Colombia: Defining and Classifying Cyberspace Security Threats and Attacks

The Columbian government has in the recent past come under heavy criticism after claims of abuse of the state surveillance system to spy on human rights defenders, political opponents, and journalists by the Administrative Department of Security. Due to Colombian’s rights, the government replaced the department with the National Intelligence Directorate but are yet to institute intelligence and counterintelligence measures to ensure its efficiency.

Now, a large number of people in Columbia depend on cyberspace to run their organisations, interact with others, and conduct business. Ironically, cyberspace, defined as the global information environment consisting of an interdependent network of information technology infrastructures such as the internet and computer systems, is now an essential tool for the social survival of man (Ottis and Lorents, 2010). Therefore, there should be safety and security. Cybersecurity is the resulting overall product from the collection, processing, integration, evaluation, analysis, and interpretation of data (Espinoza and Moditsi, 2016). Cybersecurity includes not only the protection of information sources but also the protection of financial and human resources (Solms and Niekerk, 2013).

Columbia borrows much of their cybersecurity policies and laws from international organizations such as the United Nations and from European countries as Computer Misuse Act of 1990. Although the country has not suffered any major cyber attacks, Columbians believe that the government needs to invest in cybersecurity acts for the country’s economic and defense needs, since cyberbullying and economic sabotage are quite common in Columbia and moreover, it is important for military security.

Creativity among the people responsible for national cybersecurity is the key since cybercrime is ever growing. Organisations should aim for cybersecurity both internally and externally. Therefore, there is a need for a change in the program to curb the vice since the existing ones are not sufficient, and the private sector needs to partner with the national government to stem out the practice. As long as the cyberspace continues to exist, unscrupulous persons will always take advantage of it and harm the innocent citizens.

Recent studies show a paradigm shift in the major perpetrators of cyberattacks. A survey conducted by Jouini, Rabai, and Aissa shows that a high number of cyber-attacks emanate from among the insiders of the organisation (2014). The study, therefore, recommends that organisations should not aim their cybersecurity tactics at external persons only but also to their internal staff. Indeed, they need to conduct an intensive and extensive examination of internal control policies and identify external vulnerabilities to create strong protection against cyber-attacks (Coleman and Sapte, 2003). Moreover, the strategy should be comprehensive and flexible to adjust to the changing cyberspace. Furthermore, the human aspect in any organisation determines the effectiveness of the security plan. For instance, if an employee receives a spear phishing email, what are the necessary steps that the employee should take? Some of the employees may delete the email while the more effective ones may report to the risk management team to ensure protection.

In 1991, the Columbian government introduced Article 15 of the constitution which guaranteed every citizen the right to privacy and intimacy. In 2008, the government introduced Law 1266 meant to regulate the use of commercial and financial data (Silva, 2018). Over the years, the government has doubled its efforts to ensure privacy in the digital age through legislation.

Columbia’s programs to ensure privacy in the digital is the most effective in Latin America. The Columbian government borrows most of its policies from the EU Data Protection Directive (95/46/EC), but has been replaced by Global Data Protection Regulation (2016/679), GDPR. GDPR provide the right for the individual including: the Right to be Informed, the Right to be Forgotten, and the Right to Rectification. Columbia also recognises several legislations from the United Nations (68/117), which ensures total privacy of data, unless under certain conditions, since some private data is crucial in ensuring the safety of all citizens and in solving felonies.

The law; the Superintendence of Industry and Commerce as well, requires that all organisations that handle personal data have privacy policies and own secure databases to store data. Moreover, to inform the subjects of the purpose for the data collection and helping them within the shortest time possible. On the contrary, some companies such as Facebook do not abide by these laws.

With the advancement in technology, the organization can easily access personal data. Therefore, it is only right to do so when there is an imminent security breach, when prosecutors suspect an individual of committing a crime and limited to the scope of the investigation. Organisations in Columbia must seek permission from subjects before collecting their data.

Prevention is better than cure. In order to solve these issues, two suggestions were made; First is the use of encryption, but it will become useless with the advancement of technology. The second is to develop and continued the partnership between the organisation and the Colombian government in the current digital age.

References

1. Brown, D. (2016). New UN resolution on the right to privacy in the digital age: Crucial and timely. Retrieved from https://policyreview.info/articles/news/new-un-resolution-right-privacy-digital-age-crucial-and-timely/436
2. Cardenas, A., Amin, S., Sinopoli, B., Giani, A., Perrig, A., & Sastry, S. (2009, July). Challenges for securing cyber physical systems. In Workshop on future directions in cyber-physical systems security (Vol. 5).
3. Coleman, C., & Sapte, D. W., (2003). Cyberspace security. Computer Law & Security Review, 19(2), 131-136. Doi: 10.1016/S0267-3649(03)00208-5
4. Computer Misuse Act 1990. (1990, June 29). Retrieved from https://www.legislation.gov.uk/ukpga/1990/18/contents
5. Computer Security Resource Center. NIST. Retrieved from https://csrc.nist.gov/
6. Espinoza, J., & Moditsi, K. Combating Cyber Security Threats. ODU United Nations Day
7. General Data Protection Regulation (GDPR). Right to be Forgotten. Retrieved from https://gdpr-info.eu/issues/right-to-be-forgotten/
8. Greenwald, G. (2014). No place to hide: Edward Snowden, the NSA, and the U.S. surveillance state (1st ed.). New York, NY: Metropolitan Books/Henry Holt.
9. Internet World Stats. (2018). Retrieved from https://www.internetworldstats.com/stats.htm
10. Jouini, M., Rabai, L., & Aissa, A. (2014). Classification of security threats in information systems. Procedia Computer Science, 32, 489-496. doi:10.1016/j.procs.2014.05.452
11. Newmeyer, K. P. (2015). Elements of national cybersecurity strategy for developing nations. National Cybersecurity Institute Journal, 1(3), 9-19.
12. Ottis, R., & Lorents, P. (2010, April). Cyberspace: Definition and implications. In International Conference on Cyber Warfare and Security (p. 267). Academic Conferences International Limited.
13. Shackelford, S. J. (2016). Protecting intellectual property and privacy in the digital age: The use of national cybersecurity strategies to mitigate cyber risk. Chap. L. Rev., 19, 445.
14. Silva, N. (2019). Colombia – The Privacy, Data Protection, and Cybersecurity Law Review – Edition 5 – The Law Reviews. Retrieved from https://thelawreviews.co.uk/edition/the-privacy-data-protection-and-cybersecurity-law-review-edition-5/1175627/colombia
15. Stelter, M. (2019). Facebook’s data crisis deepens as questions mount. Retrieved from https://money.cnn.com/2018/03/20/technology/facebook-data-scandal-deepens/index.html
16. Stolfo, S., Bellovin, S. M., & Evans, D. (2011). Measuring security. IEEE Security & Privacy, 9(3), 60-65.
17. United Nations Human’s Rights: Office of the High Commissioner. The Right to Privacy in the Digital Age. Retrieved from https://www.ohchr.org/en/issues/digitalage/pages/digitalageindex.aspx
18. Von Solms, R., & Van Niekerk, J. (2013). From information security to cybersecurity. Computers & Security, 38, 97-102.