Security risks will outpace cyber network defenses, unless data safety is bolstered by further regulations and investments.
Governments and businesses need to place a higher wager on cybersecurity and create a working system that prioritizes costs upfront on detection and prevention. When security systems fall in line with advancing infrastructure, propelling the biotech and infotech industries as artificial intelligence informs our everyday activities, domestic security investments by companies will have far-reaching mechanisms.
In 2018, Brazil’s Jair Bolsonaro campaigned for the presidency on a promise to tackle security. Yet contending with the cyber realm and constructing cyber defense will necessarily include international cooperation in ways that are different from how intelligence agencies have historically operated.
At this time in Latin America, it’s hard to imagine a future that applies a model like the US Computer Emergency Readiness Team (CERT). Less understood is how cyber breaches are already hurting the bottom line of vulnerable emerging economies. Protecting networks in an environment with rapid technological growth and deeper connectivity requires keeping consumer data secure.
National and international cybersecurity frameworks, such as the NIST Cybersecurity Framework and the Cyber Resilience Review (CRR), have been developed and favorably adopted by countries and companies. However, a lack of cohesion in cybersecurity risk management could undermine any progress. Meeting a bare minimum for compliance purposes is not enough; it must be tied with the practice of continuously assessing risk. To encourage this, a value proposition is necessary.
Microsoft sees the opening and is stepping into an advisory role that could have profound effects on regulatory policies. Global institutions, such as the Organization of American States (OAS) in cooperation with the Inter-Development Bank (IDB) and other security companies, are now inviting Microsoft to help establish a tailored cybersecurity risk management framework for the 21st century. A 2016 cybersecurity report on Latin America’s preparedness says that more than four out of five countries are lacking a strategy for protecting critical infrastructure, and two out of three “countries do not have a command and control center for cybersecurity … [while] a large majority of prosecutors lack the capacity to punish cybercrimes.”
A joint report by Microsoft and the OAS released in March 2018 estimates that “the cost of cybercrime has reached $8 billion in Brazil, $3 billion in Mexico, and $464 million in Colombia.” It is less understood how vulnerable Latin America’s emerging economies are and the capacity that owners and operators have to make infrastructure investments. Microsoft’s influence is strongly suggestive that the region is open to adopting US cybersecurity risk management models. Yet such an initiative will predictably produce pushback from the intelligence community upholding national security imperatives.
However, it is important not to undermine the urgency caused by risks accrued from cyber insecurity in companies and countries lacking aggressive cyber protections. In advocating for a strategic approach to risk management, parsing capacity building is outlined in the policy recommendation by a 2018 OAS white paper. The report reads: “In 2004, the OAS through the Inter-American Committee against Terrorism (CICTE) and its Cyber Security Program, began fostering the development of the cyber security agenda in the Americas,” with particular attention on cyber readiness. It is increasingly apparent that the region requires implementation of governance mechanisms. Goldbricking on cybersecurity initiatives is no longer an option.
Laying the Groundwork
At a minimum, such a framework should recommend that cyber spending should be tendered to keep pace with advancing cyber technologies. The trend in greater investment for critical infrastructure is only swinging upward and the value of these developments should have financial backing by public-private partnerships.
A framework should also break down the current lack of transparency. This is particularly problematic in Latin America because cybersecurity agencies in the region and the ICT business environment do not facilitate information sharing on cyber threats. In a globalized world where e-commerce is the norm, national cybersecurity plans will be imperative for nations to gain the trust of others for trade and business relations.
Other challenges with transparency in Latin America include its reliance on analog systems. James Bosworth, a security expert on Latin America, suggested to this author that significant requirements for security power grids are undermined by analog. In an interview with RANE, a risk advisory firm, he explained that, “The poorer the country, the higher the incidence of hacked software will be.” Especially troublesome is the negative effect of pirated software, which compromises cybersecurity and is commonly used by third-party vendors.
Latin America is scaling up its ICT to booming business, but it is careening down an alarming path in securing those networks that could potentially derail its economic gains. At worst, it could compromise the trust of its people if information is hacked or used in means outside of their intent. A successful implementation scheme would gain foreign investors’ trust, promote confidence-building measures, and produce more economic opportunity in areas where supply chain security has been particularly weak. International precedence has not deepened urgency on cybersecurity either.
Latin America should be laying the groundwork for what the future of information sharing looks like and paving the way for the global south.
The views expressed in this article are the author’s own and do not necessarily reflect Fair Observer’s editorial policy.