Small Islands, Big Problems: Cybersecurity in the Caribbean Realm
José de Arimatéia da Cruz and Taylor Alvarez
Introduction
According to the Organization of American States (OAS) in its latest report on “Latin American + Caribbean Cyber Security Trends” released in June 2014, Latin America and the Caribbean have the fastest growing Internet population in the world with 147 million users in 2013 and growing each year.[1] While having more users and more network connections is a great advancement for the small islands of the Caribbean, it also represents a potential threat. As Audrey Kurth Cronin points out, “insurgents and terrorist groups have effectively used the Internet to support their operations for at least a decade. The tools of the global information age have helped them with administrative tasks, coordination of operations, recruitment of potential members, and communications among adherents.”[2]
We argue in this paper that cyber-crime is a criminal activity that is informational, global, and networked. It is the product of networked technologies that have transformed the division of criminal labor to provide entirely new opportunities for, and indeed, new forms of crime which typically involve the acquisition or manipulation of information and its value across global networks[3]. We are particularly concerned in this paper with the Caribbean realm which possesses the “fastest growing Internet population in the world, expanding 12 percent over the past year.”[4] The Department of Defense Cyber Strategy (2015) recognizes the nefarious effects cyber criminals pose to the welfare of nation-states. According to the DOD’s Cyber Strategy (2015), “criminal actors pose a considerable threat in cyberspace, particularly to financial institutions, and ideological groups often use hackers to further their political objectives. State and non-state threats often also bend together, patriotic entities often act as cyber surrogates for states, and non-state entities can provide cover for state-based operators.”[5] As the Caribbean nations join the globalized and interconnected world of the twenty-first century, they must do everything within their power to ensure that their sovereign territory does not become a safe haven for cyber criminals. As Nathaniel Bowler, a reporter with the Global News Matters Caribbean Research, has pointed out, “failure to respond [to cyber-crime], not just at a local but a regional level, is precisely what is turning the Caribbean/Latin American region into a hive for cyber criminality.”[6]
Throughout this paper, the terms cybersecurity and cybercrime will be used; therefore, before we proceed, an operational definition is in order. Dan Chenok, an executive director of IBM’s Center for the Business of Government, argues that, the “cyberthreat is growing in Latin America and throughout the world.”[7] Cybercrime, due to the lack of a reliable cybersecurity infrastructure, costs companies and individuals millions of dollar annually. According to the Ponemon Institute’s “2015 Cost of Cyber Crime Study: Global” report published in October 2015, the U.S. alone reports a total loss of $15 million dollars for FY 2015.[8] For the purpose of this paper, we define cybercrime as the commission of an illegal activity in which a computer facilitates the crime. Cybercriminals generally fall into three categories, according to Neal Pollard, chief of forensics technology solutions at PricewaterhouseCoopers. Primarily, cybercriminals can either be funded by a nation-state, operate on behalf of an organized crime group, or belong to a hacktivist group which is motivated by political beliefs.[9]
Cybersecurity, according to Trey Herr and Allan Friedman, both at the American Foreign Policy Council, encompass “a complicated set of policy issues, most of which are motivated not by fantastic technology challenges but by the uncertain integration of Internet-enabled activities and actors into existing laws and policies.”[10] As more countries join the information cyber highway, experts are concerned that “non-state actors and terrorist organizations will acquire the resources to engage in cyber-attacks of various kinds.”[11] Two other cybersecurity experts, David C. Gompert and Martin Libicki, have argued that “swelling ranks of increasingly sophisticated non-state actors are engaged in cyber attacks. The purpose of most of them is theft or the promotion of a political cause.”[12] The political scientist Joseph S. Nye, Jr. in his book The Future of Power, argued that “there are four major cyberthreats to national security, each with a different time horizon and with different (in principle) solutions: economic espionage, crime, cyberwar, and cyberterrorism.”[13] In the case studies under review here, all the countries examined have suffered some form of the cyberthreats mentioned by Ney.
This paper is divided into five parts. The first part provides an introduction to the issue of cybersecurity in the Caribbean and why it is a concern. The second part analyses case studies. Therein, we examine several Caribbean nations to assess their cyber security capabilities as well as their cyber readiness. Our overall assessment of the state of cybersecurity in the Caribbean is bleak—to the point of dangerous. A contributing factor for this dangerous stance is the absence in many of the Caribbean nations of a National Computer Security Incident Response Team (CSIRT). The third part of the essay is an assessment of the implications for the Caribbean realm as launching pad for cyber-criminal organizations with direct ties to transnational organized crime. Fourth, we provide recommendations to governments in the Caribbean regarding how to strengthen their cyber networks in order to prevent the Caribbean from becoming a hive for cyber criminality. The fifth part provides some concluding remarks.
The Caribbean Realm Fights Cyber Crime
Below, we discuss the following countries: Dominican Republic, Jamaica, Barbados, Trinidad & Tobago, St. Vincent & Grenadines, St. Kittes and Nives, and Grenada. First, it is important to discuss key Caribbean nations and their strategies to combat cyber-crime in the region. Although several Caribbean nations have started to implement the cybersecurity policy, few could be said to be ready to deal with the nuances of cybercrime in a globalized interconnected society of the twenty-first century. Therefore, the case studies were not randomly selected. The choice of what countries to study were based on either that they had an established cybercrime policy or were in the process of implementing one, despite its shortcomings. As the Organization of American States (OAS) points it out in their report on “Latin American + Caribbean Cyber Security Trends,” in 2013, “many countries made important strides forward in developing their policy and legal frameworks and building their technical capacities.”[14]
Caribbean Internet Statistics Overview
Source: http://www.internetworldstats.com/stats.htm. Accessed November 30, 2015.
