UWI Mona hosts Jamaica’s 3rd National Cyber Security Conference
The Caribbean Institute of Media and Communication (CARIMAC), University of the West Indies (UWI), in partnership with the International Telecommunications Union (ITU) and the Internet Society (ISOC), recently hosted Jamaica’s 3rd National Cybersecurity Conference. Over the period 17th-18th November, 2015, an eager audience was treated to informed presentations from various presenters under the theme of “Data Protection, Financial Services and Customer Awareness”. The ISOC was represented by Mr Shernon Osepa, Manager, Regional Affairs for Latin America and the Caribbean Bureau, and Mrs Christine Runnegar, Director, Public Policy, while Shiva Bissessar served as the representative expert of the ITU, having previously worked with the ITU on a couple occasions including developing cyber security awareness amongst youths in the Caribbean. Ms Acadia Senese, Legal Counsel, Goggle Inc. rounded out the listing of international presenters. However, there were many local expert presenters who gave insights into their experiences in providing a mature response to cyber security threats as can be gleaned from the programme agenda. Some of the key points as presented by these presenters are shared below.
At The National Level
Minister of State within the Ministry of Science, Technology, Energy and Minings, The Hon. Julian J. Robinson, spoke of some of the measures the Government was taking to address cyber security risk including the hiring of a Chief Information Officer who was tasked with establishing minimum standards across various ministries as a direct response to some high profile attacks on Government websites in late 2014. He also challenged the public at large to read and become involved in the National Cyber Security Strategy towards the goal of holding the Government accountable on its promises.
In explaining the aspect of “Human resource and capacity building” he stated his intention to engage the likes of the ITU and ISOC, as well as the private sector to create a cadre of local cyber security experts. Additionally, he demonstrated that they were already treating public awareness as a key aspect of the strategy citing the observation of October as cyber security month and stating that a Jamaican version of a “Stop Click Connect” awareness campaign was in development.
Private Sector Intervention
Mrs Audrey Tugwell Henry, Senior General Manager, NCB highlighted that while managing cyber security technical issues is an important factor; a bigger issue is actually convincing the public of the threat and getting them to practice safe behaviours towards securing their identities and financial information, for example, getting them to stop writing PINs on the back of bank cards. Stating that her own name had been used within phishing campaigns, she cited the importance of ongoing training for staff member towards the development of “human firewalls” to thwart attacks. She indicated that attacks can occur for a myriad of reasons but always have the end result of increasing operational cost as it takes on average 10 full days to restore services.
Sparking some controversy with comments suggesting that local websites were akin to mere storefronts with not much behind them to be taken by cyber criminals, Mr Dennis Chung drew some dissenting comments from couple of subsequent speakers. However, I viewed the comment as a tongue in cheek call for a greater level of development of electronic services to be delivered via local websites, especially as the panel during which the comment was made was being moderated by chair of eGov Jamaica Limited. Professor Evan Duggan. Mr Chung also questioned whether there were adequate resources trained to treat with a serious cyber-attack and challenged authorities to view cyber security as an opportunity rather than a threat. The opportunity being referred to was that of building an industry of cyber security professionals to target a potentially very large market, much akin to the development of a cyber-security ecosystem as espoused in last blog post. Mr. Chung went further to suggest that the development of such expertise could take precedent over efforts to nurture mobile apps developers or game developers.
Outward Risk & Due Diligence
The development of a nascent cyber security industry augured well with a contribution from Mrs Christine Runnegar who gave insights into the ISOC’s concept of collaborate security where she spoke of managing inbound and outward risks (i.e. the risk you present to others in not properly protecting your infrastructure) though proactive collaboration at local, region and international levels. The concept of being responsible for securing environments again reared its head during the legal panel session where Ms Nicole Foga encouraged the audience to “know the legal framework” as pertains to the commission of offences under the Cybercrime Act, 2015. In particular, Section 14 (2) (B) was introduced as speaking to the responsibilities of, and potential consequences to, individuals within organisations tasked with the responsibility of eliminating outward risks. In reinforcing this point to the audience, Ms Foga stated that the popular local saying “trust meh nah” no longer holds water in such circumstances and that individuals now needed to be wary of the responsibilities they assume within organizations and ensure that they practice due diligence towards ensuring offenses under the act do not occur in the corporate environment.
An analysis of the corresponding clause within the Trinidad and Tobago 2014 Cybercrime Bill reveals some similar wording and intention, however Ms Foga drew attention to the use of the word “connived” within Section 14 (2) (A) as she raised the question of how do you go about determining whether persons did in fact connive to commit an offense. The issue of cyber insurance was first raised by Ms Amina Maknoon who highlighted its utility as a risk prevention and mitigation tool and this was reinforced by Ms Foga. Subsequent responses to questions on the topic of cyber insurance in the local Jamaican market revealed an opportunity for local insurance companies to develop products along this dimension at appropriate price points to suite large corporations and Small Medium Enterprises (SMEs) alike.
Individuals & SMEs
It is quite easy to overlook the needs of individuals and SMEs on such an issue, however the audience members did not let their opportunity to seek out expert advice on the matter go to waste. Indeed, underscoring the need for greater levels of public awareness when it comes to hoaxes and scams, one gentleman took to the microphone during Q&A of one of the sessions with a genuine concern over a letter he received which purported that he was the recipient of a large financial reward. In my presentation on citizen action towards protection and in referencing this gentleman’s plight, I explained that this was an excellent example of how traditional scams can be updated over time and find new methods to reach vulnerable targets via social media, emails list or even phone calls. A statement from Mrs Dolsie Allen, CEO, Consumer Affairs Commission citing some level of deficiency in how the banking sector currently handles customer awareness, presented the perfect segue to illustrate how institutions can avail themselves of more funding towards customer or employee cyber awareness by simply reallocating money dedicated for brand promotion into brand protection from cyber risk. Additionally, Mr Trevor Forrest of 876 Technology Solutions advised that SMEs need to plan ahead well in advance and have a defined incident management plan at hand in preparation for attacks.
Professor Dunn and the CARIMAC should certainly be commended for organizing such a highly informative and conference for the third consecutive year. The tightly packed agenda was designed to allow for ventilation of policy, technical and legal issues and each panel featured an international panelist. My only question to Professor Dunn remains, when does he intend to take the show on the road and make this a regional event?