Open forum: OAS

Event report

[Read more session reports and live updates from the 11th Internet Governance Forum]

In March 2016, the OAS published a report entitled The 2016 Cybersecurity Report, Are we ready in Latin America and the Caribbean.

Mr Belisario Contreras, Program Manager, Cyber Security Program OAS-CICTE, described this report as one of the achievements of the OAS in its mission to develop and strengthen cybersecurity initiative in the LAC region. Belisario indicated that the report was a collaboration between Oxford University, the Inter America Development Bank and the OAS and it seeks to help member states to improve their cybersecurity frameworks and achieve security and resilience. The Cybersecurity team is working to increase security capacities in the OAS member states. This mean an improvement in security for governments, the private sector, civil society and academia.

The report assessed the LAC region and some 32 countries and identified 49 specific areas for improvement. The report indicates that although there have been some advances the region is not prepared. Belisario noted that 25 to 30 countries do not have national cybersecurity strategies or identified plans for protecting critical infrastructure. He also indicated that in many countries there is no coordinated approach to promote cybersecurity throughout the population. Discussions are being held in silos in the absence of any national campaigns. He noted that there are examples where academia and civil society cooperate however this does not exist in most areas.

Belisario also stated that there were 22 national cybersecurity incident response teams in the LAC region. However, the capacity and size of these teams vary from one country to the next. The OAS has also published a document on Best practices for Establishing a National CSIRT

The OAS cybersecurity program focusses on five main areas, developing national strategies, training and workshops, telecommunications, cybersecurity exercises, and development of national cybersecurity incident response teams (CSIRT).

In 2008 a regional cybersecurity strategy was adopted by all member States, which has led to the adoption of national strategies in the region. Columbia and Jamaica are implementing their national strategies. He also noted that there is an online platform, CSIRTAmericas.org, that is accessible to governments. The OAS also engages in various studies such as a study associated with cybersecurity threats in Columbia.  This study is being treated as a pilot for eventual roll out to other countries.

Belisario indicated that the OAS welcomed the involvement of civil society, the private sector, academia and all stakeholders and encourages a multistakeholder approach in the development of national cybersecurity strategies. Although the OAS cannot force states to adopt its recommendations or involve parties in the process, interested parties can contact the OAS office for information. The process of building national strategies is a learning process and is improved as it is implemented from country to country.

Contreras pointed the audience to the Global Forum on Cyber Expertise as a valuable source of information on cybersecurity.

Belisario noted that there is close collaboration with the Council of Europe and that the OAS receives assistance from donor countries such as the USA, Canada and Spain.

In response to a question on the accession of LAC states to the Budapest convention, Contreras noted that the congress of Chile has approved accession to the convention and that about 10 other countries are pending ratification. He also noted that the process of developing legislation and adopting a convention is difficult and involves several issues. He also stressed that there needs to be national dialogue on these issues.

In response to a question regarding citizens’ level of trust of government agencies Belisario noted that two initiatives were identified as priorities – cybersecurity and e-government.

He further noted that the OAS office receives  several requests but due to limited resources, these request have to be prioritised.

by Trevor Phipps