UWI Mona hosts Jamaica’s 3rd National Cyber Security Conference

Jca conf 3

Professor Dunn, Caribbean Institute of Media and Communication, Trevor Forrest, 876 Technology Solutions, Damian Donaldson, IT Consultant, Shiva Bissessar, Pinaka Technology Solutions & Shernon Osepa, Internet Society.  Photo Credit UWI CARIMAC

 

 

The Caribbean Institute of Media and Communication (CARIMAC), University of the West Indies (UWI), in partnership with the International Telecommunications Union (ITU) and the Internet Society (ISOC), recently hosted Jamaica’s 3rd National Cybersecurity Conference.  Over the period 17th-18th November, 2015, an eager audience was treated to informed presentations from various presenters under the theme of “Data Protection, Financial Services and Customer Awareness”.  The ISOC was represented by Mr Shernon Osepa, Manager, Regional Affairs for Latin America and the Caribbean Bureau, and Mrs Christine Runnegar, Director, Public Policy, while Shiva Bissessar served as the representative expert of the ITU, having previously worked with the ITU on a couple occasions including developing cyber security awareness amongst youths in the Caribbean.  Ms Acadia Senese, Legal Counsel, Goggle Inc. rounded out the listing of international presenters.  However, there were many local expert presenters who gave insights into their experiences in providing a mature response to cyber security threats as can be gleaned from the programme agenda.  Some of the key points as presented by these presenters are shared below.

 

At The National Level

 

Minister of State within the Ministry of Science, Technology, Energy and Minings, The Hon. Julian J. Robinson, spoke of some of the measures the Government was taking to address cyber security risk including the hiring of a Chief Information Officer who was tasked with establishing minimum standards across various ministries as a direct response to some high profile attacks on Government websites in late 2014.  He also challenged the public at large to read and become involved in the National Cyber Security Strategy towards the goal of holding the Government accountable on its promises.

 

Fullscreen capture 08122015 232433.bmp

Four pillars of Jamaica’s National Cyber Security Framework

 

In explaining the aspect of “Human resource and capacity building” he stated his intention to engage the likes of the ITU and ISOC, as well as the private sector to create a cadre of local cyber security experts.  Additionally, he demonstrated that they were already treating public awareness as a key aspect of the strategy citing the observation of October as cyber security month and stating that a Jamaican version of a “Stop Click Connect” awareness campaign was in development.

 

Private Sector Intervention

 

Mrs Audrey Tugwell Henry, Senior General Manager, NCB highlighted that while managing cyber security technical issues is an important factor; a bigger issue is actually convincing the public of the threat and getting them to practice safe behaviours towards securing their identities and financial information, for example, getting them to stop writing PINs on the back of bank cards.  Stating that her own name had been used within phishing campaigns, she cited the importance of ongoing training for staff member towards the development of “human firewalls” to thwart attacks.  She indicated that attacks can occur for a myriad of reasons but always have the end result of increasing operational cost as it takes on average 10 full days to restore services.

Sparking some controversy with comments suggesting that local websites were akin to mere storefronts with not much behind them to be taken by cyber criminals, Mr Dennis Chung drew some dissenting comments from couple of subsequent speakers.  However, I viewed the comment as a tongue in cheek call for a greater level of development of electronic services to be delivered via local websites, especially as the panel during which the comment was made was being moderated by chair of eGov Jamaica Limited. Professor Evan Duggan. Mr Chung also questioned whether there were adequate resources trained to treat with a serious cyber-attack and challenged authorities to view cyber security as an opportunity rather than a threat.  The opportunity being referred to was that of building an industry of cyber security professionals to target a potentially very large market, much akin to the development of a cyber-security ecosystem as espoused in last blog post.  Mr. Chung went further to suggest that the development of such expertise could take precedent over efforts to nurture mobile apps developers or game developers.

