Cyber Security Initiative in OAS member states

This initiative recognizes the importance of having a comprehensive approach to addressing cybersecurity issues and aims to support countries in developing an effective response to cyber threats through an integrated approach. The activity areas are amongst others: national cybersecurity strategy development; cybersecurity trainings and workshops; development of a OAS Hemispheric Network, known as CISRTAmericas.org; cybersecurity exercises; cybersecurity and e-government for effective public management; and identification and adoption of technical standards for a secure internet architecture.

Mitigating cyber threats in Latin America and the Caribbean

While the Internet has immense potential as an enabler of socio-economic progress, research shows that such growth can be hindered by a number of obstacles. Recent cyber-attacks and incidents affecting OAS member states have caused interruptions in a myriad of essential services. According to the report Latin American and Caribbean Cyber Security Trends (OAS/Symantec), the cost of cybercrime has reached $8 billion in Brazil, $3 billion in Mexico, and $464 million in Colombia. Critical infrastructure has had an increased number of cyber-attacks: operators surveyed for the 2015 OAS-Trend Micro report on Critical Infrastructure in the Americas reported a 53% increase of incidents affecting their computer systems over the last year.  The OAS Cybersecurity initiative under the umbrella of the GFCE opens up opportunity for capacity building for the OAS member states from the input and expertise from the GFCE membership and aid in building the relationship between the region and the rest of the world.

Relevance to other GFCE members and stakeholders

In order to identify and understand a country’s specific challenges, the OAS initiates the design process by conducting a situational analysis. This may entail in-situ visits with Government officials and other relevant national cyber security stakeholders, including representatives of civil society, the academia, and the private sector. The design process can also entail the organization of roundtables and moderated working group discussions, the administration of surveys, and the gathering of other information needed to prepare a more detailed framework for the initiative’s implementation. This Initiative is relevant to the beneficiary countries as they benefit from international experience through participating experts, Governments and stakeholders work together and at the end of the process they a have a better cyber security framework and a solution tailored to their needs.

Available best practices, research and handbooks

• Impact of Digital Security Incidents in Colombia (Spanish) – 2017 report about cybersecurity practices undertaken by Colombian private and public organizations, cybersecurity budget allocation, and the cost of digital incidents.
• Cybersecurity: Are We Ready in Latin America and the Caribbean? – 2016 report about the status of cybersecurity (risks, challenges, and opportunities) of Latin America and the Caribbean countries
• Best Practices for Establishing a National CSIRT – 2016 guidebook on the creation and deployment of a National CSIRT
• Cybersecurity Awareness Campaign Toolkit – 2015 toolkit to provide governments or organizations guidance and resources for developing a cybersecurity awareness campaign
• Cybersecurity Trends in Latin America and the Caribbean countries – 2014 research report together with Symantec

Expected Outcomes (2018 and beyond)

• Increased access to knowledge and information on cyber threats and risks by public, private and civil society stakeholders and Internet users, including vulnerable groups;
• Enhanced technical and policy capacity of governments and critical infrastructure operators to detect cyber threats, prevent, respond to, and recover from cyber incidents, and combat cybercrime;
• More robust, effective and timely information-sharing, cooperation and coordination among cybersecurity stakeholders at the national, regional and international level

Expected Outputs (2018-2019)

• Decision-makers in the public and private sectors, members of the academia and civil society, and young leaders educated on cyber threats and risks;
• Reports published and disseminated on regional cyber security trends and specific topics, in collaboration with partner institutions;
• National cyber security policy frameworks developed or updated;
• Government and private sector officials with cybersecurity responsibilities in trained on topics relevant to their functions;
• Government officials with cybersecurity responsibilities trained in real time cybersecurity exercises;
• Targeted technical assistance/advice delivered to address specific cybersecurity concerns;
• Greater collaboration and information sharing on cyber-attack information through the OAS Virtual Hemispheric CSIRT Network (CSIRTAmericas.org);
• Fully operational OAS Virtual Hemispheric CSIRT Network;
• Cyber Security officials from countries actively participate in regional and global cyberspace initiatives and dialogue;
• Active partnerships with institutions/experts of the public, private, academic sectors and civil society that have cyber security expertise.

Participating members & partners

• Organization of American States
• Argentina
• Chile
• Estonia
• Mexico
• Spain

Participation in this initiative is open to all members of the GFCE.