Latin American security officials must remain on alert for cyber-attacks, analyst says
By Dialogo March 25, 2014
The security forces of Latin American countries must be more vigilant than ever about the threats posed by computer hackers, said Inigo Guevara, a security analyst at the Collective for the Study of Security with Democracy (CASEDE) in Mexico City.
Cyber-security is too important to delegate to civilian government workers or to contract out to the private sector, Guevara said. “Cyber-defense is an important issue that, because of its seriousness, should be assigned to the Armed Force,” Guevara said. “Each Latin American country should work on cyber-defense to protect (computer) networks which operate the national infrastructure.”
Computer hackers pose a growing threat to governments, companies, and individuals in Latin America, according to Paul Stockton, a security analyst at George Washington University’s Homeland Security Policy Institute and senior advisor to the Center for Strategic and International Studies, a Washington-based think tank.
The threat is posed not just by terrorist groups, but by gangs of criminals, or even individuals, Stockton said. These people are capable of stealing credit card and bank account information from consumers and companies to enrich themselves, and can also disrupt the technological systems of governments, including those of security forces.
“Anybody today in the Western Hemisphere can go online and buy sophisticated weapons to attack industrial control systems,” Stockton said. “We used to worry [only] about al-Qaeda, folks, but those days are over. Unless we can clamp down on this Wild West marketplace, then anybody can launch these attacks.”
A growing threat
The cyber-threat is growing, in Latin America and throughout the world, said Dan Chenok, executive director of IBM’s Center for the Business of Government.
“Cybertechnology enables great improvements in productivity, but it also enables new elements of risk,” Chenok said. “These cyber-threats around the world range from garden variety hackers working in their basements to hostile nation-states. We also have advanced technologies that continue to provide great opportunities in areas like cloud computing, and the power of analytics to reach vast stores of information in databases, in ways you couldn’t dream of five years ago.”
Chenok and Stockton spoke about the growing cyber-threat at a recent conference at the That’s the collective warning from a panel of technology gurus speaking earlier this month at Carnegie Endowment for International Peace in Washington, D.C.
News about cyber-attacks and cyber-threats are common, said Eric Farnsworht, vice-president of the Americas Society and Council of the Americas (AS-COA), which sponsored the Mar. 6 conference.
“All we have to do is open the newspaper,” Farnsworth said. “Anyone who’s shopped at Target knows what we’re talking about. So does anyone who’s had their Facebook account hacked. “It’s affecting companies across the Western Hemisphere, and it’s costing real money. This summer, when the eyes of the world are on Brazil for the World Cup, we’re aware that Brazilian hackers have threatened to disrupt World Cup activities. And with millions of tourists focused on the games, they may not be focusing on the safety of their bank cards.”
In April 2014, Brazil will host a conference to address the rise of cybercrime, exploring policies governments can implement to protect their citizens. The Global Multistakeholder Meeting on the Future of Internet Governance is scheduled to be held April 23-24 in São Paulo.
A protective measure
A growing number of countries are relying on teams of skilled computer professionals to prevent cyber attacks on national infrastructure, Chenok said. These groups are known as Computer Emergency Readiness Teams (CERTs).
“Seven or eight years ago, only five members of the Organization of American States had CERTs. Now almost all of them do,” said Chenok. “So while the threats are varied, the capabilities to fight those threats are increasing at all levels.”
Cybercriminals generally fall into one of three groups, said Neal Pollard, chief of forensic technology solutions at accounting giant PricewaterhouseCoopers, a large U.S.-based company.
Most cybcriminals are part of a state-funded unit, operate on behalf of an organized crime group, or belong to a “hacktivist” group which is motivated by political beliefs, according to Pollard.
Cybercriminals who are work for an organized crime group “know where the money is,” Pollard said.
In the United States, cyber-crime costs businesses about $300 billion a year, according to published reports.
In November and December 2103, the U.S.-based department store Target was the victim of a massive security breach. The second-largest discount retailer in the United States disclosed that the data breach compromised 40 million credit and debit card accounts between Nov. 27 and Dec. 15. On Jan. 10, 2014, Target officials disclosed that hackers also stole e personal information — including names, phone numbers, emails and mailing addresses — from as many as 70 million customers.
Growing awareness of cyber-attacks
Security officials in Latin America must remain vigilant for cyber-attacks against critical government infrastructure, according to Guevara and Stockton.
“Our partner nations across the Western Hemisphere are becoming more and more aware of these threats, and the degree to which infrastructure is increasingly dependent on automatic industrial control systems,” said Stockton. From May 2009 to January 2013, Stockton served as assistant U.S. Secretary of Defense for Homeland Defense and Security Affairs in the Americas. In that capacity, he worked with Colombia, Chile and other countries to boost collaboration with the Pentagon in reducing these countries’ vulnerability to cyber attacks.
“More and more automated control systems lie at the core of these operations, such as transportation and the national electric grid,” Stockton said. “These systems are tied to the Internet. There are so many ways of getting in now — including insider threats — that we have to take very seriously the risk that these systems will be seized.”
For example, for a city’s electric power grid to function — whether it’s Managua, Guatemala City, or Montevideo — it must be in perfect balance at all times, Stockton said.
Julieta Pelcastre contributed to this article.