“Overcoming Mistrust in Order to Deal with Computer Security Incidents”
One of the main challenges in dealing with computer security incidents within the region is overcoming mistrust and sharing information with national and international response teams, Belisario Contreras, program manager for the OAS Inter-American Committee against Terrorism (CICTE), told Lacnic News.
In the opinion of the OAS expert, institutions that fall victim to computer security incidents “do not share this information” with incident response teams out of “mistrust” or “ignorance,” which helps those responsible for the attacks avoid being prosecuted and punished.
Contreras believes it is essential to create awareness on the major threats experienced in each country to develop common response strategies throughout the region. “Often due to the potential damage to their image, others due to the fear of sharing sensitive information, or simply out of ignorance, the fact is that institutions find it difficult to report computer security incidents,” said Contreras.
The CICTE program manager acknowledged that the number of attacks in the region continues to grow and that these attacks are becoming increasingly sophisticated. The lack of information makes it impossible to quantify the economic damage these computer security incidents are causing the continent.
In addition to National Computer Emergency Response Teams (CERT), the sophistication of these attacks has led some governments to create their own computer security law enforcement units to prosecute those responsible for the attacks. Such is the case of Colombia, a country that has implemented various teams at state, police and military level, said Contreras.
There are already 18 national CERTs in the Americas. The OAS expert noted that the region’s governments are prioritizing cybersecurity because they consider computer security incidents to be an authentic threat to Internet stability. In this regard, Contreras said that the OAS is working together with the region’s Ministries of Justice to change the countries’ legislations. “We have a group specializing in cybercrime that recommends that countries modify their laws to allow dealing with computer incidents,” said Contreras.
The expert admitted that the Internet’s impact on people’s lives continues to grow and that the law must be adapted without curtailing freedoms. According to the OAS official, “it is a great myth” that “greater Internet security” will “curtail” freedoms.
“Security should not go against the fundamental rights of human beings. Increasing Internet security does not mean that an Internet police will be trying to prevent certain publications. The idea is to adapt national legislations to allow proper use of the Internet. States should protect their citizens,” said Contreras.