The Dominican Republic’s estimated population rests around 10.35 million and more than half—at around 58.5% or 6 million people—are Internet users.[15] This statistic is up from a 38.7% Internet penetration rate from just 2011 when the country’s population was steadily approaching 10 million.[16] With such a large number of Internet users, many of whom are new to the cyber realm, it is pertinent to educate the public on the topic and for response measures to be adopted. Though part of the second largest land mass island within the Caribbean[17]—in conjunction with Haiti and after Cuba—the Dominican Republic does not hold the capacity for such cybersecurity feats without outside support. The country lacks an officially recognized CSIRT or national response strategy. The Dominican Republic also suffers from state agencies and a public sector that fail to coordinate their cybersecurity efforts.
The Dominican Republic is currently still the only Caribbean state that signed the Budapest Convention on Cybercrime[18] in 2013.[19] The Dominican Republic has established the Interagency Commission against Crimes and High Tech Crime and a High Technology Investigation Department to better investigate cyber incidents within the state. Additionally, the Dominican Republic has successfully passed the High Technology Crimes Law No. 53/07 and Law against High Technology Crimes and Offences in 2007, as well as the Electronic Commerce, Documents and Digital Signatures Law in 2002; the legislation allows more relevant and effective persecution of cybercriminals.[20] The Dominican Republic also cooperates with the Cybercrime Convention Committee (T-CY) of the Council of Europe and has organized a national awareness campaign program through the National Commission for Information Security and Knowledge (CNSIC).[21] With guidance from the Inter-American Committee against Terrorism (CICTE) of the OAS as well as INTERPOL,[22] the Dominican Republic has managed to increase funding for cybersecurity efforts and capacity-building. Though there is obvious room for improvement, the Dominican Republic appears to have recognized the importance of this growing cyber concern and has been gradually making the preparations for combatting it.
Jamaica saw a 14% increase in the country’s number of cybercrime incidents in 2012 targeting not only public institutions but also financial institutions and critical infrastructure service provider.[23] Out of about 2.93 million members of its population, around 1.58 million Jamaicans—roughly 54%—are connected to the Internet.[24] With such a high percentage of digitally connected citizens, Jamaica’s lack of incident response measures, qualified personnel, intra-state and international cooperative efforts, and public and private sector awareness[25] was formerly cited as only furthering the cyber concerns within the state. There are increasing concerns in light of Jamaica’s growing implementation of e-governance, the newly popular use of mobile money—with “mobile phone penetration…over 100 per cent”—and digital device theft, as well as the likely transition to more sophisticated cybercrime techniques.[26]Jamaica continues to rank high for traditional crime, such as violent and organized crimes, and environmental concern rates[27] compared to among other countries in the world. In light of these red flags, Luis G. Moreno, the U.S. ambassador to Jamaica, asserted that cybercrime, in addition to other concerns faced by the nation, “is an enormous toll on global resources, and Jamaica is not spared from that risk.”[28]
In recognition of the risk involved with a weak cyber response capability, Jamaica has since reached out for technical support and guidance from organizations such as the Commonwealth and Cybercrime Initiative, the Commonwealth Telecommunication Organization and OAS, as well as financial aid from the governments of Canada, the United Kingdom, and the United States to strengthen its attempts to improve its cybersecurity efforts. [29] The nation’s Cybercrimes Act of 2010 has been revised to increase penalties for cybercriminals and was expanded to include various cyber-related fraud, forgery and malicious communication crimes.[30] A National Cyber Security Task Force has been implemented, a national Cyber Security Incident Response Team (CSIRT) is in the process of being established, and capacity building for officers and prosecutors has been encouraged by the Cyber Security Program of the OAS.[31] The Minister of Science, Technology, Energy and Mining’s (MSTEM), Julian Robinson, acknowledges the success of developing a Jamaican national response system as a result of external support by stating that there is “a direct link with the availability of human and financial resources. Jamaica would not have been able to get this far in the process without assistance of our partners.”[32]
Barbados is a small island nation which is part of the Lesser Antilles. With a population of approximately 290,000 people, Barbados has an Internet coverage rate of 77.5% which represents about 1.3% of the Internet users in the Caribbean region. According to statistics available at the InternetWorldStats.com, Barbados has about 224,588 Internet users as of June 30, 2014. About 122,220 are Facebook subscribers and about 23.09% of the population are subscribers to fixed broadband.[33] The fact that Barbados is a small island state does not preclude it from being a target of cyber-attacks and a “hive” for cyber-crime. According to the Barbados based Caribbean Cyber Security Center (CCSC), cyber-crime has already surpassed the international drug trade in terms of illicit revenues.[34] Barbados Acting Assistant Commissioner of Police, Erwin Boyce, stated that Barbados “is currently working with an international agency to establish a cyber lab and training center where we train and perhaps expand our current crime unit.”[35] In addition to fighting cyber-crime, which is a growing problem within the Caribbean realm, Barbados’ cyber laboratory will also “protect government computer structures and will provide better tools to the police to fight transnational criminal organizations which use technology to support a variety of illegal enterprises, such as money laundering.”[36]
The government of Barbados has taken an aggressive approach to respond to cyber-crime. In addition to the creation of a cyber laboratory, the government of Barbados in collaboration with other Caribbean governments as well as the Caribbean Telecommunications Union (CTU) and the Commonwealth Telecommunications Organization (CTO) has established a series of consultative meetings regarding the creation of a Commonwealth “cyber governance model,” which would be adopted and implemented by the Commonwealth countries to create a shared standard.[37] The government of Barbados has also signed along with 14 other Caribbean Community and Common Market (CARICOM) countries the Enhancing Competitiveness in the Caribbean through the Harmonization of ICT Policies, Legislation, and Regulatory Procedures (HIPCAR).[38] HIPCAR’s purpose is to provide guidelines for harmonized policies, legislation, technical matters, and regulatory procedures and processes in matters related to cybercrime across the Caribbean with the assistance of the International Telecommunications Union (ITU), the Caribbean Community (CARICOM) Secretariat and the Commonwealth Telecommunications Union (CTU).[39]
