Government Cybersecurity, a priority
When the Spanish arrived in Panama in 1501, they saw the country as a natural route to cross from one ocean to another, a strategic role confirmed by the building of the railway during the California gold rush and the opening of the Panama Canal in 1914.
Today, over 500 years later, Panama is a technological hub where seven undersea fiber optic cables converge, carrying millions of megabits of voice and data with information from all parts of the world. We are still a hub of interconnection, a transit point. A country immersed in the digital economy, that opted to democratize the internet, e-commerce and e-government.
But we know this digital transformation also has its risks and challenges. Data protection is a priority for private enterprise, which take measures to avoid falling victim to the cyberattacks affecting their businesses, customers, revenues and reputations. State-owned institutions must also protect citizen information, stored across numerous platforms, and ensure key entities providing financial, logistical, security and medical services are protected from these new cybercrimes.
Accordingly, since 2013, the National Government—through the National Authority for Government Innovation (AIG)—has implemented a National Cybersecurity Strategy to combine the efforts of citizens, businesses and state entities to increase cybersecurity and enable the safe use of communication technologies.
This roadmap summarizes several focal points which, overall, help governments make political, economic, administrative, legal and educational decisions in the face of these new challenges. In Panama, the National Cybersecurity Strategy has met its first goals, and we are now updating it to respond to the new cyberthreats and cybercrimes that could jeopardize public or private information or disrupt critical institutions.
In Panama, the National Cybersecurity Strategy met its first goals, and we are now updating it
One of the developments will be the enactment of the first local cybercrime law to investigate and punish new cybercrimes, such as denial of service, phishing or ransomware. We have checked the validity of this document with sectors such as banking, one of the most important sectors in our country—and one which has a high probability of being affected.
Another key point on which we have made progress is regional coordination, with the creation of the Computer Security Incident Response Team (CSIRT) Panama and a subscription to the Forum of Incident Response and Security Teams (FIRST).
FIRST member countries take advantage of the hyper-connectivity in this world without borders to coordinate with other governments and strengthen prevention measures against security incidents or attacks.
For example, through this cross-functional collaboration, we were able to alert the region in advance of the global WannaCry cyber-attack, an extortion virus that affected over 100 countries in May last year. Coordinated action enabled each country on this continent to take preventive measures and actions.
This work also enabled countries to replicate their response protocols and share successful experiences in government protection, as well as identify the investments required to strengthen platforms, including those great vaults of digital information.
Another important point in building and updating a national cybersecurity strategy is preparing civil servants and increasing citizen awareness. It has been proven human beings (“the asset between the chair and the desk”) have been the breaking point in all cybersecurity incidents.
The challenge here is to ensure this knowledge and comprehension of cyberthreats reaches everyone on an internal and external level. Bearing in mind that most of the economically active population is not made up of “digital natives,” it is difficult to include everyone quickly. However, through constant training of key units and businesses and school support, major progress can be achieved.
Panama has achieved a certain cyber maturity, but we are still working to legislate and protect digital society
Awareness begins in school, where the next generation of cyber citizens is being educated. A young, but more connected digital population will be the next users and civil servants to create new cybersecurity strategies and new technologies.
Panama has achieved a certain cyber maturity, but we are still working to legislate and protect digital society. It is not merely a question of having a modern, robust or fast digital infrastructure; it must also be secure. This is obligatory if, as a country, we want to continue taking advantage of the fourth industrial revolution. Protecting citizens from cybercrime is a duty, a right and a key strategy to continue growing.