Caribbean trails global trend in automation

A technology trend known as automation could be a game-changer for developing regions, but the Caribbean is trailing global adoption.

Across the industry, the automation of network configuration and network management is already bringing tangible benefits, such as lower operating costs and centralised security. But Caribbean adoption rates have lagged behind global averages, and the promise of automation remains largely unfulfilled in the region.
 

Read More

Caribbean Banks See Rise in Cyber Attacks

By GERARD BEST

CAPTION: A cyclist rides past Belize Bank in downtown Belize City, April 23, 2017. Photo courtesy Caribbean Network Operators Group.

CAPTION: A cyclist rides past Belize Bank in downtown Belize City, April 23, 2017. Photo courtesy Caribbean Network Operators Group.


Imagine doing a routine check on your bank account only to discover that an entire month’s worth of credit had been swiped from your card. The nightmare became reality for one elderly Belizean couple, who fell victim to identity theft.
 
For Alejandro and Leandra Chulin, the story started five years ago with a troubling phone call from their son, who was at the time studying abroad. He had been trying to use their credit card but couldn’t. A few quick checks with the bank confirmed their worst fears. Someone had already maxed out the limit, racking up enough purchases to leave the Chulins in the hole to the tune of several hundreds.

The money was recovered but the trauma remains. And now that Belize is taking much-needed steps to address identity theft and other cyber threats, the Chulins are making the most of an unprecedented opportunity to lend their voice to the national effort and to learn how to be more cyber safe.

The country’s recently concluded national cybersecurity symposium brought together bankers and customers to put a spotlight on the growing incidence of cybercrimes against banks. While the Chulins sat in a forum designed to explain cyber threats to the general public, the country’s finance sector representatives gathered at the Central Bank for a special forum focusing on practical strategies to defend against escalating cyber attacks against financial institutions. 
 
The weeklong meeting highlighted major gaps in the region's readiness to respond to cyberattacks on financial institutions.

“The threats are not imminent, they are here. There are exploits that are occurring all across the Caribbean,” said Carlton Samuels, an independent IT consultant and lecturer at the University of the West Indies, Mona Campus in Jamaica.

“It is commendable that Belize is developing a national framework for building awareness, regulatory responses, detection and prevention,” he added.

Samuels was among several regional and international cybersecurity experts addressing participants on technical issues such as the vulnerabilities of automated teller machines and social issues such as email fraud via phishing attacks. 

The panel covered a broad range of topics, including how to detect security attacks, the pros and cons of public disclosure of cyber attacks, and best practices for recovering from cyber attacks.
 
The symposium, held from April 24 to 28, was organised jointly by the Belize Public Utilities Commission and the Caribbean Network Operators Group, a non profit organization which works to safeguard the region’s computer networks. 

"Cybersecurity is a priority for the entire Caribbean. As our citizens, businesses, financial institutions  and governments place greater reliance on Internet-based technologies, greater attention has to be paid to increasing our capacity to protect our computer networks and systems. And the crafting of any solution has to involve as many viewpoints as possible,” said Bevil Wooding, one of the organizers of the event and an Internet Strategist at US-based Packet Clearing House. 

"That’s why a wholistic, national approach, as seen in Belize, is the best way to address the issues related to cybersecurity."

More than 700 stakeholders took part in the weeklong national symposium, including law enforcement officers, judges, lawyers, business executives, government officials, computer network professionals, educators and other concerned citizens.

On the back of this historic event, the nation of Belize has emerged as an unlikely leader in the region, presenting a model for how other Caribbean jurisdictions can prepare for, defend against and respond to growing cyber threats.

Time for Caribbean To Be Better Prepared for Cyber War

Belize Cyber Security Symposium Raises Awareness of Region-wide Problem

By GERARD BEST

CAPTION: Sean Fouché, Information and Communications Technology Manager at CARICOM IMPACS, speaks at Belize's first-ever national cybersecurity symposium, held in Best Western, Biltmore Plaza, Belize City from April 24 to 28, 2017. Photo courtesy Caribbean Network Operators Group.

CAPTION: Sean Fouché, Information and Communications Technology Manager at CARICOM IMPACS, speaks at Belize's first-ever national cybersecurity symposium, held in Best Western, Biltmore Plaza, Belize City from April 24 to 28, 2017. Photo courtesy Caribbean Network Operators Group.