Trinidad & Tobago has a population of 1,344,000 million people with an Internet penetration of 63.8%, which represents roughly 4.5% for the Caribbean region. As of June 30, 2014, according to the Internet World Stats website, there are 780,858 Internet users in Trinidad & Tobago. There are roughly 485,000 Facebook users in Trinidad & Tobago. When it comes to the Caribbean region, Trinidad & Tobago has been at the forefront in the fight against cyber-crime in the region. Through the Inter-Ministerial Committee (IMC) for Cyber Security, Trinidad & Tobago is the first Caribbean nation to have published a national cyber security strategy in 2012.[40] Besides establishing the first national cyber security strategy in the Caribbean region, Trinidad & Tobago, through its IMC, has established a two year mandate tasked with the following cyber security objectives: updating the country’s legislative cyber security framework and creating a national computer security incident response teams (CIRT), developing an implementation and regulatory regime, and creating a framework and mechanism for assessing cyber risk to the nation’s critical infrastructure.[41] A primary national critical infrastructure for Trinidad & Tobago is its energy sector. According to Trinidad & Tobago Defense Force Major Fareed Ian Mohammad, protection of the nation’s energy sector is of extreme urgency and importance given that the energy sector is the country’s primary income accounting for 40 percent of the country’s gross domestic product.[42]
Throughout this paper, we argue that being small does not preclude a nation-state from being a target of cybercrime or cyberattacks and their nefarious consequences. A good example of a small island with big problems is the nation-island of St. Vincent & Grenadines. St. Vincent & Grenadines has a population of just over 100,000 people, an Internet penetration of 47.5%, and fixed broadband subscribers of 12.5%.[43] In May 2015, news stories appeared in the St. Lucia News Online that the St. Vincent and Grenadines’ government website had been hacked by members of the notorious terrorist organization Islamic State Iraq & Syria (ISIS). When visitors logged on to the Saint Vincent & Grenadines’ government website, they were greeted with the following message and picture to the site: “Hacked by Morroccawolf- Islamic State” and accompanied by the picture below showing a supposed member of ISIS in the back of a pick-up truck firing a machine gun.[44]
Source: http://www.stlucianewsonline.com/govt-to-strengthen-cyber-security-in-light-of-recent-svg-website-hacking/. Accessed on October 12, 2015
Despite the attacks to the Saint Vincent & Grenadines’ government website, little has been done by the government to establish any sort of mechanism to combat cyberattacks or cybercrime on the island, making it vulnerable for future attacks and an “island hopping strategy” moving illicit products through the region.[45] For example, according to the Latin American + Caribbean Cyber Security Trends report, “there is not an established national security strategy or plan, nor has Saint Vincent and the Grenadines established a designated national CSIRT…[T]here is [no] national cybersecurity awareness campaign, and authorities reported that there is presently no effort underway to develop such an initiative.”[46]
St. Kitts and Nevis is another island in the Caribbean that could eventually face some serious problems if it does not attempt to establish an officially approved national cybersecurity framework. While the government has not officially established a national cybersecurity policy or strategy and there is no national CSIRT in place in St. Kitts and Nevis, some specific legislation has been enacted through the Electronic Crime Act (2009). This Act officially prohibits the “unauthorised access to and abuse of computers, computer systems as well as the information contained on those systems and for related matters.”[47] While the St. Kitts and Nevis government has been slow to implement an officially recognized program for national cybersecurity, it does recognize that several challenges must be addressed in order to enhance its national cybersecurity posture. According to the government, the most pressing issue to be addressed is the need “to develop a national CIRT as well as the requisite legislative framework to investigate and prosecute cybercrimes.”[48]
Grenada is a small island part of the Lesser Antilles in the Caribbean; with a population of roughly 103,000 people and approximately 35% of the population are Internet users.[49] Like other small island-nations in the Caribbean realm, Grenada is also behind in its implementation of cybersecurity national critical infrastructure and capabilities. The government does not have a national cybersecurity strategy and has not created a national CIRT or other framework for managing cyber incidents.[50] Despite the fact that Grenada has enacted the Electronic Crimes Act #23 which, according to its preamble, has as its main objective to “provide for the prevention and punishment of electronic crimes,”[51] Grenadian authorities are worried that the lack of national CIRT is a major hindrance to the advancement of cybersecurity in Grenada. Notwithstanding its shortcomings in terms of a cybersecurity framework, Grenada has adopted several laws regarding the protection of minors online, both at the national and international levels. At the national level, Grenada has specific legislation on child online protection enacted through the Criminal Code (Section 133(e) and 203A). At the international level, Grenada has acceded, with no declarations or reservations, to Articles 16, 17(e) and 34(c) to the Convention on the Rights of the Child as well as to Articles 2 and 3 of the Optional Protocol to The Convention on the Rights of the Child on the Sale of Children, Child Prostitution and Child Pornography.[52]
Implications
Though a few non-governmental organizations, such as the Caribbean Cyber Security Center[53], are seeking to better cyber conditions of Caribbean nations, there is a need to better involve nations in the fight against growing cyber threats. The sophistication of cyber criminality has been increasing at staggering rates and the lack of awareness by nations in recognizing the growing threat is a main obstacle that needs to be overcome.[54] As Nathaniel Bowler points out, a lack of awareness of cybercrime makes combatting it more difficult as it is more challenging to:
…galvanize an effort against crimes that go undetected and criminals whose livelihood largely depend on avoiding detection… A lack of awareness would be far less dangerous if cybercrime were strictly a national problem, however, like money laundering and international terrorism, cybercrime is a threat that does not respect international borders or the sovereignty of nations.[55]
Separately, traditional and cybercriminal elements have proved extremely harmful to states and individual citizens. The Federal Bureau of Investigation (FBI) announced that the international drug trade is the most lucrative criminal enterprise, “reaping more than $1 trillion annually in illicit profits.”[56] INTERPOL[57] reports that most Internet scams are carried out by international organized gangs and many of these groups target the Caribbean as a result of the “cultural and political norms in being ‘slow’” to respond.[58]
