Snapshot: cybersecurity health card for select Caribbean countries – part 2

Following from our previous article, insights on the state of cybersecurity in 2013 for the remaining six Caribbean countries, as reported by the Organisation of American States and Symantec in their Latin American + Caribbean Cyber Security Trends report, are summarised.

In our 13 August 2013 article, we presented a snapshot of cybersecurity in seven Caribbean countries, as reported in Latin American + Caribbean Cyber Security Trends, which was published by the Organisation of American States (OAS), in collaboration with Symantec, a leading network security firm. In this post, we highlight the remaining six Caribbean countries included in the report: Haiti; Jamaica; Saint Kitts and Nevis; Saint Vincent and the Grenadines; Suriname; and Trinidad and Tobago.

As stated in Part 1 of this snapshot, for each country, the state of cybersecurity has been drawn directly from the Latin American + Caribbean Cyber Security Trends report, to provide insights on the following:

  • whether there are national strategies and/or policies on cybersecurity
  • whether a Computer Security Incident Response Team (CSIRT) or Computer Incident Response Team (CIRT) has been established
  • whether cybersecurity awareness campaign have been implemented
  • the extent to which in depth cybersecurity training is available in country
  • a brief summary of recent cyber incidents activities or trends in country
  • any recent developments or improvements that have been implemented
  • key concerns expressed either by the country or the report authors, and
  • critical factors to advance cybersecurity, as identified by the country or the report authors.

Haiti

http://en.wikipedia.org/wiki/HaitiNational cybersecurity strategy and policy: None, but efforts underway to prepare one

CIRT: None

Cybersecurity awareness campaign: Yes, campaigns have been implemented

In depth training nationally: None available, but less intensive courses can be found locally

Cyber incidents status/trends: Government authorities report a marked increase in the number of known cyber incidents, most of which involve social networks and the theft and/or misuse of users’ identities and information

Recent developments: Establishment of a multi-stakeholder task force that has been charged with, inter alia, developing a national strategy; collaborating with Parliament to draft and pass requisite laws; and creating and building a national CIRT

Key concerns: Lack of a national policy and strategic framework; absence of capacity building and awareness raising initiatives; no CIRT

Critical factor to advance cybersecurity: Access to adequate financing; developing the country’s cybersecurity capabilities; creating a cybersecurity policy; establishing a CIRT.

Jamaica

Jamaica flag (Wikipedia)National cybersecurity strategy and policy: None, but efforts underway to have a strategy finalised

CSIRT: None, but work underway to establish one

Cybersecurity awareness campaign: None has been undertaken

In depth training nationally: Yes, degree programmes are available that offer some specialisation in areas such as Information security, network, security, and cryptography

Cyber incidents status/trends: National authorities report a 15 percent increase in cyber incidents in 2013 as compared to the year prior. The most prevalent activities reported included third party transaction online fraud, cyber defamation and cyber extortion

Recent developments: Joint Select Committee of the Houses of Parliament was established in January 2013 to consider and report on the operation of the Cybercrimes Act.

Key concerns: Lack of a national policy and strategic framework; absence of capacity building; absence of a national CSIRT; and awareness raising initiatives

Critical factors to advance cybersecurity: Development of a cybersecurity strategy; establishment of a national CSIRT; adequate personnel to investigate incidents; improved cybersecurity and cybercrime awareness.

Saint Kitts and Nevis

Saint_Kitts_and_Nevis FlagNational cybersecurity strategy and policy: None

CIRT: None

Cybersecurity awareness campaign: None has been undertaken

In depth training nationally: None

Cyber incidents status/trends: The national authorities report no observed increase in cyber incidents of any kind over the past year, nor any particular incident of noteworthy nature or consequence

Key concerns: Lack of a national policy; no framework for private sector reporting; no CIRT

Critical factors to advance cybersecurity: Establishment of national CIRT; enactment of requisite legislation to investigate and prosecute cybercrimes; strengthening awareness and cooperation among key private and public sector entities.

Saint Vincent and the Grenadines

St_Vincent_and_the_Grenadines FlagNational cybersecurity strategy and policy: None

CSIRT: None

Cybersecurity awareness campaign: None has been undertaken

In depth training nationally: None available

Cyber incidents status/trends: Major observed increase in cyber incidents has related to social network in schools, as Internet and computers have become more accessible to students through the government’s ‘one laptop per child’ initiative.

Key concerns: Lack of a national policy; absence of capacity building and awareness raising initiatives; no CSIRT

Critical factors to advance cybersecurity: Capacity building; policy development; adopting a national strategy; reforming the legal system; and establishing a national CIRT.

Suriname

Flag of Suriname (Wikipedia)National cybersecurity strategy and policy: None, but it is in development

CSIRT: Yes – SurCSIRT. Was defunct, but currently being reactivated

Cybersecurity awareness campaign: None reported.

In depth training nationally: The University of Suriname will offer a course on cybersecurity

Cyber incidents status/trendsAuthorities assert that in general cybercrime is not especially common in Suriname, although they do report having observed over the past year an increase in incidents involving skimming and bank fraud.As official records are nonexistent and reporting by the private sector is minimal, there are no known cases where an incident was successfully resolved

Key concerns: Lack of trust among stakeholders; absence of collaboration among stakeholders; insufficient funding; lack of adequately trained personnel; absence of national legislative framework

Critical factor to advance cybersecurity: Creating a more collaborative system among stakeholders; securing adequate funding to support needed initiatives; capacity building; policy and legislative reform to support SurCSIRT.

Trinidad and Tobago

Trinidad_and_Tobago FlagNational cybersecurity strategy and policy: Yes, a National Cyber Security Strategy was approved in December 2012

CSIRT: Anational CIRT (TT-CSIRT) is in process of being established

Cybersecurity awareness campaign: Yes, some activities have been undertaken

In depth training nationally: Ethical hacking courses are offered at some academic institutions, but currently there are no cybersecurity degree or certification programs within the country

Recent developments: A cybercrime bill has been drafted and is under consideration by Parliament. A Trinidad and Tobago Cyber Security Agency (TTCSA) will soon be created, under the purview of the Ministry of National Security, and will serve as the main entity responsible for coordinating and managing all cybersecurity activities. The government is also currently in the process of establishing a national CIRT (TT-CSIRT), housed within the Ministry of National Security. The Ministry of National Security is in the process of launching a public awareness campaign targeting the general population, which will consist of video shorts on different types of cybercrime, and press articles and public service announcements

Cyber incidents status/trends: In 2013 eighty five (85) cybercrime-related cases were opened by the police, althoughnone resulted in convictions. Other anecdotal information indicates that most reported incidents areassociated with impersonation of identity using Facebook or social networks or the exploitation ofemail for identity theft and fraud

Key concerns: Insufficient funding; lack of adequately trained personnel; the absence of an appropriate national legislative framework (though soon likely to be remedied)

Critical factor to advance cybersecurity: National legislation; realisation of TT-CSIRT; securing adequate funding; undertaking suitable training and capacity building.

 

Image credit:  stockimages (FreeDigitalPhotos.net); Wikipedia (All flags)

___________