Bevil Wooding, Technology Advisor to the Organisation of Eastern Caribbean States Commission, delivers keynote address at the CEO Roundtable, hosted by the Caribbean Credit Union Managers Association, as part of the 2019 World Credit Union Conference, held in Nassau, The Bahamas. PHOTO: RELATE STUDIOSRead More
When a high-level group of Caribbean Telecommunications Union (CTU) members meet in St Kitts and Nevis from September 22 to 26 September, the challenge of regulating over-the-top (OTT) Internet-based services will no doubt be a main point of focus. In one important forum, a discussion on OTT services will bring ministers from different Caribbean nations up-to-date on the issues surrounding this type of service. The need for stronger, more coordinated regional Internet governance practices was first highlighted in July after mobile phone users in Haiti, Jamaica and Trinidad and Tobago were affected by a move by two major Caribbean mobile providers to block access to OTT telephony services—including several popular Voice over Internet Protocol (VoIP) applications.
The week will also include a two-day workshop on cyber security, which will focus on how Caribbean countries can create Computer Security Incident Response Teams (CSIRT) to respond to the threat of digital breaches. The workshop is being facilitated by the Organisation of American States, with the financial support of the Government of Canada.
Another workshop will target senior public officers with responsibility for national information and communications technology (ICT) policy. Participants will learn how to find and deal with gaps in their policy frameworks or in some cases how to go about developing such policies. The training will be led by two experts from Ernst and Young Caribbean, based in T&T, Dr. Arnold Niranjan and Devindra Ramnarine.
Hosted by the government of St Kitts and Nevis and the CTU, the ICT Week will include the 17th General Conference of Ministers with responsibility for ICT in the CTU Member States. It also includes the 29th meeting of the CTU’s Executive Council, a body made up of permanent secretaries from ministries in the region that deal with technology. The Council has oversight responsibility for the work of the CTU Secretariat.
At this year’s meeting, Bernadette Lewis, Secretary General of the CTU, will present to the meeting her report on the CTU's performance and its progress on ongoing projects. Lewis’ is the tough but necessary task of steering the CTU’s efforts in creating a harmonised approach to Caribbean telecommunications development, a major issue facing the region’s technology and telecommunications sectors. In her presentation, she will update members on how the work of the CTU has advanced since the previous council meeting, held in Suriname on April 8 to 9.
The CTU’s efforts in Caribbean Internet governance have been longstanding. Established in 1989 by Caricom heads of government in Nassau, the CTU in 2005, under Secretary General Lewis, initiated the Caribbean Internet Governance Forum (CIGF), the world’s first regional multi-stakeholder Internet governance forum, established as a result of the World Summit of the Information Society (Geneva 2003 to Tunis 2005). Regional forums of this kind now take place in all other parts of the world.
The ICT Week comes on the heels of a symbolic return to Bahamas, where delegates participated in the 10th CIGF from August 6 to 8.
How the Caribbean is dealing with the mounting problem of cybercrime
Cyber crime has cast an unwelcome shadow over a region long thought to be a sunny paradise. Islands of the Caribbean Sea, renowned for secluded bays and sandy beaches, are harbouring a new breed of digital pirates. The trend is a disturbing one, and it is time for regional leaders to be more open and honest about its scale and severity.
Breach in The Bahamas In early March, the Caribbean Association of Banks (CAB) issued a security alert following a security breach which put thousands of MasterCard and Visa cardholders across the Caribbean at risk. The CAB statement came on the heels of a major incident in which all Bahamian banks had their card data compromised, according to the Freeport News (March 9).
“It is unknown whether Bahamian consumers lost significant funds during this time,” the Freeport News report said.
“Sensitive information for clients across the region could have spilled into the hands of criminals,” it added.
The CAB statement said, “Out of an abundance of caution, your bank or credit union may be contacting you to have your card replaced. Please note that these measures are precautionary, because at this point, no fraud has been attributed to this case.”
Interestingly, the card recall came shortly after a data tape was stolen from an office of the Bank of the Bahamas in Barbados, as reported in the Nassau Guardian (February 26).
The Business of Secrets Bevil Wooding, an Internet strategist at U.S.-based Packet Clearing House, described CAB's quick acknowledgement of the security breach as “commendable”.
“Very little is reported about the level or impact of cyber crime in the region. However, this is one instance where silence is not golden, at least not for the good guys. The lack of transparency can create a false sense of security amongst businesses as well as consumers. It can also have the unintended consequence of emboldening criminals," Wooding said.
"The threat is real, and burying one’s head in the sand won’t make it go away. Regional businesses and leaders need to be more forthcoming about the scope and seriousness of the threats being encountered. This is an important step toward defining a credible response.”
This lack of transparency in the Caribbean contrasts with the prevailing culture in other parts of the world. In fact, some of the most prominent hackings of the year have been promptly and comprehensively acknowledged by the victims themselves. On February 15, Facebook Security posted a statement acknowledging that their "systems had been targeted in a sophisticated attack". Days later, Twitter disclosed that it had been breached February 1 and that hackers might have accessed some information on about 250,000 users, was hit in the same campaign that attacked Apple. On February 22, the general manager of Trustworthy Computing Security at software giant Microsoft confirmed that the company had experienced a security intrusion similar to breaches that occured at Facebook and Apple days before. And most recently, cloud storage provider Evernote was hacked and subsequently required all of its users to change their Evernote account passwords.
(For more, see Is 2013 the Year of the Hacker? , a round-up of high-profile cybersecurity breaches in the first two months of 2013.)
Strengthening Caribbean Cybersecurity Wooding, who heads the Caribbean Network Operators Group (CaribNOG), a volunteer group of computer professionals, said people mistakenly believe that emerging markets like the Caribbean, with relatively small economies, are less likely to be a target of attacks. In reality, it is quite the opposite. Regions like the Caribbean, precisely because of their underdeveloped legal frameworks and limited capacity to detect or investigate, are now very attractive locations for hackers and cybercriminals to focus their activities, he said.
(For more, see Cybercrime on the Rise?, a round-up of Caribbean cybercrime stories from 2012 to 2013, curated by regional technology writer Michele Marius of ict-pulse.com)
Speaking at a special CaribNOG forum for computer security specialists last November, Gregory Richardson, Network Security Lead at US-based computer security firm 1337 Networks, Inc., painted a chilling picture of the state of computer security in the Caribbean.
According to Richardson, organisations in the region and around the world are storing an increasing amount of sensitive information on computer networks. “There is a dangerous flip side to this explosion in electronic data. As computer networks connect to the Internet they are susceptible to attack and unauthorised access by modern day digital pirates of the Caribbean--computer hackers.”
Wooding said Caribbean territories need to put in place legislative frameworks to address issues of prosecution, penalisation or restitution following cyber attacks.
“It’s not a crime if you’ve broken no laws. So laws need to be urgently updated to deal with new computer-based threats. And even where statutes are in place, security forces have to be appropriately equipped to deal with the growing complexity of Internet risks that pay no heed to national borders.”
He added, “In light of the global nature of cyber crime, Caribbean governments need to take urgent action to develop a coherent regional cyber security framework. And that work has already begun. Groups like the OAS (Organisation of American States) and the CTU (Caribbean Telecommunications Union) are collaborating with national law enforcement agencies and stakeholders to ensure that citizens, critical infrastructure and national interests are effectively protected.”
Given the scope and seriousness of the issue, a more transparent approach by our region's corporate and political leaders would also be a welcome development. And if the upward trend in global cybercrime continues unabated, they will likely have no shortage of opportunity to quickly adapt.