Though cybercrime such as Internet fraud and hacktivism is currently of utmost concern, there should also be growing concern for armed insurgent groups utilizing technology. A lack of widespread urgency—due to lack of awareness—for countries in countering rising cybercrime has contributed to asymmetry between state and non-state cyber capabilities as criminal elements realize the power of technology in furthering their causes or illicit activities. Asymmetric warfare is unconventional armed conflict in that it is carried out between at least two forces of unequal capabilities and resources such as states and non-state actors.[59] In the modern age, Bard O’Neill mentions that asymmetric warfare is increasingly seen in the form of insurgencies as they are “hardly a new phenomenon. Indeed, insurgency has probably been the most prevalent type of armed conflict since the creation of organized political communities.”[60]
To counter the overwhelming military, financial, political and social resources that states have over insurgent groups or other criminal networks, these non-state groups are increasingly resorting to techniques that fall under the scope of 4th Generation Warfare (4GW). This type of conflict is “an evolved form of insurgency” that “uses all available networks…to convince the enemy’s political decision makers that their strategic goals are either unthinkable or too costly for the perceived benefit.”[61] Through technology, criminal groups and insurgents can more easily recruit individuals to join the movement or group through social networking or other informational sites. A larger number of supporters or sympathetic individuals brings in necessary funding to continue with the criminal activity as well as the possibility of a more widespread effect on the groups’ efforts.[62] Today, technology is increasingly paramount in the success of criminal elements whether the goal is to accrue as much support as possible for the continuance of the enterprise or for an insurgent group to uproot an existing authority.[63]
Although the Caribbean nations have been notably slow to take notice of and prepare to combat rising levels of cybercrime and technology exploitation for unconventional warfare, there has been an effort by the Dominican Republic to utilize technology to its advantage. The Dominican Republic’s Ballistic and Biometric Laboratory (LABBS) was launched in 2013 as a part of the National Weapons System (SISNA) to help combat lethal legal firearm use within the Dominican Republic. According to Ximena Moretti, an estimated “80 percent of the homicides in the country are committed with legal firearms” and this new system—cited as being the “most advanced in the world”—will increase investigative efficiency.[64] This is achieved through the Automated Fingerprint Identification System (AFIS), Advanced Ballistics Analysis System (ALIAS), Firearms Management System, and integrative computer system.[65] This national system demonstrates the Dominican Republic’s investment in equipping itself—with advanced technology—to meet criminal demands within the state. Turning to digital means of combatting crime shows commitment to adapt to modern circumstances and the potential to reclaim the upper hand in asymmetric conflict by equalizing or exceeding cyber capability gained by criminals and armed groups over the years.
Recommendations
The Caribbean Council[66] notes the growing concern about a lack of awareness of cybercrime issues, especially as the Caribbean tourism market becomes increasingly reliant on technology for communication and daily operations. In a region where the economies of many, if not most, nations rely heavily on tourism, the trend of quiet reimbursement of those who become victims of Internet vacation fraud is damaging.[67] Caribbean nations cannot avoid considering financial and logistical vulnerability as many businesses have done so in light of the two “fastest growing form[s] of criminality”[68]: borderless Internet fraud and cybercrime. There is no possibility of combatting cybercrime efficiently as nations will not allocate the necessary resources to do so if they are not aware of the severity of the issue. A comprehensive approach to education of states about all possible impacts of cybercrime is necessary to most effectively combat the issue. Cybercrime impacts the “national security and defense,… [and] economic development or international competitiveness” of a state despite technology acting “as an enabler of education, social interaction, and citizen-centric governance.”[69]
James Bynoe argues that Caribbean nations fail to construct legal frameworks regarding cybercrime and cyber security as a result of not having public employees that are technically capable to draft cyber legislation.[70] Comprehensive cybercrime frameworks will allow precise responses to cyber incidents as “both substantive and procedural laws” allow enforcement, investigative and prosecutorial personnel to combat cybercriminals.[71] A Computer Security Incident Response Team (CSIRT) is needed to coordinate efforts throughout each state, as well as the technical expertise to carry out those efforts. A CSIRT is a national authority that encourages and coordinates the sharing of incident-related information and cooperation in real-time by:
Bringing officials together to build capacity, strengthen relationships, and share knowledge and experiences, as well as…providing tailored assistance to individual governments. And while initiatives to develop official regional standards have not borne fruit…many countries have made important strides forward in developing their policy and legal frameworks and building their technical capacities.[72]
To add to the effectiveness of legal frameworks and national CSIRTs in each state, there needs to be a greater emphasis on formal education of current and future cyber professionals. Substantial investment of resources into cyber-related degrees at universities or capacity-building training for government and private sector personnel has been included in many cyber incident response frameworks such as that by the FBI.[73] This is due to the enhanced ability to aid in incident response and investigation by decreasing response time as a more informed group of individuals allow a more precise reaction.[74]
The cyber realm does not solely target state institutions. In fact, a majority of cybercrime victims are everyday citizens. Latin America and Caribbean nations occupy “five of the top ten spots for the most time spent on social networks.”[75] This speaks to the overall reach of the Internet in the Caribbean and, as a result, the vulnerability of the citizens in the region. Increasingly, citizens within Latin America and the Caribbean are experiencing concerning rises in data breaches, identity theft, phishing attacks,[76] social media scams and malware targeting banks, shopping destinations and major regional or international events.[77] Therefore, the public and private domains must be targeted by and receptive to cyber awareness campaigns, be it through nationally organized efforts or private corporations. A few nongovernmental organizations in the region are highly active in this effort and have extended public awareness opportunities such as USUARIA[78] and STOP.THINK.CONNECT.[79] These two transnational campaigns have partnered with the OAS and member states to better inform all of the region’s “cybercitizens.”[80]
Conclusion
