CYBERSECURITY: ARE WE READY IN LATIN AMERICA AND THE CARIBBEAN?’

March 14, 2016 - Washington, DC

The report we are launching today reveals a stark truth: in terms of cybersecurity the situation facing our region is dangerous. Four of five countries in the region do not have cybersecurity strategies or plans to protect critical infrastructure, which leaves us exposed to potentially devastating consequences. In this context, our slogan of “more rights for more people” means we are committed to continue working to strengthen the capacities of our countries to protect the infrastructure, the economies, and the people of our region.

Dear Friends and Colleagues:

• The Internet has revolutionized how we interact with each other and the world around us. Increasing connectivity links ever-greater numbers of people together in a transnational and largely public space, and provides a growing and dynamic platform that enables communication, collaboration, and innovation in ways we could have scarcely imagined not long ago.

• This is especially so in Latin America and the Caribbean, where more than half of our population is now online and the rate of growth in the number of Internet users is among the highest in the world. In the Americas and the Caribbean we’re using the Internet to
o share ideas and culture;
o improve government and social services;
o collaborate in education, sciences and the arts; and
o to do business – all with greater accessibility and efficiency.

• Chief among the benefits of this development is the impact it has had in stimulating new economic and social development, closing the gender divide and opening new opportunities for the less privileged.

• However, our increasing connectivity to and dependency on Internet-based platforms and services has significantly increased our exposure to a host of security threats and criminal activities. Statistics clearly indicate that cyberattacks and incidents, particularly those carried out with criminal intent, are increasing in frequency and complexity. Governments and businesses have come to recognize the need for stronger cybersecurity frameworks which include measures to improve resilience, as well as the importance of cooperation and information sharing.

• Cybercrime does not recognize national borders, and a multilateral and multidimensional effort is required to address the range of cyber threats. Indeed, important progress is being made.

• The OAS has been working with Member States on cybersecurity and cybercrime for more than a decade which is longer than any other international or regional organization. In 2004, Member States adopted the Comprehensive Inter-American Cyber Security Strategy, which mandated the Inter-American Committee against Terrorism, or CICTE, to engage Member States on cyber issues. This strategy called on CICTE to ensure that countries have the ability to detect, respond to, and prevent cyber incidents. CICTE has met this mandate through a multifaceted program that addresses technical capabilities, government policy, and awareness-raising.

• Despite the progress we’ve achieved, it is critical that we understand the full scope of threats to our cyber domain, based on the most complete and up to date information available. Although there are several studies on cybersecurity capability at the national level, including a recent analysis of four countries conducted by CSIS, there is a shortage of comprehensive data on cybersecurity capability in Latin America and the Caribbean. Since 2013, the OAS Cyber Security Program has worked to address this information gap through a series of cybersecurity reports published in collaboration with industry leaders.

• In this context, at the end of 2014 the OAS and the IDB met to begin planning a holistic study on cybersecurity capabilities of countries in Latin America and the Caribbean. They worked with the Global Cyber Security Center at the University of Oxford to design an online tool to implement the Capability Maturity Model of Cybersecurity (CMM), which uses 42 indicators covering various dimensions of cybersecurity. Using the tool, the project team received a great deal of information from stakeholders in the countries. This information was validated with the support of member states, and the report's conclusions were reviewed by our colleagues at the IDB, Oxford and the Potomac Institute for Policy Studies. This Report is the culmination of the widest application of the CMM yet undertaken, as it has been applied to 32 countries within the period of one year.

• This analysis is accompanied by the contributions of international experts on cyber security in the hemisphere and provides a better understanding of the strengths and challenges in cyber security in each country. These findings represent a snapshot in time of an ever-changing landscape. However, conclusions in the report highlights a very stark truth: the region must do a lot more work in this area to ensure our cyber borders are as secure as our physical borders. For some countries this task may seem insurmountable, nevertheless, we hope that by improving our collective understanding of the cybersecurity challenges and opportunities presently confronting our region, the information and analysis contained in this report will assist stakeholders in all sectors – government, the private sector, academia, and civil society – to better work together to build a more secure, resilient and productive cyberspace in our hemisphere. The OAS looks forward to continuing to play its role in this vital mission.

• It is my esteemed pleasure present to you, in partnership with the Inter-American Development Bank (IDB) and the Global Cyber Security Capacity Center at the University of Oxford, Cybersecurity: Are we Prepared in Latin America and the Caribbean?


Following the initial brief presentations by President Moreno of the BID, Jose Clastornik of the AGESIC of Uruguay, and Michael Goldsmith of Oxford University, there will be a scripted Q & A with one question to each participant, before a recess which will end the Secretary General’s participation.

Suggested Question and Answer:
How can OAS assist in addressing the gaps identified in this report?

• The OAS has worked and continues to work to strengthen member states’ cybersecurity capabilities in a number of ways. Let me briefly tell you about two of them:
o First, we help countries develop comprehensive national cybersecurity frameworks and strategies. While this may sound bureaucratic, it is essential: we can only fight cyber crime if we continue to develop, review and update legal and regulatory frameworks. That is why legal experts from the OAS help member states to do so.
o Second, we help our member states to establish, train and equip computer security incident response teams. We are currently developing a hemispheric network of CSIRTs, in which incident response units from across the Americas will be able to share information on the latest cyber threats, vulnerabilities and exploits.