Cybersecurity – The importance of available, secure and incorruptible ICT-systems

The importance of available, secure and incorruptible ICT-systems

In the last two decades, information and communication technology (ICT) has become a central part of social, cultural and economic life for an increasing number of people. As such, the availability, security and integrity of ICT systems has become extremely important on different levels in society. On an individual level in terms of access to electronic services, privacy and freedom of speech. On an organizational level for safely being able to provide products and services and involving stakeholders. Also as a society in terms of availability of critical infrastructures (for example telecommunication, healthcare, energy supply and water supply, etc.) and the protection of the democratic legal order and national security. As a result of this, a certain dependency on ICT has been created; without available, secure and incorruptible ICT systems, society will come to a standstill.

Connection of systems as driving force for innovation and activity

Apart from the growing interrelation of ICT systems with daily life and its ancillary dependency, ICT systems also have an increasing connection with each other. This far-reaching connection of systems not only serves convenience, efficiency and pleasure, it is also an important driving force for innovation and economic growth. Local networks and computer systems can be reached through the internet for worldwide coverage, for the benefit of communication purposes and the distribution of services and content. Besides this, more and more contemporary equipment has ICT built into it: cars, televisions, thermostats and medical applications connected with the internet.

The downside of connection: increased risk of cyber attacks

It is self-evident that the global connection and the use of new, innovative technology carries risks. The enormous increase of users and the dependency on ICT systems as mentioned before, causes greater impact on society in case of a breakdown. The chance of a security incident is also greater, since criminals from all over the world are able to carry out their ‘cybercrime’ activities on local targets, there are newer and more malicious techniques available (like Trojan Horses, viruses and phishing) and the dependency on ICT also makes us susceptible to blackmail.

Cybersecurity policy

The importance of the ability to conduct investigations in to cybercrimes and digitally collecting evidence goes beyond merely protecting consumers. If a country wishes to create an environment where e-commerce may grow, measures will be required to ensure that crimes directed towards e-commerce companies do not go unpunished.

In order to properly specify the cyber security policy, it is crucial to raise awareness about the share of internet in globalization. The most important policy objectives of the BT&P aimed at the internet are:

  1. Protecting and promoting a free flow of information worldwide
  2. Promoting the open, interconnecting and distribution-driven nature of the internet
  3. Promoting investments and competition in the field of high speed networks and services
  4. Promoting and facilitating service provision across national borders

The cybersecurity policy is aimed at the identification of the risks in connection with cybersecurity and the determination of a strategic approach to deal with this. Inventory taken by the BT&P resulted in the following identified cybersecurity risks:

  • Critical services (hospitals, banks, education, government) are provided and controlled by information systems
  • Information systems of critical infrastructures are accessible through the internet, so services may be negatively affected by cyber-attacks, with serious economic consequences
  • Lack of local awareness about cybersecurity, co-ordination between local partner organizations, co-ordination of investigation and prosecution of cyber-crimes and national and international guidelines in the field of cybersecurity
  • Information security and information management infrastructures of public and private organizations that are not optimal
  • Insufficient level of knowledge and awareness by the government, companies and individuals in the field of cybersecurity
  • Insufficient information among top managers of public and private organizations, which also applies to IT departments within companies
  • Integration of cybersecurity measures in audit procedures of the internal organization that are not optimal
  • Cybersecurity is not considered as an essential component of information systems

With these risks in mind it is essential that there is proper awareness about the importance of having a well-thought-out national cybersecurity strategy and policy which is supported by the government and also that there is more awareness about the cybersecurity threats everyone has to deal with. Realizing this among other things requires the implementation of processes aimed at national risk identification, investigations and strategic initiatives at management level. In order to deal with the technical developments and cyber-attack methods that constantly change in this field, it is also necessary to have international involvement and co-operation and a certain degree of flexibility.

Curaçao must be prepared for cyber domain threats

In order to protect users, organizations and governments, Curaçao must have knowledge and capacity to intervene when our networks and computer systems are digitally threatened. This is why the BT&P applies itself to the fullest where cybersecurity is concerned. By intervening or being able to intervene both technically and legally, the country can guard the freedom, safety and peace for citizens. An up-to-date cybersecurity policy also ensures that Curaçao does not become a freeport for digital criminals, because these can carry out attacks domestically and abroad from an unregulated country.

In the coming years, the BT&P will continue to implement the national cybersecurity policy, setting up a cyber security governance structure and co-ordinating cybersecurity programs. However, specific attention will be generally required to ensure for market suppliers, as well as for companies and consumers that there is sufficient awareness and knowledge about cybersecurity through information on the dangers, recognition of these dangers and proper protection against same. This process is established in cooperation with CARICERT, which is responsible for dealing with incidents and taking preventive measures within the scope of cybersecurity.

Awareness-raising campaign cybersecurity

October is the global cyber security month and is dedicated to the awareness of end users, the safety of computers and privacy. On October 1st, the BT&P started a national cybersecurity awareness campaign on Curaçao. The campaign is aimed at the awareness of the importance of ICT security, the risks private persons (young people and adults), companies and the government are exposed to on a daily basis when using ICT networks, ICT systems and the internet and how you may defend yourself against these risks. The start of the campaign for which various media were invited was marked by the Minister of Traffic, Transportation and Urban Planning, Mrs. Suzanne Camelia Römer. During this meeting to launch the campaign, the areas of attention of cybersecurity for Curaçao were addressed, likewise as the manner in which the campaign links up with this.

The campaign runs the entire month of October in various media (radio, TV and social media network sites) through information videos, information flyers, posters, interviews and advertisements.You can read more information on the content of the campaign under Cybersecurity Awareness Campaign 2015.

Also visit the website of the Cyber Emergency Response Team of BT&P for more information about detection and prevention of cyber threats: Caricert

(BT&P Publication period: 2015)