The Caribbean is considered “the U.S.’s southern flank or third border” and the two regions are undeniably linked in light of security challenges such as transnational organized crime, terrorism, and cybercrime.[81] The end of the Cold War and the terrorist attacks of September 11th has given rise to a new paradigm in international conflict that Moisés Naím refers to as the “booming illegal trade in drugs, arms, intellectual property, people and money as the “five wars of globalization.”[82] Globalization is defined as the growing trend of interaction and interdependence among actors of different countries; this process is aided by international trade and investment, and information technology.[83] Technology has fostered communication between the governments and citizens of various nations which has led to the current norm of economic and security cooperative efforts, as well as extended the reach of criminal groups seeking to maximize the results of their crimes.[84]
Due to the very nature of transnational organized and cybercrime having no bounds and an ever-extending reach, responses cannot be limited to single nations or actors. Cyber incident response must be a result of multinational efforts, especially in the Caribbean region which is comprised of small island nations with limited resources.[85] International collaboration should lead to the development of a robust legal framework to better define cybercrime and outline the acceptable repercussions for the illegal acts.[86] The effective coordination and direction of a state’s resources once cybercrime has been better determined must be facilitated by a national CSIRT and its technical assistance through information sharing and capacity building.[87] Cyber fusion centers[88] can only further allow more effective and efficient information sharing by compiling and analyzing all pertinent data regarding an ongoing incident to better combat the issue in real-time.[89]
While states are working within their own boundaries to better their own efforts in responding to cyber incidents, there must be an overarching attempt to bridge understanding of the fight against cybercrime. A cyber “Treaty of Westphalia” is an invaluable step toward creating sense of the vast cyberspace as nations once did in light of devastating conflict before the sovereign state system came into existence.[90] As Demchak and Dombrowski argue, a “cybered national border is technologically possible, psychologically comfortable, and systematically and politically manageable.”[91] This more psychologically-based initiative will give states the mindset to orient their actions as it gives the incredibly vague and interconnected cyber realm more structure within which to act.[92]
The necessary strides will fail to be made if there is a not a substantial belief by the governments of every nation or their citizens that cyber security is a necessary concern. Nathanial Bowler asserts that the “weakest link in cyber security remains the individual” and that the greatest means to countering this weakness would be through awareness building and education.[93] The OAS and Inter-American Committee against Terrorism (CICTE) cite the continuing “struggle with awareness of cyber issues” since “cyberspace is an intangible force [that] makes it easy to downplay the [important role] networks play in a highly connected world.”[94] Public awareness campaigns such as those by STOP.THINK.CONNECT. and education in the information technology field are imperative. Each of these recommendations is necessary but not sufficient on its own. As a result, all will need to be pursued in order to most effectively combat cyber incidents.
The Caribbean realm should take high priority in American security policy as it continues to struggle with cybercrime due to the two nations’ notably “entangled international and domestic issues.” [95] Close proximity and multinational activities between U.S. and Caribbean businesses and governments are used to better the conditions of each state; however, these relations and distance have been exploited by groups with malicious intent. Tourism between the two regions is exploited digitally to compile identification information of citizens, trade routes to smuggle persons and illicit goods, and much more.[96] Nations around the world must band together in order to protect themselves from quickly growing cyber threats. However, the situation in the Caribbean has given rise to a need for “a multi-dimensional approach to enhancing mutual security in the Caribbean. The basin should be treated as a geo-strategic whole rather than a series of bilateral relationships.”[97] As Bowler mentions[98], there has yet to be an event of immense damage directly resulting from an act of cybercrime, but aggressive measures must be taken to ensure that none ever do. Especially in a region of small, vulnerable nations so close in region and partnership to the United States.
All views are those of the authors and do not necessarily reflect the official policy or position of the Department of the Army, the Department of Defense, or the U.S. Government.
End Notes
[1] Latin American + Caribbean Cyber Security Trends, Published June 2014. Available at http://www.symantec.com/content/en/us/enterprise/other_resources/b-cyber-security-trends-report-lamc.pdf. Accessed October 1, 2015.
[2] Cronin, A.K. (2013). How Global Communications Are Changing the Character of War. TheWhitehead Journal of Diplomacy and International Relations, Winter/Spring 2013: 25-39
[3] Wall, D.S. (2008). Cybercrime. Malden, MA: Polity Press.
[4] Ibid., pg. 27
[5] The Department of Defense Cyber Strategy, April 2015. Available at http://www.defense.gov/Portals/1/features/2015/0415_cyber-strategy/Final_2015_DoD_CYBER_STRATEGY_for_web.pdf. Accessed October 1, 2015.
[6] Nathaniel Bowler, “Cyber Crime and Critical Infrastructure in the Americas: Only as Strong as the Weakest Link,” available at https://globalnewsmatters.com/caribbean-news/cyber-crime-critical-infrastructure-americas-strong-weakest-link/. Accessed October 1, 2015.
[7] “Latin American security officials must remain on alert for cyber-attacks, analyst says,” available at http://dialogo-americas.com/en_GB/articles/rmisa/features/regional_news/2014/03/25/ciberseguridad. Accessed on October 13, 2015.
[8] “2015 Cost of Cyber Crime Study: Global,” available at http://www.ponemon.org/library/2015-cost-of-cyber-crime-united-states. Accessed October 13, 2015.
[9] “Latin American security officials must remain on alert for cyber-attacks, analyst says,” available at http://dialogo-americas.com/en_GB/articles/rmisa/features/regional_news/2014/03/25/ciberseguridad. Accessed on October 13, 2015.
[10] Trey Herr and Allan Friedman, “Redefining Cybersecurity,’ available at http://www.afpc.org/publication_listings/viewPolicyPaper/2664. Accessed October 13, 2015.
[11] Abraham R. Wagner, “Cybersecurity: New Threats and Challenges,” available at http://afpc.org/publication_listings/viewPolicyPaper/2066. Accessed October 13, 2015.
[12] David C. Gompert and Martin Libicki, “Waging Cyber War the American Way,” Survival Vo. 57, No. 4 (August-September 2015): 7-28, pg. 25.
[13] Joseph S. Nye, Jr. The Future of Power. New York: Public Affairs, 2011:144.
[14] Latin American + Caribbean Cyber Security Trends, Published June 2014. Available at http://www.symantec.com/content/en/us/enterprise/other_resources/b-cyber-security-trends-report-lamc.pdf. Accessed October 1, 2015.
