Every time we use our phones, tablets, or computers, we leave a “fingerprint” whose information can be manipulated by cybercriminals. We’re all at risk from cyberattacks, just like the rest of the two-thirds of the world’s population that use mobile devices.
Hackers are all around us. Ecuador reported 40 million online attacks following the arrest of WikiLeaks founder Julian Assange in April. In 2018, 500 million Marriott customers had their data stolen through the hotel chain’s platform, including their credit card numbers. JP Morgan Chase, eBay, and Yahoo! are some of the many other companies to have fallen victim to devastating online attacks.
Governments are not exempt. European Union countries, the United States, Israel, Canada, and Japan, among others, have established protocols to combat cybercrime and ensure the continuity of public services. But these need to be updated constantly, as Spain did in April when it passed a new national cybersecurity strategy that modifies the existing one from 2013.
According to an IDB report, four out of five countries in Latin America and the Caribbean (LAC) lack cybersecurity strategies or critical infrastructure protection plans. Cybercrime costs the region about $90 billion a year, the study says. To counter this, countries like Colombia and Argentina have established regulations and public policies on online behavior. Uruguay is the most advanced country in LAC to establish and invest in cybersecurity strategies.
Cybersecurity for the Central American Digital Trade Platform
Given these circumstances, online trade platforms need to take effective measures to protect data and reduce the risk of cybercrime. This is particularly vital for large-scale, complex projects for improving people’s lives, such as the Central American Digital Trade Platform, known in Spanish as the Plataforma Digital del Comercio Centroamericana (PDCC).
The PDCC is financed by the European Union, coordinated by the Inter-American Development Bank (IDB), and implemented by the Secretariat for Central American Economic Integration (SIECA). This multiyear project is running from 2015 to 2020 and seeks to facilitate regional trade, bring business costs down, and help Guatemala, El Salvador, Honduras, Nicaragua, Costa Rica, and Panama become more competitive.
The platform will allow these countries to integrate their data on import, export, and international transit transactions, along with customs, immigration, sanitary controls, and Single Windows for Foreign Trade. In the short term, it must be interoperable with systems such as the Pacific Alliance platform (Chile, Colombia, Mexico, and Peru).
The final goal is to reduce uncertainty around the time, costs, and procedures required for the import, export, or transit of goods in Central America, and to enable users to pinpoint the logistics service providers that are legally authorized to operate in the countries in question and that use the platform.
How to keep safe from cyberattacks
A platform for trade like the PDCC should include information on trade agreements, statistics, regional and national regulations, transport monitoring, and risk management and assessment procedures. It also needs to provide intelligence based on big data analytics to be used in trade policy decision-making.
A key reference is the cybersecurity report published by the IDB and the OAS in 2016, which analyzes each country’s online security standards using the Cybersecurity Capability Maturity Model. This model is built on five factors—politics, culture, education, technology, and legal issues—and 49 indicators.
We believe at the IDB that for a trading platform to be successful, it must be designed considering cybersecurity policies and regulations to minimize the risk of foreign trade data being modified or stolen by hackers.
We recommend best practices like running vulnerability tests on source codes and network architecture, ethical hacking, and penetration testing.
Rapid response protocols for cyberattacks
We also suggest that the financial sustainability plans for these platforms contemplate continuous improvement and maintenance, and include rapid response protocols for cyberattacks, as established in internationally accepted standards and guidelines such as ISO/IEC 27000 and the US National Institute of Standards and Technology Cyber Security Framework.
Cybersecurity is not the only challenge facing the PDCC platform. It must bring together more than 175 technical, legal, technological, and political representatives from the six countries involved and convince the private sector to update its obligations to register users and transport units.
Projects like this are an excellent opportunity for LAC to harness the Fourth Industrial Revolution to further economic growth and regional development. For this to happen, we need a secure, robust online infrastructure.
Protecting our citizens and institutions from cybercrime isn’t just optional—it’s a vital part of our development.