TMCnet News

Remarks of the Assistant Secretary General at the Regional Workshop on Cyber Security Policies
[October 25, 2014]

Remarks of the Assistant Secretary General at the Regional Workshop on Cyber Security Policies


(Targeted News Service Via Acquire Media NewsEdge) WASHINGTON, Oct. 24 -- The Organization of American States issued the following speech by the assistant secretary general: Dr. Luis Alberto Moreno, President of the Inter-American Development Bank. I thank you for your personal commitment to this matter. This important workshop would not have been possible without the support of and the collaboration with the IDB, which truly reflects the partnership that exist between the institutions in the Inter-American System.



Mr. Robert Gordon, Special Adviser for Cyber Security at Public Safety Canada. We look forward listening to you and your experts on this matter and the advances Canada has been on creating a better and safer environment for cyber security. The technical and financial support of Canada has enabled the Organization of American States to strengthen the collaboration with member states. I take the opportunity to also thank the government of the United States of America and the United Kingdom for their generous financial contributions which allowed for the development of such a comprehensive agenda and the participation of 27 OAS member states in this workshop.

Distinguished representatives of member states, Distinguished experts, Colleagues from the Organization of American States, Adam Blackwell, Pablo Martinez, Belisario Contreras, and others Ladies and Gentlemen, To illustrate the importance and timeliness of this Regional Workshop on Cyber Security Policies, as it takes place in the National Cyber Security Awareness Months of the United States of America, allow me to read an email I received two days in a row this week from one of the principal internet engines, alerting me and warning me of a possible attempt to breach my email address. It said: "Hi [email protected] On 10/19/2014, 6:04:39 PM CDT, we noticed an attempt to modify your recovery email address [email protected] from an unrecognized device on Mobile. Help us to protect your account.


Help us keep your account safe.

Recently, there's been a rise in security incidents on the web. While we continue to work hard to keep the network secure, we're asking users to help us keep their accounts safe, please click here to verify your account and update your account recovery information.

Thanks for taking these additional steps to keep your account safe." Now, I am an avid user of the computer, the internet and information technology in general, but I do not consider myself an expert in determining what could be the beginning of a cyber security breach. So when you receive such an email the first thought is "great, someone is trying to help avoid someone else to get into my database of information", but then on second thought you quickly ask yourself whether this friendly warning is legit or not. Especially when there is an instruction in the alert to "click here" to verify your account. The Internet, if it was a country, would be possible the largest country in the world today, creates opportunities, but it opens also the door to theft, fraud and abuse.

Ladies and gentlemen, this is just an example at an individual level, but let us assume what the consequence would be if this is not a legit warning and it takes place at a larger scale and in a more sensitive facility that controls part of our life. Cyber security threats are growing rapidly, in scale and sophistication. Cyber security adversaries have been successfully compromised many financial operations in the past month. For the top management of our countries, our businesses and in inter-governmental organizations like ours, cyber security must be a top national security priority.

And this is why I believe this workshop is so critically important. To bring member states' experts together to share information, experiences, good and not so good practices and learn from experts and colleagues how to prepare for cyber security breaches. Like natural disasters, we will not be able to eliminate these man made breaches and threats, so preparing and protecting ourselves must be a top priority for governments, for the business community and the society as a whole, as cyber security must be considered a shared responsibility of all. And to address these new and complex security challenges to protect and manage the information databases effectively, we will require a new mindset that is that no one is immune to a cyber security breach. Many still believe that their safety and security protocols are sufficient and cannot be compromised. No, we will need to be more realistic, smart, creative and strategic in our approaches to fight this battle.

I am pleased to note that this Regional Workshop on Cyber Security Policies is not the first of its kind. Rather, hemispheric workshops on cyber security have become commonplace, each with a varying focus and particular objectives. The importance of cyber security in the Americas - especially at the political level - is owed in large part to the success of past OAS gatherings much like this one today.

Ladies and gentlemen, in 2004, OAS Member States unanimously adopted the Comprehensive Inter-American Cyber Security Strategy. Although there are clear differences between OAS Member States, they were able to reach consensus on a very complex issue. Other regions in the world have been hard pressed to muster the same level of agreement as the Americas have been able to do. Nine years after the OAS strategy was adopted, for example, the European Union published its own, encompassing many of the same themes and issues outlined in the one proposed by our Member States. While Europe is more advanced by many measures of cyber security, the Americas as a region is making significant advancements in the field of cyber security.

When the 2004 strategy was adopted, there weren't many - aside from those working in ICT - who foresaw the reliance we would come to develop on the internet and its associated technologies. As such, there was little understanding or recognition in many OAS Member States that the digitization of our lives and our governments could leave us vulnerable to forces and criminals we knew little about. There were few regulations, few policies, and very few people with the technical knowledge and abilities to secure our critical information and infrastructure. At the time the cyber domain and its security concerns were uncharted territory.

