The United States committed to donate $25 million to Costa Rica to help strengthen its cybersecurity and digital infrastructure against threats from malicious actors. Costa Rica’s Ministry of Science, Innovation, Technology, and Telecommunications (MICITT) and the U.S. Embassy in Costa Rica announced the initiative.
“The U.S. government’s support is very important for Costa Rica, as it allows us to take advantage of the experience of a partner country, which has a track record and is a leader in the field of cybersecurity,” Paula Bogantes, Costa Rica’s MICITT minister, told Diálogo on April 21. “They are willing to collaborate with us on an issue that until now had not been treated as a national priority.”
The donation will make it possible to advance in the implementation of Costa Rica’s National Cybersecurity Strategy, the Ministry said. As part of this process, licensing and equipment will be provided to create a Security Operations Center to strengthen monitoring, prevention, detection, investigation, and response to cyberthreats akin to those that hit the country in 2022.
To implement these actions, the U.S. Department of State’s Office of Cyberspace and Digital Policy will work with MICITT. The funding will also provide immediate support for cybersecurity training operations, equipment, software, and other cybersecurity tools, as well as long-term capacity building, the U.S. Embassy said.
The donation will enable the development of a cybersecurity baseline to improve institutional response capacity to events and incidents, as well as to update firewalls, licensing, and development of forensic capabilities, among others.
The most affected Costa Rican entities during the 2022 cyberattacks were the Ministry of Finance, hacked by the Conti ransomware group in April, and the Costa Rican Social Security Fund, attacked by Hive ransomware group, affecting taxpayers, Costa Rican news site CRHoy reported.
Both the Conti and Hive ransomware groups are believed to be Russian-linked.
The specific details of where the U.S.-donated resources will be used in the first instance are not yet public. However, the MICITT already identified and prioritized the areas where these will be destined, with information that will be expanded in the short term, the Ministry told Diálogo.
“The United States values the close relationship we’ve had with Costa Rica for a long time as we work together to make the region more democratic, prosperous, and secure,” U.S. Ambassador to Costa Rica Cynthia Telles said. “This broad cybersecurity cooperation is a reflection of our shared commitment to a secure Costa Rica.”
“Hijacking software attacks against Costa Rica over the past year have harmed not only government institutions but also the Costa Rican people themselves,” said Anne Neuberger, U.S. deputy national security advisor for Cyber and Emerging Technologies. “President Joe Biden cares deeply about the security of our allies and partners, and this cybersecurity assistance package represents that commitment. The U.S. stands behind Costa Rica and is committed to protecting and strengthening its democracy by promoting secure, open, and trusted digital technology.”
A March 2023 Microsoft report indicated that 35 percent of small and medium-sized businesses in Costa Rica have experienced cybersecurity issues, prompting business leaders to implement specific cybersecurity-related policy.
Between May and December 2022 alone, Costa Rica’s Computer Security Incident Response Center, overseen by the MICITT, handled more than 700,000 cybersecurity alerts, affecting 167 state institutions, CRHoy reported.
“Costa Rica was a victim of cyber terrorism,” said Minister Bogantes. “Today we are aware of the vulnerabilities we had, but also of the enormous responsibility we now have to manage resources and forceful actions for the protection and security in cyberspace.”