 

Large, well-funded and highly organized crime syndicates are behind many of the cybercrimes taking place in the Caribbean. And regional governments and security agencies are challenged to respond.  

 

“Today's cybercriminal is no longer just a computer geek looking to see what mischief he can create. Modern cybercriminals are increasingly being employed, trained and resourced by transnational crime syndicates,” said Sean Fouché, Information and Communications Technology Manager at CARICOM IMPACS, an agency responsible for regional crime and security.

 

“Recent reports have revealed that cybercrime is now even more profitable than the global drug trade. Based on intelligence from the Regional Intelligence Fusion Centre, we are also seeing that cybercrime is now being coupled with the illicit drug trade and human trafficking. This is feeding into a much larger issue of transnational crime.”

 

Fouché was speaking at Belize's first national cybersecurity symposium, held in Belize City from April 24 to 28. 

 

“The Internet is now being used by terrorist organisations to recruit young people in the Caribbean. CARICOM IMPACS is looking at the link between  these terrorist activities and the region's illicit drug trade. What we’re seeing is that it’s all connected,” he said.

 

He added that cybercrime is a regional problem that requires a coordinated regional response.

 

"This is why CARICOM is working to assist Belize as well as other governments of the region."

 

Unlike almost every other Central and South American country, but like most Caribbean nations, Belize has “neither a cyber-defense policy nor a national Computer Security Incident Response Team,” according to a 2016 report on Latin American and Caribbean cybersecurity by the Organisation of American States and Inter-American Development Bank.

 

To address this, Belize organized a week-long national cyber security symposium to draw participants from the public as well as from law enforcement, the judiciary and legal community, government and the private sector. 

 

“The high turnout at Belize's cyber security symposium is indicative of the importance of the subject, not just to technocrats or technology experts, but to everyone,” said John Avery, chairman of the Public Utilities Commission (PUC), which regulates to Belize telecommunications sector.  

 

The symposium was jointly organised by the PUC and the Caribbean Network Operators Group, CaribNOG, a non-profit organization that focuses on cybersecurity and technical capacity building.  

 

“This is the first time that such an event has happened in Belize. Based on the high level of public interest we are also hoping this can be used as a model to usher in a new period of cyber security awareness and preparedness across the entire Caribbean," Avery said. 

Caribbean courts need to be better prepared to judge cybercrimes

Judicial Education urgently needed, says Belize Chief Justice

By GERARD BEST

CAPTION: Chief Justice of Belize, Kenneth Benjamin, speaks on the opening day of the country’s first-ever national symposium on cyber security, held at Best Western, Biltmore Plaza, Belize City from April 24 to 28, 2017. Photo courtesy Caribbean Network Operators Group.

CAPTION: Chief Justice of Belize, Kenneth Benjamin, speaks on the opening day of the country’s first-ever national symposium on cyber security, held at Best Western, Biltmore Plaza, Belize City from April 24 to 28, 2017. Photo courtesy Caribbean Network Operators Group.

 

Institutions worldwide are finding it hard to keep up with the rapid pace of advance in computer-based technology. This is all the more so for courts, which are typically steeped in tradition and ponderously slow to change. Globally, systems of justice are struggling to keep track of the sophisticated, rapidly evolving operations of modern cyber crime. 

 

But one Caribbean nation is tackling the issue head on, providing an interesting pattern for other countries of the region. The nation of Belize is taking an important step in responding to cybercrime, by upgrading of the capacity of its judiciary.

 

“Cybercrime and cyber issues must now have a prominent place in judicial education,” said Kenneth Benjamin, Chief Justice of Belize. 

 

In Belize, the legislative framework already supports the admission of evidence electronically. However, no laws are yet on the books to specifically criminalise the growing incidence of Internet-based wrongdoings. 

 

A cybercrime bill is expected to come into force soon, though. With that impending legislation, the Chief Justice plans to fast track judicial education, focusing on technology developments generally and cybercrime specifically.

 

“The introduction of new laws must be accompanied by the development of policy and of regulations guiding the detection, investigation and prosecution of any alleged cyber misdeeds,” Benjamin said, adding that only a few judicial officers had already received cybercrime training to date.

 

The Chief Justice was speaking at Belize's first-ever national cybersecurity symposium, held in Belize City from April 24 to 28.

 

A special forum at the event included judicial officers and magistrates and focused on how cybercrime has been affecting the judiciary globally. 