In the decade that has passed since the Member States of the OAS adopted the Strategy, we have been witness to untold changes in the way we interact with and use ICTs, and the myriad obstacles we face in maintaining secure and open internet. The world has never been more interconnected and dependent on the Internet, its networks, and complex information systems. Countless services on which we rely, and largely take for granted, including energy, transportation, security, banking, social services, and many other systems, depend on the Internet and its connected networks to function properly. The Internet has allowed business to flourish, and has been a tremendous vehicle for innovation and economic growth, having a positive impact on all the citizens of the Americas. But it has left us also vulnerable to illegal use and new forms of threats.

Most if not all experts recognize that being attacked or compromised in the digital domain is not a question of "if" but of "when." It is important to remember that cyber-attacks do not discriminate between nations big or small, and do not recognize borders. Cyber incidents affect all kinds of public and private entities, regardless of political, social, or economic factors, and being unprepared for an attack leaves our societies extremely vulnerable.

Whereas governments and those dedicated to protecting our networks have to repel 100% of the attacks against our networks to be secure, criminals only need success once. The challenges we face are truly extraordinary.

In 2012, as a follow up to the 2004 Strategy, Member States renewed their commitment to protecting our networks through the "Declaration on Strengthening Cyber Security in the Americas." While reinforcing the need to create technical cyber capacity and a culture of information security, the declaration called on countries to devise comprehensive policy frameworks and strategies that would guide national cyber efforts. It also recognized the need to assure that critical infrastructures were secure from cyber attacks.

In response, the OAS has embarked on an ambitious program of capacity building that integrates policy, technical, and cultural considerations. Since 2006, the number of National CSIRTs (Computer Security Incident Response Teams) in the Americas has increased from 5 to 18. We continue working with those countries that haven't established CSIRTs to do so, and collaborate with existing CSIRTs to both ensure their viability and ability to deal with new and emerging threats.

On the cyber policy front, the OAS continues to make remarkable progress. In addition to regional gatherings such as this one, we help countries develop their own national cyber security strategies. For example, in 2011, with our assistance, Colombia became the first county in the Latin America or the Caribbean to adopt a comprehensive national cyber framework. We then worked with Panama and Trinidad and Tobago towards the same end and we are currently helping Bahamas, Colombia - (a revision of its original strategy), Dominica, Jamaica, Paraguay, and Peru develop their own cyber security strategies.

We also were the first regional or international organization in the world to carry out workshops on cyber security and critical infrastructure protection. The first of these came in Colombia in 2013 which was followed by an event in Mexico this year in partnership with PEMEX and the Mexican Federal Electricity Commission. We are in discussions with the Panama Canal to do an assessment of their cyber security measures in place and make any possible recommendations to ensure one of the great enablers of global trade and business remains open and functioning efficiently.

How will this workshop further OAS cyber capacity-building efforts in the region? The OAS believes it will serve three critical functions: First, it will provide a space for cyber security policymakers to talk about their successes, challenges, commonalities, differences, lessons learned, and best practices. Holistic cyber security policy and planning requires a multidisciplinary vision that incorporates legal, technical, organizational, educational, business, and many other considerations.

Second, we hope this workshop will help member states chart a clear path to follow on cyber security. We hope to work with international experts and the senior Member States officials in attendance to define the most pressing cyber issues and needs facing our hemispheric community.

Finally, this training will foster strengthened collaboration and partnerships within the Inter-American cyber security community. In cyber security, much more so than in other disciplines, personal relationships and trust are paramount to success. When confronting an adversary that easily establishes dangerous relationships in cyberspace it is essential to know your allies well. I urge you all to take advantage of each other's presence, for it can go a long way in knowing who to call when the simulations are done and you are faced with a real cyber security incident.

Along with the support of the Inter-American Development Bank and other entities, we can plot the technical and political course the OAS will need to ensure that Member States and particularly the private sector have at their disposal the best cyber security technical assistance and training available. Again, President Moreno, thank you very much for hosting this 5 day workshop at the IDB and we look forward, working with you to strengthen the capabilities of this hemisphere to address the cyber security challenges.

I urge all member states present and not present to commit to strengthening the policy frameworks that will guide your efforts moving forward. Please rest assured that the OAS remains committed to coordinating efforts and providing capacity building assistance to help member states mitigate the threats and develop secure networks. All and always in the interest of creating a safer, stable and more peaceful Americas.

Ladies and gentlemen, I thank you for your attendance, I thank you for your attention and I wish everyone a most productive workshop.

Thank you.

TNS 30FurigayJane-141025-4913630 30FurigayJane (c) 2014 Targeted News Service

[ Back To TMCnet.com's Homepage ]