Colombia’s national policy on digital trust and security

July 2020

View the original document

Strategies and Action Plans

The National Policy on Digital Trust and Security (CONPES 3995) of Colombia, approved on 1 July 2020 by the National Council for Economic and Social Policy (CONPES), lays out a national strategy to strengthen digital trust and security in response to increasing dependence on digital technologies and emerging cyber threats. This strategy was led by the National Planning Department, in coordination with the Ministry of Information and Communication Technologies (MinTIC) and the Administrative Department of the Presidency.

Background

Colombia has faced rising cyber threats due to the growth in internet usage and the adoption of digital technologies, both by citizens and institutions. Prior frameworks (CONPES 3701 in 2011 and CONPES 3854 in 2016) focused largely on cybersecurity and cyberdefense, mainly targeting state capabilities. However, these earlier strategies lacked inclusive approaches to build trust in the digital environment across all societal sectors, including civil society, the private sector, and vulnerable populations.

Strategic objectives

The 2020 strategy sets out to:

  1. Strengthen digital security capacities among citizens, public institutions, and private entities.
  2. Update the digital security governance framework, making it more cohesive and effective.
  3. Explore and adopt international standards, models, and frameworks, with a focus on addressing challenges brought by the Fourth Industrial Revolution (4IR).

Key diagnoses

The strategy identifies major gaps:

  • Low scores in international indices for digital trust and cybersecurity capacity.
  • A weak governance model lacking coordination and a dedicated cybersecurity policy unit.
  • Limited public and private sector awareness, especially among vulnerable communities.
  • Insufficient digital education and limited integration of security practices in curricula.
  • A fragmented institutional framework with overlapping roles and limited cooperation.

Action plan

The strategy includes actions across ten lines, including:

  • Designing and institutionalising national training programs in digital security for the public, civil servants, and private sector leaders.
  • Focusing on inclusive approaches (e.g., gender and vulnerable groups).
  • Strengthening legal frameworks and updating educational content to promote digital hygiene and responsible internet use.
  • Promoting professional development in digital security through SENA and academic programs.
  • Supporting the cybersecurity industry through collaboration with regional innovation clusters and chambers of commerce.
  • Enhancing cooperation and coordination among existing security-related entities (e.g., ColCERT, CSIRTs, and defense sector units).

Governance

Two high-level bodies play a role:

  • The National Digital Security Coordinator under the Presidency lacks binding authority across ministries.
  • The Digital Security Committee operates as an advisory body without enforcement capacity.

The strategy recommends establishing a dedicated cybersecurity policy unit and improving inter-agency coordination to avoid duplication and enhance efficiency.

Implementation timeline and budget

The strategy covers 2020–2022, with an estimated budget of 8.342 billion Colombian pesos. Monitoring and evaluation mechanisms are detailed, including timelines and responsible institutions.

This strategy represents Colombia’s most comprehensive approach to date for addressing digital trust and security holistically, expanding beyond government defense capabilities to encompass the wider society and economy.