 

The weeklong gathering was organised jointly by Belize's Public Utilities Commission and by the Caribbean Network Operators Group, a volunteer-based organisation focused on training programs to build the region’s technical capabilities and safeguard computer networks.

 

"This event marks an important milestone for the region's judiciary, and signals a new collaboration between Caribbean jurists and the region's technology community," said Bevil Wooding, a co-organiser of the event and an Internet Strategist with US-based non-profit firm, Packet Clearing House. 

 

The symposium drew nationwide attention, with more than 700 stakeholders taking par, including members of the Bar Association, military and law enforcement officers, representatives of the business chamber, the Central Bank, the association of ICT professionals, and many concerned citizens.

 

"The forum marks the beginning of a process of sensitisation, and we plan to continue collaborating with the CaribNOG team to develop future training interventions for our jurists,” Benjamin said. 

 

CAPTION: Chief Justice of Belize, Kenneth Benjamin, speaks on the opening day of the country’s first-ever national symposium on cyber security, held at Best Western, Biltmore Plaza, Belize City from April 24 to 28, 2017. Photo courtesy Caribbean Network Operators Group.

Guarding the Digital Gates - Belize to Host First National Cybersecurity Symposium

BELIZE CITY, Belize—In response to a growing incidence of cyber-threats, Belize will host its first national cyber security symposium from April 24 to 27.

“We have observed a disturbing rise in threats to critical network infrastructure, corporate networks and personal data. These threats are growing more frequent, more sophisticated and more harmful each year,” said John Avery, Chairman of the Belize Public Utilities Commission (PUC), which is jointly organising the event with the Caribbean Network Operators Group (CaribNOG).

Read More

Belize launches Caribbean’s latest Internet Exchange Point

APRIL 28, 2016. BELIZE CITY—The Belize Public Utilities Commission announced that Belize’s first Internet exchange point, named BIXP, was successfully launched in Belize City on April 27 at the campus of the University of Belize.

The launch was the culmination of unprecedented collaboration between Belizean Internet Service Providers (ISPs) in the highly competitive local telecommunication sector. The Belize Public Utilities Commission, the national regulator, facilitated the process, with support from regional and international agencies.

Read More

Securing Your Business

5 Leading causes of computer security breaches and what can be done to defend your corporate networks

by Bevil Wooding

Security breaches involving computer networks have been making headlines with frightening regularity. Yet despite several high-profile stories about network hacks, distributed denial-of-service (DDoS) attacks and data theft, many businesses remain unprepared or improperly protected from today’s security threats.

Growing Threat

Each new technology seems to be escorted by a new security threat and no organization is immune. In fact, even though small- to midsized businesses (SMB) don't have the luxury of dedicated information security teams and resources that larger enterprises can afford, they still face many of the same threats.

The harsh reality is that network security threats are becoming increasingly sophisticated as computer hackers become better funded and better organized. This presents a real challenges for IT professionals and network administrators. A recent Trustwave State of Risk Report, which surveyed IT professionals about security weaknesses, found that a majority of businesses had no or only partial systems in place for controlling and tracking sensitive data.

Defending Corporate Networks

So, what can companies do to better protect themselves and their customers’, sensitive data from security threats?

The experts at the Caribbean Network Operators Group, CaribNOG, have been looking at the issue of network security and specifically at the threats to Caribbean networks. Following are the five of the most common sources, or causes, of security breaches and what businesses can, and should, do to protect against them.

Risk 1: Internal Vulnerabilities

“Internal attacks are one of the biggest threats facing corporate data and systems,” states Stephen Lee, CEO of ArkiTechs Inc., an IT services firm specializing in IT security audits. “Disgruntled or disaffected employees, especially IT officers with knowledge of and access to corporate networks and administrative accounts, can cause major damage, measured in dollars, lost trust and a tarnished brand,” Lee says.

Solution: Companies should implement the both the protocols and the infrastructure to track, log and record privileged account activity. This can allow for a quick response to malicious activity and mitigate potential damage early in the attack cycle. The foundation for this is the input from business and technology managers to ensure that these security controls are adequate relative to risk and business priorities. IT departments, as well, must constantly evaluate internal security measures and policies to identify any shortcomings that may be exposing the company to risk.

Risk 2: Mobile Devices

According to a BT study, mobile security breaches have affected more than two-thirds (68 percent) of global organizations in the last 12 months.

