broad perspective is used to better understand regulatory purposes in European contexts to secure digital society development

Barriers to implementation of the (SA) National Cybersecurity Policy Framework

Thesis (M.M. (Security))--University of the Witwatersrand, Faculty of Commerce, Law and Management, Graduate School of Public and Development Management, 2016Technological advancement have seen South African government departments, state owned entities and private companies using cyberspace as a platform of interaction and the storage of information. Technological advancements have a positive impact due to the compression of space, time and thereby ensuring fastpaced interaction across borders. These technological advancements have, however resulted in most organisations, both private and public, becoming prone to cybercrimes and related incidents. In an initiative aimed at countering these threats, the South African government has passed various laws. The National Cybersecurity Policy Framework (NCPF) is a South African Policy framework aimed at countering an increase in the occurrence of cybercrimes and related incidents. This research analyses the status in the implementation of the NCPF objectives allocated to the Department of Telecommunications and Postal Services (DTPS). Then the barriers in the Implementation are unpacked guided by the literature reviewed and finally recommendations on how to counter the identified barriers are provided post the data collection. The report firstly provides an outline of the global perspectives on cybersecurity which is followed by the regional cybersecurity measures, and then the national cybersecurity measures proposed by the South African Government department are outlined. The latter parts of the report focuses on the NCPF in terms of its scope, goals, objectives and stakeholders. Finally, focus is shifted to the DTPS as a chosen area of research wherein data was collected in a form of one-on-one, semi-structured interviews with relevant parties. The results of this research are presented as a narrative description that is synthesised to develop the theoretical conjecture and empirical generalisation of the entire research. This research uncovered that there are numerous barriers in the implementation of the NCPF both within the DTPS as well as between the DTPS and various stakeholders entrusted with the implementation responsibility. The last chapter consists of general conclusions made by the researcher based on the research conducted which is then followed by recommended countermeasures which will be communicated to the DTPS as well as all stakeholders who will be affected by the proposed recommendations.GR201

Cybersecurity in Poland

This open access book explores the legal aspects of cybersecurity in Poland. The authors are not limited to the framework created by the NCSA (National Cybersecurity System Act – this act was the first attempt to create a legal regulation of cybersecurity and, in addition, has implemented the provisions of the NIS Directive) but may discuss a number of other issues. The book presents international and EU regulations in the field of cybersecurity and issues pertinent to combating cybercrime and cyberterrorism. Moreover, regulations concerning cybercrime in a few select European countries are presented in addition to the problem of collision of state actions in ensuring cybersecurity and human rights. The advantages of the book include a comprehensive and synthetic approach to the issues related to the cybersecurity system of the Republic of Poland, a research perspective that takes as the basic level of analysis issues related to the security of the state and citizens, and the analysis of additional issues related to cybersecurity, such as cybercrime, cyberterrorism, and the problem of collision between states ensuring security cybernetics and human rights. The book targets a wide range of readers, especially scientists and researchers, members of legislative bodies, practitioners (especially judges, prosecutors, lawyers, law enforcement officials), experts in the field of IT security, and officials of public authorities. Most authors are scholars and researchers at the War Studies University in Warsaw. Some of them work at the Academic Centre for Cybersecurity Policy – a thinktank created by the Ministry of National Defence of the Republic of Poland

Vulnerability assessment of modern ICT infrastructure from an information warfare perspective.

Ph. D. University of KwaZulu-Natal, Durban 2011.The overall objective of the study is to provide a vulnerability assessment of the mobile communications infrastructure to information warfare attacks; this study has a South African focus. The mobile infrastructure was selected as the infrastructure and mobile devices incorporate the majority of modern ICT technologies, namely social networking, wireless connectivity and mobility, mass storage, as well as the telecommunications elements. The objectives of the study are to: Propose a new information warfare model, and from this deduce a vulnerability assessment framework from the specific information warfare perspective. These are the guiding frameworks and model for the study. Gather information regarding threats and vulnerabilities, with particular focus on potential use in information warfare and relevance to South Africa. Establish the criticality of the mobile infrastructure in South Africa. Use the gathered information in the vulnerability assessment, to assess the vulnerability of the mobile infrastructure and related devices and services. The model and framework are generated through desk-based research. The information is gathered from research protocols that are relevant to both research and risk and vulnerability assessment, these include: expert input through interviews and a research workshop, incident and trend analyses through news and vendor reports and academic publishing, computer simulation, questionnaire survey, and mathematical analyses. The information is then triangulated by using it in the vulnerability assessment. The primary and secondary data shows that attacks on confidentiality are the most prevalent for both computer-based networks and the mobile infrastructure. An increase in threats and incidents for both computer and mobile platforms is being seen. The information security trends in South Africa indicate that the existing security concerns are likely to worsen, in particular the high infection rates. The research indicates that the mobile infrastructure is critical in South Africa. The study validates the proposed framework, which indicates that South Africa is vulnerable to an information warfare attack in general. Key aspects of vulnerability in the mobile infrastructure are highlighted; the apparent high load of the mobile infrastructure in South Africa can be seen as a high risk vulnerability. Suggestions to mitigate vulnerabilities and threats are provided

Guidelines to address the human factor in the South African National Research and Education Network beneficiary institutions

Even if all the technical security solutions appropriate for an organisation’s network are implemented, for example, firewalls, antivirus programs and encryption, if the human factor is neglected then these technical security solutions will serve no purpose. The greatest challenge to network security is probably not the technological solutions that organisations invest in, but the human factor (non-technical solutions), which most organisations neglect. The human factor is often ignored even though humans are the most important resources of organisations and perform all the physical tasks, configure and manage equipment, enter data, manage people and operate the systems and networks. The same people that manage and operate networks and systems have vulnerabilities. They are not perfect and there will always be an element of mistake-making or error. In other words, humans make mistakes that could result in security vulnerabilities, and the exploitation of these vulnerabilities could in turn result in network security breaches. Human vulnerabilities are driven by many factors including insufficient security education, training and awareness, a lack of security policies and procedures in the organisation, a limited attention span and negligence. Network security may thus be compromised by this human vulnerability. In the context of this dissertation, both physical and technological controls should be implemented to ensure the security of the SANReN network. However, if the human factors are not adequately addressed, the network would become vulnerable to risks posed by the human factor which could threaten the security of the network. Accordingly, the primary research objective of this study is to formulate guidelines that address the information security related human factors in the rolling out and continued management of the SANReN network. An analysis of existing policies and procedures governing the SANReN network was conducted and it was determined that there are currently no guidelines addressing the human factor in the SANReN beneficiary institutions. Therefore, the aim of this study is to provide the guidelines for addressing the human factor threats in the SANReN beneficiary institutions