 

Outward Risk & Due Diligence

The development of a nascent cyber security industry augured well with a contribution from Mrs Christine Runnegar who gave insights into the ISOC’s concept of collaborate security where she spoke of managing inbound and outward risks (i.e. the risk you present to others in not properly protecting your infrastructure) though proactive collaboration at local, region and international levels.  The concept of being responsible for securing environments again reared its head during the legal panel session where Ms Nicole Foga encouraged the audience to “know the legal framework” as pertains to the commission of offences under the Cybercrime Act, 2015.  In particular, Section 14 (2) (B) was introduced as speaking to the responsibilities of, and potential consequences to, individuals within organisations tasked with the responsibility of eliminating outward risks.  In reinforcing this point to the audience, Ms Foga stated that the popular local saying “trust meh nah” no longer holds water in such circumstances and that individuals now needed to be wary of the responsibilities they assume within organizations and ensure that they practice due diligence towards ensuring offenses under the act do not occur in the corporate environment.

 

Fullscreen capture 22122015 014551.bmp

Offences by Bodies Corporate; Jamaica Cybercrime Act, 2015

 

An analysis of the corresponding clause within the Trinidad and Tobago 2014 Cybercrime Bill reveals some similar wording and intention, however Ms Foga drew attention to the use of the word “connived” within Section 14 (2) (A) as she raised the question of how do you go about determining whether persons did in fact connive to commit an offense.   The issue of cyber insurance was first raised by Ms Amina Maknoon who highlighted its utility as a risk prevention and mitigation tool and this was reinforced by Ms Foga.  Subsequent responses to questions on the topic of cyber insurance in the local Jamaican market revealed an opportunity for local insurance companies to develop products along this dimension at appropriate price points to suite large corporations and Small Medium Enterprises (SMEs) alike.

 

Individuals & SMEs

It is quite easy to overlook the needs of individuals and SMEs on such an issue, however the audience members did not let their opportunity to seek out expert advice on the matter go to waste.  Indeed, underscoring the need for greater levels of public awareness when it comes to hoaxes and scams, one gentleman took to the microphone during Q&A of one of the sessions with a genuine concern over a letter he received which purported that he was the recipient of a large financial reward.  In my presentation on citizen action towards protection and in referencing this gentleman’s plight, I explained that this was an excellent example of how traditional scams can be updated over time and find new methods to reach vulnerable targets via social media, emails list or even phone calls.    A statement from Mrs Dolsie Allen, CEO, Consumer Affairs Commission citing some level of deficiency in how the banking sector currently handles customer awareness, presented the perfect segue to illustrate how institutions can avail themselves of more funding towards customer or employee cyber awareness by simply reallocating money dedicated for brand promotion into brand protection from cyber risk.  Additionally, Mr Trevor Forrest of 876 Technology Solutions advised that SMEs need to plan ahead well in advance and have a defined incident management plan at hand in preparation for attacks.

 

Conclusion

Professor Dunn and the CARIMAC should certainly be commended for organizing such a highly informative and  conference for the third consecutive year.  The tightly packed agenda was designed to allow for ventilation of policy, technical and legal issues and each panel featured an international panelist. My only question to Professor Dunn remains, when does he intend to take the show on the road and make this a regional event?

2 comments

  • Gamil Coke

    It was a very informative confab for a change that worked on a number of levels and was accessible by the layman and the expert. I saw lots of participation from the public sector and some regulatory agencies (glaring was the silence from the Office of Utility Regulation); wish there was more representatives from local firms that are engaged in supplemental services to the private sector. Like you I wish that something like this is spread not only to the rest of the Caribbean but to other sections in the Island like Western and Central Jamaica.

    • Hi Gamil, sorry we didn’t meet in person there. I think Andrew Nooks and Trevor Forrest gave excellent insights from the technical supplemental services point of view. And I was very pleased that consumer affairs had a voice on a panel to represent the interest of the individuals. The national strategy places key emphis on awareness so maybe the other area of Jamacia will benefit once roll out begins. It was clear from the Q&A that SMEs need some assistance in developing their response, but as Mr. Chung eluded…this is an opportunity for a development of a cybersecurity sector.

Leave a Reply

Your email address will not be published. Required fields are marked *