According to the Colombian Police Cybercenter report, Cybercrime Threats in Colombia 2016–2017, cybercrime costs the world $575 billion annually or 0.5 percent of the global GDP. The report notes that the figure is four times the amount of all international development aid donations. In Latin America and the Caribbean, the cost is estimated at $92 billion per year or 16 percent of the total cost of cybercrime worldwide.
“Cyberspace is the new theater of operations for crime,” said Aníbal Fernández de Soto, deputy defense minister for International Affairs and Policy at the Colombian Ministry of National Defense. “While technological advances are a great development opportunity for the community, society, businesses, and nations, they also present threats.”
As a result, the importance of establishing mechanisms to help generate solid cyberdefense and security strategies arises. To address those risks, the Colombian Ministry of Information Technology and Communications, the Colombian Chamber of Computer Science and Telecommunications, the Ministry of National Defense, and the Organization of American States all met in Bogotá, for the Fourth Digital Security Forum.
The event, held in late August 2017, brought together scholars, government representatives, and entrepreneurs from Colombia and other nations to study the trends and challenges to help counter the effects of cybercrime in Colombia and the region. Twenty Colombian and nine foreign experts shared their experiences through theme-based seminars and forums.
“It’s very important that we’re here working together. That's why a forum like the one that brings us together today is so important,” Fernández de Soto said. “[At this forum] academia, industry, research sectors, and, of course, the government come together, talk, and debate the issues and latest trends.”
Colombia, at the forefront of digital security in the region
“Colombia is considered a regional model for cyber issues. If indeed we are a model—at least for the region—it’s because Colombia has been exceedingly judicious in formulating its policy guidelines,” Álvaro Chávez, director of Public Safety and Infrastructure for the Ministry of National Defense, told Diálogo. “That policy is laid out in the documents of the National Economic and Social Policy Council [CONPES, per its Spanish acronym].”
The first CONPES document, “Cyberdefense and Security Guidelines” of 2011, focused on countering cyberthreats under Colombia’s defense objectives and the fight against cybercrime. “Capacity building is done within the defense sector at three levels: through the Colombian Ministry of National Defense and its cyberemergency response team; the Police Cybercenter of the National Police; and the Joint Cyber Command,” Chávez said. “Colombian Army, Navy, and Air Force cyberunits are within the command.”
“The new CONPES document from 2016, ‘National Policy on Digital Security’, includes risk management as a key element to move forward on digital security,” Chávez said. “There are a number of people committed to achieving a secure internet environment in cyberspace, including, of course, government entities, the private sector, the community, and those who operate critical infrastructure.”
“The capacities we have been developing in the area of cybersecurity at the Military Forces General Command, the Army, the Navy, the Air Force, and also at the National Police, have allowed us to be strong and robust institutions, able to address incidents and manage situations that arise,” Fernández de Soto added. “Colombia increasingly has more training and more expert staff who have taken advantage of these instruments for cooperation.”
Cyberspace—a sovereign “world”
As part of the forum’s program, the Colombian War College (ESDEGUE, per its Spanish acronym) developed the “Cyberattack Simulation against Critical Infrastructure for Decision-Making” workshop. In the workshop, participants studied how attacks to critical infrastructure can occur (for example, attacks against the power system, such as a pipeline) to learn about decision-making under pressure during a cybercrisis.
“ESDEGUE is responsible for training military and civilian leaders on issues relating to defense and security,” Colombian Navy Captain Diana Milena Ávila Hernández, head of ESDEGUE’s master’s program in Cyberdefense and Cybersecurity, told Diálogo. “We are not immune from what goes on in cyberspace. We consider it a ‛world’—if we can call it that—where national sovereignty must be enforced.”
“What we believe should stand out from our participation–more than an outcome–is this message: We want to convey to Colombia that its Military Forces are prepared to tackle cyberdefense and cybersecurity challenges,” Capt. Ávila concluded. “We have the discipline, the doctrine, and the training needed to ensure that cyberspace is a secure place for the Colombian state and its citizens.”