Microsoft, OAS, partner on regional infrastructure cybersecurity report

In today’s world, cybersecurity is one of the most pressing challenges of our time. Although multiple efforts across Latin America and the Caribbean are aimed at limiting vulnerability to cyber-attacks, during this critical time organizations at both regional and national levels could benefit from understanding and keeping up with the evolving threat landscape.

As part of the efforts to strengthen the public-private partnerships to mitigate cyber-attacks in critical infrastructure, the Organization of American States (OAS) and Microsoft are releasing the report “Critical Infrastructure Protection in Latin America and the Caribbean 2018.”

The survey, which is included in the report, collected responses from over 500 owners and operators of critical infrastructure. It’s worth noting that 69% of respondents indicated they have noticed an increase in the number of attacks to their computer systems and/or networks over the last 12 months, but only 57% of the respondents indicated they did not have a dedicated budget for cybersecurity measures. Results are not all grim, among those respondents with a dedicated budget, 59% indicated budgets have increased within the last year.

The report, result of the OAS and Microsoft’s joint efforts to empower governments in Latin America and the Caribbean to respond and investigate cyber incidents, reflects what is currently being done to limit the vulnerability of critical infrastructure to cyber-attacks across the region, and suggests that while there is collaboration between the public and private sector, and a growing awareness of cybersecurity issues, more could be done to protect vital assets. Critical infrastructure includes services essential to the well-functioning of a society, such as financial services, energy, communications and water supply.

Some of the practices recommended in the document to develop a suitable critical infrastructure framework or policy include:

  • Ensuring clear division of responsibilities

  • Establishing security baselines

  • Developing early warning mechanisms

  • Investing in human and technical resources

  • Improving cyber resilience

  • Participating in international networks to understand the threat landscape

The OAS Secretary General, Luis Almagro, stated that “the results of this report reaffirm the need for regional leaders to strengthen their efforts to protect the breadth of our critical national assets. As a region, we have been able to make great strides and we continue improving effective cooperation in hemispheric security, but there still much ground to cover.

In the OAS, though the Inter-American Committee against Terrorism (CICTE) and its Cybersecurity Program, we are ready to continue supporting Member States to protect against these threats. At the same time, we urge governments and the industry to increase investments and efforts in the protection of the digital space, and above all, promote initiatives that enhance digital security knowledge for all citizens.”

With great challenges ahead and more sophisticated threats waiting for an opportunity to do harm, it is important to highlight that by strengthening the partnership between public and private organizations, it is possible to respond and be prepared for future cyberattacks. To this point, Robert Ivanschitz, Assistant General Counsel for Microsoft Latin America, commented: “Microsoft is committed to be a leader in privacy and security.

Yet, cybersecurity is a pressing issue that cannot be resolved by a single entity. It has become a shared responsibility between multiple players, and the success will include working broadly with the public and private sector.” Microsoft’s focus on cybersecurity spans over four decades, and the company’s commitment in this area is evidenced by a unique posture to better protect and defend customers, including new security features at every level of the technology stack and fostering a vibrant ecosystem of partners to raise the bar across the industry.

The report is available for download here.