Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity


Published on

Brief impressions of the current state of Cyber Security development efforts in the Caribbean with focus on Trinidad and Tobago, as gleaned from the recently held (26th -28th May 2014) Caribbean Stakeholders Meeting (ICT) and knowledge of the landscape in Trinidad & Tobago.

Published in: Technology
  • Be the first to comment

Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity

  1. 1. Impressions from Caribbean ICT Stakeholders Meeting 26th- 28th May 2014 Focus on Cyber Crime/Cyber Security issues discussed Shiva Bissessar, BSc (Hons), MBA, MSc Managing & Technical Director Pinaka Technology Solutions @BeasCycle
  2. 2. • 17 years ICT experience, 5 of which in Senior Professional roles delivering major Telecommunications and Information Security projects. • 2008: Founding member of Information Security focused Organizational Unit. Established digital forensics lab, had oversight of vulnerability analysis and penetration testing, assisted policy development process. • M.Sc. Information Security comes from University College London • Information Security Advisory & ICT Programme Management In Brief
  3. 3. Varying Levels of Caribbean Readiness • International bodies incl. OAS, ITU, Commonwealth Cybercrime Initiative (CCI), are ready and willing to assist, however there seems to be a lack of corresponding urgency or inability to receive such assistance, on behalf of Caribbean governments. Lack of cyber security champions on board! • There is an undertow of dissatisfaction with the model law documents produced from EGRIP and HIPCAR exercises. This is not only at the technical level! • Dominica novel approach to seek guidance from CCI in executing a Cyber-security Needs Assessment Workshop and ensure legislative efforts and Cybercrime Strategy is in accordance with Budapest Convention on Cybercrime.
  4. 4. Protection vs. Legislation • Roberto Arbelaez, Chief Security Advisor for the Americas, Microsoft, noted that legislative efforts to protect against Cyber-crime, promote Cyber-security and provide threat of prosecution may not be an effective deterrent to curb attacks. • He further noted that the lack of technical controls and protection of assets makes the Caribbean region an attractive destination of choice for attackers. • Anthony Teelucksingh, Senior Counsel at U.S. Department of Justice, countered that both technical controls and legislation are equally important tools in the arsenal against Cyber-crime.
  5. 5. Public Sector Cloud Push • Microsoft, Columbus/FLOW and Digicel are all making a push to increase uptake of Cloud services in Public Sector in context of absence of regional or local data protection and privacy laws policies, standards. • EU data protection regulator says Microsoft enterprise cloud contracts are in line with EU privacy requirements. (Apr 14th 2014) in-line-with-eu-privacy-requirements/ • US court forces Microsoft to hand over personal data from Irish server. Emails and private information from customers of US companies must be handed over – even if data is stored outside US. (Apr 29th 2014)
  6. 6. How Prepared is Trinidad & Tobago?
  7. 7. Status • Heavy focus on HIPCAR based legislative effort while technical controls are limited or non existent. • Many projects underway which have Information Security / Cyber- security dimensions which is being disregarded. • Dearth of in-house expertise leads to high vendor dependency or international expert driven projects. Insufficient local representation! • Inadequate revision to policy/regulation/legislative efforts to keep abreast of technical advancements and news disclosures (e.g NSA) • ITU-IMPACT group agreement signed and necessary payments made for establishment of CSIRT. Is there adequate local technical expertise on this initiative? • Cybercrime Bill read into Parliament and soon to be debated. Is GoRTT ready for “due diligence” requirements within the Cryber-crime Bill? Are GoRTT agencies equipped to protect “critical infrastructure”?