OAS/OEA and the promotion of national cybersecurity strategies in the Americas

Event report

[Read more session reports and live updates from the 12th Internet Governance Forum]

Mr Belisario Contreras, Manager, Cybersecurity Program, Organization of American States (OAS), opened the session by saying that there is a considerable development of cybersecurity capacities as well as national policies among American states like Mexico, the Dominican Republic, Honduras and others. He also presented the main areas of the OAS cybersecurity program, which helps with capacity building and establishment of CERTs, policy development and caring out cyber exercises.

The floor was passed to Mr Victor Lagunes, Chief Information Officer, Presidency of the Republic of Mexico, who provided an insight into the preparation of the Mexican national cybersecurity strategy – ‘… we learned that it was not the right approach to create a policy that is supposed to create certainty and trust in our ecosystem without the feedback from the civil society’. The government established a collaboration platform with the support of the OAS which resulted in an open document that was co-created with civil society. The final cybersecurity strategy encompasses five objectives: society and rights, economic innovation, policy institutions, public security and national security.Mr Lagunas expressed the hope to be able to start implementation of this strategy in the next six months.

Mr Robert Strayer, Deputy Assistant Secretary for Cyber and International Communications and Information Policy, talked about the United States of America’s (USA) responsibility for assisting the OAS region in enhancing cybersecurity – ‘As an international community, we are dependent on our collective cybersecurity capacity, and we are each only as strong as our weakest link’. Then he stressed key priorities of the American cyber strategy:

• the US promotes its vision for cyberspace by actively working with our close partners and allies
• Where new digital economies emerge, the US assists countries to develop well-crafted national cyber strategies, policies and agencies that are interoperable and secure cyberspace.
• The US promtes public awareness campaigns to raise awareness of cyber-related threats and best practices worldwide.

Mr Laurent Bernat, Cyber Security and Privacy Risk Policy Analyst, Organisation for Economic Cooperation and Development (OECD), conveyed several messages in relation to the OAS region:

• OAS states are sometimes mistaken – they think they address one area, but in reality, they are addressing a multifaceted area of cybersecurity. It can include economic and social prosperity, cybercrime, defense, conflict prevention, and finally national security.
• The policy has to educate, to promote an approach to digital security which is based on the management of risk to economic and social activities, because it is not feasible to create a completely safe environment without strong restrictions.
• Cooperation among stakeholders is essential for the development of the policy.

Ms Barbara  Marchiori  de  Assis,  Cybersecurity Project Officer, Organization of American States (OAS), explained that the OAS work as facilitators. She restated the necessity of trust in the policy development process, but also pointed that it is urgent for the next steps of implementation.

The question and answer session started with intervention from a Brazilian delegate who shared the challenges that Brazil faced during the development of its strategy. The challenges were connected to the dilemma of information protection, deciding to whom the information belongs. The tendency, from a perspective of law enforcement, is to protect information by isolating it. That is not good for the digital economy, but government tends to consider this problem in national security terms. Another issue is privacy balance, how much government surveillance over private data should be allowed in order to provide protection from cyber breaches.

There were several other interventions describing the process of creating cyber security policy in various OAS states.

by Ilona Stadnik