Cyberdefense and Cybersecurity in Colombia
By Colonel (ret.) Jairo Andrés Cáceres García, adjunct researcher on Cyberwar and Military Logistics, Colombian War College September 22, 2016EL TEMA ES MUY INTERESANTE. GRACIAS POR ENVIAR LA INFORMACION. Colombia has considerably increased the use of information and communication technologies to combat cyber threats, jumping seven spots in the World Economic Forum's (WEF) annual report on global information technologies. This positive development reflects the growth of Internet usage – about 6,634,659 people in the country subscribe to broadband -and the reduced costs of providing this service. Even so, the country has been the target of cyberattacks. For instance, during the first semester of 2011 the self-described hacktivist group Anonymous attacked the portals of the Presidency of the Republic, the Senate, Online Government, and the Interior, Justice, Culture and Defense ministries. The attack was carried out to protest the “Lleras Law", a draft bill presented in April 2011 by then Minister of the Interior and Justice Germán Vargas Lleras, which sought to regulate "the responsibility for violations of copyright and related Internet rights are regulated." According to document 3701 of the National Board of Political and Social Economy of Colombia (CONPES, per its Spanish acronym), the Anonymous group has indiscriminately attacked international public and private entities, including PayPal, MasterCard, Visa, and the Swiss bank Post Finance. CONPES directs overarching cybersecurity and cyberdefense policy and develops strategies to counter digital threats. Likewise, it compiles records of previous incidents that have occurred nationally and internationally. CONPES is headed by the president of the country, and its technical secretary is the chief of the National Planning Department. CONPES 3701 was issued on July 14th, 2011, as a guide to formulating cybersecurity and cyberdefense policy. Combatting cyberattacks To comply with CONPES 3701, Colombia set up a solid and innovative cyberdefense system. The system is designed to prevent attacks on state institutions, as well as mount an active cyberdefense, which is required to technologically protect government information. Cyberdefenses must be proactive, dynamic and continually updated in order to protect against potential attacks. There must be a laboratory with digital radar that allows possible threats to be recognized in an opportune manner. One of the most noteworthy aspects of CONPES 3701 is the creation of a Multi-Sector Commission, which includes representatives of the Defense Ministry, the Cyber-Emergencies Response Group of Colombia, the Joint Cybernetic Command, the General Command of the Armed Forces, and the National Police's Police Cybernetics Center. The CONPES 3701 document In March 2014, Colombian President Juan Manuel Santos sought advice from international cybersecurity experts and support from the Organization of American States (OAS). This outreach resulted in the creation of the "National Mission of Technical Assistance on Cyber Security," which took place from March 31st to April 4th of that same year through the Cybersecurity Program of the Inter-American Committee against Terrorism, part of the OAS' Secretary for Multidimensional Security. The objective of the mission was to draw up a series of recommendations that would give the government a solid and professional technical base when implementing its system. The team of experts on the National Mission of Technical Assistance was comprised of officials from the governments of Canada, Spain, United States, United Kingdom, Dominican Republic, Estonia, Israel, South Korea and Uruguay. In addition to OAS officials, the international commission included the participation of representatives from the Council of Europe (COE), WEF, INTERPOL, the UN, the Organization for Economic Cooperation and Development (OECD), and Oxford University. Mission members received information from different Colombian governmental institutions involved in the areas of cybersecurity and cybercrime, as well as from the justice branch, civil society, and the private sector. They also were given access to the installations charged with protecting Colombian cyberspace. During the mission, then-Minister of Defense Juan Carlos Pinzón Bueno reaffirmed the Colombian government's commitment to take the necessary steps to create the mechanisms required to protect Colombia with respect to cybersecurity and cyberdefense. Likewise, he said the Armed Forces of Colombia must prepare to protect the nation from any attack that might come from cyberspace. That is why "we must have cyberintelligence and cyberdefense, to confront these challenges," he said. Among the main recommendations: that the system be harmonized in accordance with the Convention on Cybercrime, known as the Budapest Convention, to take into account successful legislation on digital crime; the obligatory retention of traffic data, and the participation of key actors in the regulation. Other relevant recommendations include the training of judges and public prosecutors about digital crime, as well as the proper handling of digital evidence and the implementation of international cooperation mechanisms. Colombia's implementation of CONPES 3701 has made it a trailblazer in Latin America. Five years later, the country plays a leading role on the continent in the fight against cybercrime. This past April the government drafted a new document, CONPES 3854, which aims to replace the earlier directive. Based upon CONPES 3701 with some fundamental modifications, the new document changes the emphasis to include risk management as one of the most important aspects of digital security. Finally, it's worth mentioning that cybersecurity incidents are increasingly becoming an everyday occurrence. Each year the quantity and types of cyberattacks on the public, companies and institutions expand significantly, and keeping track of the situation is becoming more difficult. In its report on Cybersecurity 2016, the Cybersecurity Observatory in Latin America and the Caribbean reported that cybercrime costs the world up to $ 575 billion annually, an amount equivalent to 0.5 percent of global Gross Domestic Product. In Latin America and the Caribbean, these types of crimes cause annual losses of about $ 90 billion. It recommends the immediate launch of a public awareness campaign to promote the safeguarding of information at all levels. Without such a campaign, it will be very difficult to confront this century's new transnational criminal threat.