[15] Internet World Stats, “Internet Usage, Facebook Subscribers and Population Statistics for all the Americas World Region Countries: June 30, 2014,” Miniwatts Marketing Group, updated 24 July 2014, retrieved from http://www.internetworldstats.com/stats2.htm.
[16] Internet World Stats, “Dominican Republic: Internet usage, travel stats and telecommunications reports,” Miniwatts Marketing Group, updated 20 January 2012, retrieved from http://www.internetworldstats.com/car/do.htm
[17] CIA World Factbook, “Country Comparison: Area,” CIA.gov, n.d., retrieved from https://www.cia.gov/library/publications/the-world-factbook/rankorder/2147rank.html#dr
[18] The Budapest Convention on Cybercrime is the first international treaty that seeks to pursue a common policy and legal structure to respond to growing cyber concerns such as infringement rights and computer fraud. See: http://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/185.
[19] Council of Europe, “Convention on Cybercrime: CETS No. 185,” Council of Europe Treaty Office, updated 13 November 2013, retrieved from http://conventions.coe.int/Treaty/Commun/ChercheSig.asp?NT=185&CL=ENG.
[20] International Telecommunication Union (ITU), “Cyberwellness Profile: Dominican Republic,” ITU, 12 August 2014, retrieved from http://www.itu.int/en/ITU-D/Cybersecurity/Documents/Country_Profiles/Dominican_Republic.pdf.
[21] Ibid.
[22] Ibid.
[23] Trend Micro and OAS, “Latin American and Caribbean Cybersecurity Trends and Government Reponses,” Trend Micro Inc., 2013, pg. 7, retrieved from http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-latin-american-and-caribbean-cybersecurity-trends-and-government-responses.pdf
[24] Internet World Stats, “Internet Usage, Facebook Subscribers and Population Statistics for all the Americas World Region Countries: June 30, 2014,” Miniwatts Marketing Group, updated 24 July 2014, retrieved from http://www.internetworldstats.com/stats2.htm.
[25] Trend Micro and OAS, “Latin American and Caribbean Cybersecurity Trends and Government Reponses,” Trend Micro Inc., 2013, pg. 7, retrieved from http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-latin-american-and-caribbean-cybersecurity-trends-and-government-responses.pdf
[26] Jamaica Observer, “How Secure is Jamaica from Cybercrime?” Jamaica Observer Editorial, 26 October 2014, retrieved from http://www.jamaicaobserver.com/editorial/How-secure-is-Jamaica-from-cybercrime_17808214.
[27] P. Daley-Morris, “Cybercrimes,” Caribbean Partners for Educational Progress, 28 April 2014, retrieved from http://www.mona.uwi.edu/cop/groups/eduexchange-impact-liberalisation-telecommunication-jamaica/cybercrimes
[28] Garfield L. Angus, “Wide Support for National Cyber Security Strategy,” Jamaican Information Security, 17 January 2015, retrieved from http://jis.gov.jm/wide-support-national-cyber-security-strategy/
[29] Government of Jamaica, “National Cyber Security Strategy,” International Telecommunications Union, 2015, pg. 3, retrieved from http://www.itu.int/en/ITU-D/Cybersecurity/Documents/National_Strategies_Repository/Jamaica_2015_Jamaica%20National%20Cyber%20Security%20Strategy.pdf.
[30] Ibid, pg. 13.
[31] Ibid, pg. 14.
[32] Electronic Government Network of Latin America and the Caribbean, “OAS and Jamaican Government Present Draft National Cyber Security Strategy,” RedGealc.org, 16 September 2014, retrieved from http://www.redgealc.net/oas-and-jamaican-government-present-draft-national-cyber-security-strategy/content/6039/en/.
[33] Internet World Stats available at http://www.internetworldstats.com/stats11.htm#caribbean. Accessed October 6, 2015.
[34] Nathaniel Bowler, “Cyber Crime and Critical Infrastructure in the Americas: Only as Strong as the Weakest Link,” available at https://globalnewsmatters.com/caribbean-news/cyber-crime-critical-infrastructure-americas-strong-weakest-link/. Accessed October 1, 2015.
[35] “Barbados Creating Lab to Fight Cybercrime,” available at http://dialogo-americas.com/en_GB/articles/rmisa/features/2015/04/24/feature-02. Accessed October 6, 2015.
[36] Ibid.
[37] Latin American + Caribbean Cyber Security Trends, Published June 2014. Available at http://www.symantec.com/content/en/us/enterprise/other_resources/b-cyber-security-trends-report-lamc.pdf. Accessed October 1, 2015.
[38] Nekaelia Hutchinson, “Project to bring cybercrime solutions to Barbados,” available at http://www.caribbeannewsnow.com/headline-Project-to-bring-cybercrime-solutions-to-Barbados-7756.html. Accessed on October 6, 2015.
[39] Ibid.
[40] “Regional Cyber Leaders Share Common Challenges in Cyber Security and Defense,” available at http://dialogo-americas.com/en_GB/articles/rmisa/features/2015/04/22/feature-08. Accessed on October 6, 2015
[41] Latin American + Caribbean Cyber Security Trends, Published June 2014. Available at http://www.symantec.com/content/en/us/enterprise/other_resources/b-cyber-security-trends-report-lamc.pdf. Accessed October 1, 2015.
[42] “Regional Cyber Leaders Share Common Challenges in Cyber Security and Defense,” available at http://dialogo-americas.com/en_GB/articles/rmisa/features/2015/04/22/feature-08. Accessed on October 6, 2015
[43] Latin American + Caribbean Cyber Security Trends, Published June 2014. Available at http://www.symantec.com/content/en/us/enterprise/other_resources/b-cyber-security-trends-report-lamc.pdf. Accessed October 1, 2015.
[44] “Gov’t to strengthen cyber-security in light of recent SVG website hacking - See more at: http://www.stlucianewsonline.com/govt-to-strengthen-cyber-security-in-light-of-recent-svg-website-hacking/#sthash.d1Os2zRM.dpuf. Accessed October 12, 2015.