“More employees are using their mobile devices to access corporate systems, like email, file servers and virtual private networks.  Loss, theft or even hacking of these devices via malware or other Trojan software can present a significant threat to corporate networks,” says Steve Spence, Managing Director at Data Shield, a Trinidad-based network security firm.

Solution: Make sure you have a carefully spelled out mobile security policy. With a mobile device policy, an a Bring-Your-Own-Device (BYOD) policy in place, employees can be better sensitized about device expectations and organizations can better monitor email, documents and other digital assets that are being downloaded to company or employee-owned devices. Effective monitoring provides companies with greater visibility into mobile data-loss risks, and enables them to quickly address exposures if mobile devices are lost, stolen or compromised.

Risk 3: Unpatched Devices

“Network devices, such as routers, servers and printers employ software or firmware in their operation. Too often, updates and security patches are not implemented in a timely manner,” says Robin Ryan¸ Network Administrator at Teleios Systems. “This can leave security holes in your network that can be exploited by attackers to gain access to your data or control of critical processes.”

Solution: Institute a patch management program to ensure that devices, and software, are kept up to date at all times. More importantly, is enforce of a policy that whereby if a certain piece of equipment is not or cannot be updated or patched within a certain amount of time, it is taken offline.

Risk 4: Cloud Applications

“As cloud computing becomes more ubiquitous in the business setting, corporate decision makers and IT professionals must take deliberate steps to become more sensitive to the real risks of cloud computing security,” according to Brent McIntosh, Network Specialist Data at Cable and Wireless and a peering coordinator at the Grenada Internet Exchange Point.

There are several cloud-related risks organizations are exposed to, including data loss, data leakage and account hijacking. The prospect of seeing your organization’s valuable data disappear into the ether is real. Cloud computing also creates the real possibility of an attacker gains access to administrative credentials, which they can use to eavesdrop on activities and transactions, pilfer intellectual property, manipulate data or even redirect your users to illegitimate sites.

Solution: It is imperative that organizations identify precisely where the greatest cloud-related threats lie, and take decisive steps to mitigate against it. One of the best defenses against a cloud-based threat is to using strong encryption to prevent unauthorized third parties from accessing the data in the cloud.

Risk 5: Careless or Uninformed Users

“An absent minded worker who forgets his unlocked smartphone in a restaurant is as dangerous as a disgruntled user who maliciously leaks corporate information or sabotages computer systems,” says Clair Craig, Enterprise Applications Support Manager at the University of the West Indies. “Employees who are not trained in or constantly sensitized to security best practices pose an enormous security threat to their employers’ systems and data,” Craig added.

Using weak passwords, visiting unauthorized websites, clicking on links in suspicious emails or opening malicious email attachments are some of the common actions of careless or uninformed users.

Solution: “Training, education and supporting policy are key to sensitizing employees on cyber security best practices and changing default behavior. Some employees simply may not know how to protect themselves online, which can put your business at risk, Craig explained.

Regular training sessions can go a long way to helping employees learn how to serve as main line of defense against corporate threats.  Basic action like managing strong passwords and avoiding hacks like phishing and email related scams help keep corporate networks secure. Organizations should also provide ongoing support to make sure employees have the resources they need.

Bevil Wooding is a founding member of the Caribbean Network Operators Group, CaribNOG (www.caribnog.org), a volunteer-based group of Caribbean IT professionals, security specialists and network administrators. He is also an Internet Strategist with Packet Clearing House (www.pch.net) an international research and capacity building non-profit organization. Follow on Twitter: @bevilwooding

Barbados to Host Inaugural Caribbean Interconnection and Peering Forum

Expanding the Caribbean Internet

Barbados to Host Inaugural Caribbean Interconnection and Peering Forum

By Bevil Wooding 

Some significant changes have been taking place in the hidden architecture of the Caribbean internet over the past few years. The seeds of change are evident in developments ranging from the proliferation of Internet exchange points, a critical piece of Internet infrastructure that facilitates more efficient and secure internet traffic routing; to rollout of mobile broadband infrastructure, expanding the reach and speed to internet connectivity to hundreds of thousands of consumers across the region.

Access to broadband Internet services never been as ubiquitous, or as affordable. Internet speeds have also steadily increased, giving users access to new applications and new opportunities. Yet, for all the progress, there is still work to be done. The international content users seek has to be brought closer to home and more local content has to find its way onto the global Internet. How can this be effected? That’s where the local IXPs come in.

