The United States and the European Union (EU) plan to work together to fund and help protect the digital infrastructure of countries vulnerable to cyberattacks, The Wall Street Journal (WSJ) reported June 15.
Africa and Latin America are likely to be the first regions to receive funding. The partnership could be operational by the end of 2022, the newspaper detailed. Russia’s invasion of Ukraine underscored the importance of protecting telecommunications networks and other equipment in those countries, the WSJ reported.
“We do not currently know which part of Latin American infrastructure is most prone to fall victim to a cyberattack on its critical infrastructure,” Esteban Jiménez, chief technology officer at Costa Rican cybersecurity firm Atticyber, told Diálogo. “Increasing the technological level of countries is crucial.”
The deal could prompt U.S. and European companies to submit bids to build digital infrastructure in countries that might otherwise accept funds from China, U.K.-based technology analysis platform Tech Monitor reported. Chinese technology can come with data-security risks, WSJ pointed out.
Discussions about digital funding began in May 2022 at the U.S.-EU Trade and Technology Council, the EU said.
“The ability to police the internet, bring cybercriminals to justice, and cooperate on global objectives requires help from all nations,” cybersecurity expert Daniel J. Lohrmann wrote in Government Technology, a U.S. magazine that focuses on state and local government information technology.
Central and South American countries have been regular targets of hackers in recent years, Tech Monitor said. The Lapsus gang launched its campaign in Brazil, attacking the Ministry of Health, while Costa Rica recently suffered several attacks by the Russian ransomware Conti gang, which disabled many of its public services.
On June 24, the Colombian National Police’s Cyber Center reported recording an increase in Conti activity, whose members steal files, encrypt servers and workstations, threaten to disclose confidential information, and demand ransom payments.
“Russian targeting has prioritized governments,” Microsoft indicate in a June report. As such, government computers running on premises rather than in the cloud are the main concern. This reflects the current and global state of offensive cyber espionage and defensive cyber protection, the report adds.
“As of now [early July] Costa Rica is still at 30 to 40 percent capacity with respect to its state before the [April 18] Conti cyberattack. There are still many services to be rehabilitated from the more than 27 institutions that were affected,” Jiménez said.
The Inter-American Development Bank (IDB) shows in a recent cybersecurity study that in 2020 only seven of the 32 Latin American countries studied had a critical infrastructure protection plan, while 20 had established cybersecurity incident response teams. This limited their ability to identify and respond to attacks, the IDB indicated.
Bringing technology initiatives to some Latin American countries can be complicated at present, Jiménez said.
For example, “the Venezuelans at one point were going full steam ahead with technology initiatives in the continent. Their technological capability was completely stopped, because technology is a vehicle for knowledge […] and that does not serve the extreme left or fundamentalists of socialism,” Jiménez said.
For “the digital funding program to take off, [the U.S. and EU] need to work with each [Latin American] country independently to establish a detailed assessment of their defensive and offensive capabilities, as well as their resilience to respond to attacks,” Jiménez concluded.