[45] Center for International Maritime Security, “U.S. SOUTHCOM VS. CARIBBEAN NARCO-PIRATES,” available at http://cimsec.org/u-s-southcom-vs-caribbean-narco-pirates/18377. Accessed October 12, 2015.
[46] Latin American + Caribbean Cyber Security Trends, Published June 2014. Available at http://www.symantec.com/content/en/us/enterprise/other_resources/b-cyber-security-trends-report-lamc.pdf. Accessed October 1, 2015.
[47] St. Kitts and Nevis, Electronic Crimes Act, 2009, No. 27 of 2009. Available at http://hipcar.gov.kn/sites/hipcar.gov.kn/files/Electronic_Crimes__Act._No._27_of_2009_pmd.pdf. Accessed on October 12, 2015.
[48] Latin American + Caribbean Cyber Security Trends, Published June 2014. Available at http://www.symantec.com/content/en/us/enterprise/other_resources/b-cyber-security-trends-report-lamc.pdf. Accessed October 1, 2015.
[49] Cyberwellness Profile Grenada, available at https://www.itu.int/en/ITU-D/Cybersecurity/Documents/Country_Profiles/Grenada.pdf. Accessed October 12, 2015.
[50] Latin American + Caribbean Cyber Security Trends, Published June 2014. Available at http://www.symantec.com/content/en/us/enterprise/other_resources/b-cyber-security-trends-report-lamc.pdf. Accessed October 1, 2015.
[51] “Why is Grenada getting so much flak over its Electronic Crimes Act,” available at http://www.ict-pulse.com/2013/07/grenada-flack-electronic-crimes-act/. Accessed October 12, 2015.
[52] Cyberwellness Profile Grenada, available at https://www.itu.int/en/ITU-D/Cybersecurity/Documents/Country_Profiles/Grenada.pdf. Accessed on October 12, 2015.
[53] The Caribbean Cyber Security Center is an assembled team of Caribbean and International Cyber Security Consultants based out of Barbados. The organization was founded in January 2012 by James Bynoe and Deon Olton and committed to the protection of Caribbean Children and information and communication infrastructure in what is considered one of the most serious challenges facing [the Caribbean] region.” See: “About the Caribbean Cyber Security Center,” C|CSC, 2013. Accessed September 28, 2015. Retrieved from http://www.caribbeancsc.com/#!missionvisionteam/c1mxq.
[54] Nathaniel Bowler, “Cyber Crime and Critical Infrastructure in the Americas: Only as Strong as the Weakest Link,” Global News Matters, 6 May 2014. Retrieved from https://globalnewsmatters.com/cyber-crime-critical-infrastructure-americas-strong-weakest-link.
[55] Ibid.
[56] James Bynoe’s commentary, “Caribbean Must Wake Up and Combat Cyber Crime Challenge: Our Economic Survival Depends on it,” St. Lucia News Online, 27 January 2015, retrieved from http://www.stlucianewsonline.com/commentary-caribbean-must-wake-up-and-combat-cyber-crime-challenge-our-economic-survival-depends-on-it/.
[57] INTERPOL is the largest international organization comprised of 190 state members and their law enforcement personnel. See: http://www.INTERPOL.int/About-INTERPOL.
[58] James Bynoe’s commentary, “Caribbean Must Wake Up and Combat Cyber Crime Challenge: Our Economic Survival Depends on it,” St. Lucia News Online, 27 January 2015, retrieved from http://www.stlucianewsonline.com/commentary-caribbean-must-wake-up-and-combat-cyber-crime-challenge-our-economic-survival-depends-on-it/.
[59] Bard O’Neill is a long-time scholar on the topic of insurgency who seeks to inform not just academics, but “military and civilian members of the national security policy community.” See: Bard O’Neill, Insurgency and Terrorism: From Revolution to Apocalypse, 2nd Ed., Potomac Books, Inc.: Washington, D.C. (2005), pg. 155.
[60] Ibid.
[61] Colonel Thomas X. Hammes, The Sling and the Stone: On War in the 21st Century, Zenith Press: Minneapolis, MN (2004).
[62] Greg Barak, The Routledge International Handbook of the Crimes of the Powerful, Routledge: New York (2015), pg. 147. Retrieved from https://books.google.com/books?id=H17LCQAAQBAJ&pg=PA146&lpg=PA146&dq=technology+extending+reach+of+crime&source=bl&ots=jSyTdJ6LOf&sig=9yjXxHHbJJ4p_S3_psN1mZQ33Ls&hl=en&sa=X&ved=0CC8Q6AEwAmoVChMI0PX2kOWxyAIVRhweCh1r0waG#v=onepage&q=technology%20extending%20reach%20of%20crime&f=false.
[63] Bard O’Neill, Insurgency and Terrorism: From Revolution to Apocalypse, 2nd Ed., Potomac Books, Inc.: Washington, D.C. (2005), pg. 139-145.
[64] Ximena Moretti, “Dominican Republic battles gun violence with technology,” Diálogo: Digital Military Magazine, 19 November 2011, retrieved from http://dialogo-americas.com/en_GB/articles/rmisa/features/technology/2013/11/19/republica-dominicana-sisna.
[65] Ibid.
[66] The Caribbean Council is a group that coordinates activity of the Caribbean-Britain Business Council, the Cuba Initiative, and the Central American Business Council, produces news publications weekly, and consults states and other entities on pertinent issues to the Caribbean and Central American regions. See: The Caribbean Council, “Tourism must wake up to cyber crime,” The Caribbean Council.org, n.d., retrieved from http://www.caribbean-council.org/tourism-must-wake-cyber-crime/.
[67] Ibid.
[68] Ibid.
