Presented by: - Anselm Charles ICT Manager CARICOM IMPACS

Transcription

1 Presented by: - Anselm Charles ICT Manager CARICOM IMPACS

2 Outline Introduction to CARICOM IMPACS What is Cybersecurity? CARICOM & Cybersecurity CARICOM Cyber Security and Cybercrime Action Plan (CCSCAP) Conclusion 2

3 Bermuda CARICOM Member States Associate Members 15 Full Members, 5 Associate States Combined population: >15 million Total land space : 462, 472 sq km Suriname 3

4 CARICOM FRAMEWORK FOR THE MANAGEMENT OF CRIME AND SECURITY CONFERENCE OF HEADS OF GOVERNMENT LEAD HEAD OF GOVERNMENT RESPONSIBLE FOR CRIME AND SECURITY Council for National Security and Law Enforcement Council of Ministers Responsible for National Security and Law Enforcement Security Policy Advisory Committee (SEPAC) Implementation Agency for Crime And Security (IMPACS) RSS & CDEMA Standing Committee Commissioners of Police Standing Committee Chiefs of Immigration Standing Committee Military Heads Standing Committee Comptrollers of Customs Standing Committee Heads of Intelligence & Financial Intelligence Units Standing Committee Heads of Corrects and Prison Services 4

5 Security Framework Policy & Strategy Formulation: IMPACS Border Security: JRCC Threat Assessment and Common Intelligence Picture: RIFC Oversight Passenger Profiling Strategic Assessment Coordination Cargo Profiling Threat Assessment Implementation Immigration & Customs Support Intelligence Sharing and Cooperation Capacity Building Information Sharing Capacity Building

6 FLAGSHIP PROGRAMES PRESENT CARICOM Counter Terrorism Strategy Policy Guidance CARICOM Counter Terrorism Strategy Migration Policy (Irregular & Mass Migration) CARICOM Crime & Security Strategy CARICOM Cyber Security and Cybercrime Action Plan Technical & Advisory Support Coordination Refugees and Asylum Seekers Policy (UNHCR) Exercise Tradewinds

7 What is Cybersecurity? 7

8 Cybersecurity Definition Cybersecurity refers to a set of techniques used to protect the integrity of networks, programs and data from attack, damage or unauthorized access. 8

9 Threats to Cybersecurity Cybercrime Cyberterroism Cyberwarfare Cyberespionage 9

10 CARICOM & Cybersecurity 10

11 CARICOM Crime and Security Strategy (2013) Regional Threat Perspective -Current Realities NARCOTICS AND ARMS TRAFFICKING IRREGULAR MIGRATION TERRORISM HUMAN TRAFFICKING CYBER CRIMES VIOLENT AND ORGANIZED CRIME CRIMINAL DEPORTEES 11

12 CARICOM Crime and Security Strategy Tier 1 Threats Transnational Organised Crime: Trafficking of Illicit Drugs and Illegal Guns Gangs & Organised Crime Cyber Crimes Financial Crimes Corruption 12

13 CARICOM Threats to Cybersecurity Cyber Internet fraud, such as the Lotto scam in Jamaica, is already well established in the region. This has allowed criminal syndicates in Jamaica to defraud citizens of other countries of significant sums; estimates range as high as US$300 million per annum (Jamaica National Security Policy, 2012). 13

14 Attacks on government networks (Jamaica, OECS) CARICOM Threats to Cybersecurity 2014 May 2017 ATM Skim July 2017 Aug WannaCry Ransomeware Attack NotPetya Ransomware Attack 14

15 Latin American and Caribbean Cybersecurity Trends (OAS & Symantec 2014) In total, over 552 million identities around the world were exposed in 2013, putting consumer credit card information, birth dates, government ID numbers, home addresses, medical records, phone numbers, financial information, addresses, logins, passwords, and other personal information into the criminal underground. To put this in perspective, stolen credit cards can be sold for as high as USD$200 per card on the black market, making data breaches a low risk and simple, yet profitable activity for cybercriminals In Ransomware used in locking computers Trafficking in arms, drugs and persons is also facilitated by ICTs and the Internet 15

