Technology community forum finds Caribbean cyber security safeguards below par

The need for the Caribbean to ensure the integrity of its key and critical internet and other communication infrastructure as the COVID-19 pandemic continues to make its presence felt in the various territories was one of the key currents of the discourses that attended the recent Fourth Annual Technology Community Forum hosted jointly by the Caribbean Network Operators Group (Carib.NOG) and the American Registry for Internet Numbers (ARIN).

 A report on the virtual regional forum quoted ARIN Caribbean Affairs Director Bevil Wooding as saying that the COVID-19 pandemic had “forced organizations and governments to accelerate the digitization of systems and rush to get essential services online” in response to the communication emergencies that had arisen in the wake of the global pandemic.

ARIN is a nonprofit corporation that manages the distribution of Internet number resources in many Caribbean and North Atlantic islands, Canada, and the United States.

During the deliberations, Wooding asserted that the “rush to online service delivery has exposed several weak points in the region’s internet infrastructure, human resource capacity and institutional readiness.” He said that the circumstance pointed to the rising challenge “to keep critical local and regional systems secure, resilient and accessible. It is also now more than ever our collective responsibility to ensure that the region is able to effectively address these important issues,” Wooding added.

 Weak internet communications systems have affected the various communication regimes in Caribbean, over time, impacting on both their domestic operations as well as on the need for communication across the territories to enable bilateral as well as multilateral exchanges at the level of both country to country and CARICOM-related communication.

 Beyond the need to shore up the operating efficiency of the system, the forum also considered security issues relating to the internet network across the region with Barbadian-born Niel Harper, Chief Information Security Officer at the United Nations Office for Project Services, calling for closer attention to be paid to the development of across-the-region relevant communication skills and addressing what, increasingly, have come to be seen as the mounting cyber-security threats facing the region. Harper reportedly pointed to “the adoption of remote work, the rapid shift to cloud computing, and some high-profile cyber-attacks as among the indicators that the region needs to increase its awareness of cyber-security threat considerations.

 Harper wants the region to create a regime of enhanced “collaboration and cooperation, including information sharing, joint incident response exercises, workplace development and learning from corrective actions,” as building blocks towards enhanced ‘resilience’ in the regional internet network.”

Issues of cyber-security in the region were ventilated by former head of Jamaica’s Cyber Incident Response Team and founder of the cyber-security consultancy, eMRock, Dr. Moniphia Hewling who used the forum to call for greater transparency in the region in the reporting of cyber-attacks. “To better understand the problem cyber-attacks pose to the region we must be able to better measure the extent and impact of attacks. This requires greater and more timely disclosure by affected organizations so that hard numbers can be attached to the cyber-security problem. Where there is no effective measurement, mitigation and remediation will always be compromised,” Hewling stated.

It is generally believed that the Caribbean remains particularly vulnerable to cyber-attacks given the indifference of both governments and the business community to those vulnerabilities.

The 2015 cyber-attacks on the security systems in St. Vincent and The Bahamas in 2015 may have brought expressions of alarm by the various state and regional authorities though the subsequent response has not come close to mounting an effective response to the scale of the crisis.

Setting aside what is generally felt to be state indifference, experts have identified outmoded IT systems and software which they say have the potential to seriously compromise state communication systems.

Here in the region, experts have also identified the absence of the requisite expertise and financial resources as issues that contribute significantly to official inattention to cyber-security matters.

The discourses at the forum reportedly revealed not just a lack of suitable security safeguards within state portals but also the existence of outmoded IT systems and software, vulnerabilities that may have the potential to have already had long compromised governments’ internal communications.