[69] Trend Micro and OAS, “Latin American and Caribbean Cybersecurity Trends and Government Reponses,” Trend Micro Inc., 2013, pg. 18, retrieved from http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-latin-american-and-caribbean-cybersecurity-trends-and-government-responses.pdf
[70] James Bynoe’s commentary, “Caribbean Must Wake Up and Combat Cyber Crime Challenge: Our Economic Survival Depends on it,” St. Lucia News Online, 27 January 2015, retrieved from http://www.stlucianewsonline.com/commentary-caribbean-must-wake-up-and-combat-cyber-crime-challenge-our-economic-survival-depends-on-it
[71] Trend Micro and OAS, “Latin American and Caribbean Cybersecurity Trends and Government Reponses,” Trend Micro Inc., 2013, pg. 18, retrieved from http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-latin-american-and-caribbean-cybersecurity-trends-and-government-responses.pdf
[72] OAS and Symantec, “Latin American + Caribbean Cyber Security Trends,” June 2014, pg. 7. Accessed October 1, 2015. Retrieved from http://www.symantec.com/content/en/us/enterprise/other_resources/b-cyber-security-trends-report-lamc.pdf.
[73] Thomas T. Kubic, “The FBI’s Perspective on the Cybercrime Problem,” Before the House Committee on the Judiciary, Subcommittee on Crime of the Federal Bureau of Investigation, June 12, 2001. Retrieved from https://www.fbi.gov/news/testimony/the-fbis-perspective-on-the-cybercrime-problem.
[74] OAS and Symantec, “Latin American + Caribbean Cyber Security Trends,” June 2014, pg. 7. Accessed October 1, 2015. Retrieved from http://www.symantec.com/content/en/us/enterprise/other_resources/b-cyber-security-trends-report-lamc.pdf.
[75] Ibid, pg. 11.
[76] Phishing is a hacking “technique used to gain personal information for purposes of identity theft, using fraudulent e-mail messages that appear to come from legitimate businesses” by “fool[ing] recipients into divulging personal data.” See: Russell Kay, “Phishing,” Computer World, 19 January 2004. Retrieved from http://www.computerworld.com/article/2575156/security0/phishing.html.
[77] OAS and Symantec, “Latin American + Caribbean Cyber Security Trends,” June 2014, pg. 27. Accessed October 1, 2015. Retrieved from http://www.symantec.com/content/en/us/enterprise/other_resources/b-cyber-security-trends-report-lamc.pdf.
[78] USUARIA is the Argentine Association of Users of Information and Communications (Asociación Argentina de Usuarios de la Informática y las Comunicaciones). It is an NGO of IT enthusiasts and professional that seek to defend the interests of Internet and digital device users. See: USUARIA, “Que es USUARIA [What is USUARIA]?” (2015). Retrieved from http://www.usuaria.org.ar/content/%C2%BFque-es-usuaria.
[79] The development of STOP.THINK.CONNECT in the United States was led by the Anti-Phishing Working Group (APWG) and National Cyber Security Alliance (NCSA). The U.S. Department of Homeland Security provides leadership for the campaign which now has a wide international influence. See: STOP.THINK.CONNECT, “Home,” (2014). Retrieved from http://www.stopthinkconnect.org/.
[80] OAS and Symantec, “Latin American + Caribbean Cyber Security Trends,” June 2014, pg. 24. Accessed October 1, 2015. Retrieved from http://www.symantec.com/content/en/us/enterprise/other_resources/b-cyber-security-trends-report-lamc.pdf.
[81] Hilton A. McDavid, “The Caribbean: The Third U.S. Border,” The Canadian Foundation for the Americas, February 2011, retrieved at http://www.focal.ca/publications/focalpoint/394-february-2011-hilton-a-mcdavid.
[82] Ibid.
[83] The Levin Institute, “What is Globalization?” The State University of New York, 2015. Retrieved from http://www.globalization101.org/what-is-globalization
[84] Ibid.
[85] Nathaniel Bowler, “Cyber Crime and Critical Infrastructure in the Americas: Only as Strong as the Weakest Link,” Global News Matters: Caribbean Research, 6 May 2014. Retrieved from https://globalnewsmatters.com/caribbean-news/cyber-crime-critical-infrastructure-americas-strong-weakest-link
[86] OAS and Symantec, “Latin American + Caribbean Cyber Security Trends,” June 2014, pg. 7. Accessed October 1, 2015. Retrieved from http://www.symantec.com/content/en/us/enterprise/other_resources/b-cyber-security-trends-report-lamc.pdf.
[87] Ibid.
[88] Cyber fusion centers are regional or state entities that integrate information technology, cyber security, and cybercrime prevention intelligence and analytic capabilities through “detection, mitigation, response, recovery, investigation, and…prosecution.” See: Global Advisory Committee, “Cyber Integration for Fusion Centers: An Appendix to the Baseline Capabilities for State and Major Urban Area Fusion Centers,” Department of Defense, Global Justice Information Sharing Initiative and Bureau of Justice Assistance, May 2015, pgs. 1. Retrieved from http://www.cisecurity.org/documents/CyberIntegrationforFusionCenters_000.pdf.
[89] Ibid, pg. 4-5.
[90] Luke Allnutt, “Cyber-Westphalia and Its Disrupters,” Tangled Web, 25 July 2011. Retrieved from http://www.rferl.org/content/cyber_westphalia_and_its_disruptors/24276584.html.
[91] Ibid.
[92] Ibid.
[93] Nathaniel Bowler, “Cyber Crime and Critical Infrastructure in the Americas: Only as Strong as the Weakest Link,” Global News Matters: Caribbean Research, 6 May 2014. Retrieved from https://globalnewsmatters.com/caribbean-news/cyber-crime-critical-infrastructure-americas-strong-weakest-link/.
[94] Ibid.
[95] Hilton A. McDavid, “The Caribbean: The Third U.S. Border,” The Canadian Foundation for the Americas, February 2011, retrieved at http://www.focal.ca/publications/focalpoint/394-february-2011-hilton-a-mcdavid.
[96] Ibid.
[97] Ibid.
[98] Nathaniel Bowler, “Cyber Crime and Critical Infrastructure in the Americas: Only as Strong as the Weakest Link,” Global News Matters: Caribbean Research, 6 May 2014. Retrieved from https://globalnewsmatters.com/caribbean-news/cyber-crime-critical-infrastructure-americas-strong-weakest-link