16 Cybersecurity - Are We Ready in Latin America and the Caribbean (LAC)? (IDB & OAS 2016 Cybersecurity Report). the vast majority of our countries are not yet prepared to counteract cybercrime. The analysis is a call for action to start taking the necessary steps to protect this 21st century key infrastructure. In LAC, we face a cost equivalent to US$90 billion a year due to this kind of crime. If we are to make the most of the so called Fourth Industrial Revolution, we need to create not only a modern and robust digital infrastructure but also a secure one. Protecting our citizens from cybercrime is not a mere option; it is a key element for our development. Luis Moreno President IDB 16

17 Cybersecurity Additional Perspectives Deloitte s Global Chief Information Officer, Larry Quinlan says that despite increased improvements in technology in the Caribbean and Latin America, the regions remain highly vulnerable to cyber-attacks - BASSETERRE, St. Kitts, Saturday September 17, 2016 The networked world is fueling economic growth, and improving living standards. It is also creating threats that were unimaginable just a generation ago. Digital Economy and Cyber Security in Latin America and the Caribbean 17

18 Cybersecurity Caribbean Status According to the Cybersecurity Capability Maturity Model used by the IDB in 2016 Report, the five (5) dimensions analyzed were: - 1. Policy and Strategy 2. Culture and Society 3. Education 4. Legal Framework 5. Technologies Generally, the level of Maturity for Caribbean Countries in most of the indicators were Startup to Formation, with continuous improvements in most areas. 18

19 19

20 Collaborative Effort Steering Committee: CARICOM Secretariat CARICOM Implementation Agency for Crime and Security (CARICOM IMPACS) The Caribbean Telecommunications Union (CTU) The Commonwealth Secretariat The Organisation of American States (OAS/CICTE) Lead country for Crime and Security in CARICOM (Trinidad & Tobago) 20

21 CARICOM Cyber Security and Cybercrime Action Plan (CCSCAP) - Components The establishment of a proper governance framework, including a Regional Cyber Committee (RCC); The identification of minimum standards for Cyber Security for each country; An updated desk review of each country; Identification of mechanisms for implementation of the relevant action items - Common Needs, Solutions and agencies/partners with interest (present or potential) Monitoring and evaluation of activities to ensure that objectives are being achieved. 21

22 CARICOM Cyber Security and Cybercrime Action Plan (CCSCAP) Priority Areas - Common Needs, Solutions and agencies/partners with interest 1. Public awareness; 2. Building sustainable capacity; 3. Technical standards and Infrastructure; 4. Legal Environment; and 5. Regional and International Cooperation Collaboration - Incident response, cybercrime investigation and capacity building. 22

23 CARICOM Cyber Security and Cybercrime Action Plan (CCSCAP) It should be noted that the purpose of the Action Plan is to guide and coordinate efforts within the region recognising that while this does not itemise a conclusive list of needs, it seeks to layout capacities that are needed throughout the region as a whole. It is believed that if comprehensively addressed there will be considerable improvement in the ability of the Region to respond to cyber threats. Importantly, all agencies with interest in the area of Cyber Security and Cybercrime can use this Action Plan to guide their activities targeting the Caribbean Region. 23

24 CARICOM Cyber Security and Cybercrime Action Plan (CCSCAP) Coordination Structure Steering Committee Regional Cyber Committee Cyber National Points of Contact 24

25 Current and Future Actions Review of the CARICOM Crime and Security Strategy In progress by CARICOM IMPACS and stakeholders CARICOM Counter Terrorism Strategy Currently being developed by CARICOM IMPACS and stakeholders Use of the Internet in areas such as Recruitment and Funding Link to other forms of Transnational Crime Continue to develop responses to deal with the ever changing environment where regular cybersecurity techniques have reduced effectiveness. 25

26 Conclusion Cybersecurity has become a top priority within the CARICOM region. With the implementation of CCSCAP the region is in a better position to strengthen its cybersecurity position. 26

27 Thank you 27