Role of the Local IXs

The over 400 Internet exchange points (IXPs) that exist around the world, serve as a catalyst to enrich a country’s Internet ecosystem. At the technical level, Internet exchange points are about improving security, speed and network resilience. From a development standpoint, however, local IXPs are about creating new incentives for local business and entrepreneurs to delivering new local services for the benefit of local Internet users, and develop the domestic Internet economy.

IXPs also attract content providers, such as Netflix, Akamai, Yahoo! and Google with the promise of a convenient and low cost point from which they can connect to multiple ISP networks.  Several of the young Caribbean exchanges are already benefitting from this. By connecting their servers to a local IXP, content providers can move their content shorter distances to get to customers. Likewise, ISPs connected to the IXP also have a shorter distance to connect to the content their customers crave. In the networking business, shorter is cheaper. Therefore, the closer content providers can deliver content to ISP customers and the closer ISPs are to the content their customers want, the more cost-effective it is for everyone.

The Power of a Handshake

Parties that interconnect at an IXP are called “peers” and their peering relationships are vital to the functioning of the global internet. But these peering relationships do not happen automatically. Realizing the larger economic and societal benefits of exchange points requires deliberate effort, clear strategy and ever-expanding peering connections to new content and new networks.

According to Internet Traffic Exchange: Market Developments and Policy Challenges an OECD report on Internet traffic exchange, most of the thousands of networks that exchange this traffic do so without a written contract or formal agreement.

In a blog post on the findings of the report, Rudolf Van der Berg of the Organisation for Economic Co-operation and Development (OECD)’s Science, Technology and Industry Directorate wrote:

“The report provides evidence that the existing Internet model works extremely well, has boosted growth and competition and brought prices for data down to 100,000 times less than that of a voice minute. A survey of 4300 networks, representing 140,000 direct exchanges of traffic, so called peerings, on the Internet, found that 99.5% of “peering agreements” were on a handshake basis, with no written contract and the exchange of data happening with no money changing hands.”

Van De Berg’s post went on to explain, “These peering agreements save both parties money and improve quality for their users at the same time. The alternative is to pay third parties, so-called transit providers, which still remains necessary to reach all networks. Paying for transit currently costs between $2 and $150 per Mbit/s per month, depending on country and competition, irrespective of whether a network sends or receives it.”

A generally accepted way of facilitating these handshake agreements is via special peering forums. Peering forums are essentially networking events to encourage interconnection among networks, content, cloud, and digital media organizations and related entities. At these events network operators and content providers get together to hammer out deals and build and cement relationships that underpin the growth interconnectivity and resilience of the global Internet.

Caribbean Peering Forum

The Caribbean will be having its first such forum, dubbed the Caribbean Peering and Interconnection Forum (CarPIF), from 27 – 28 May 2015. Designed as a multi-stakeholder forum, CarPIF is expected to see participation from high-level industry stakeholders, including: infrastructure providers, Service Providers, IXPs, governments and regulators.

The event is being hosted by the Caribbean Telecommunications Union (CTU) and the Caribbean Network Operators Group (CaribNOG), in conjunction with Packet Clearing House (PCH) and the Internet Society (ISOC). These organizations have all been at the forefront of promoting development of the Internet in the Caribbean.

“CarPIF will provide participants with regional as well as global insights on how the Caribbean can maximize the opportunities that can be derived for greater interconnection and peering,” said Ms. Bernadette, Secretary General of the CTU.

Shernon Osepa, ISOC Regional Coordinator and a co-organizer of the event shared, “CPIF will address key interconnection challenges and opportunities, including: national and cross-border interconnection possibilities; strategies for encouraging and increasing local digital content development; and opportunities for content delivery network operators in the Caribbean.”

Positive Sign

The staging of a Caribbean peering event is definitely a positive sign that networks in the region are on a good development path. With each new local IXP, individual nations get a more robust, more secure and more economical domestic Internet.

The result is greater opportunity for intra-regional Internet traffic exchange, greater incentive for hosting Caribbean content within the region and greater likelihood of attracting international content providers and incenting them to stage their content within the region. Altogether, this is better for consumers and businesses, better for spurring new enterprise, and better for strengthening the Caribbean Internet economy.

Bevil Wooding is the an Internet Strategist with US-based research firm Packet Clearing House and the founder and Executive Director of BrightPath Foundation, an technology education non-profit organization. Reach him on Twitter @bevilwooding or on facebook.com/bevilwooding or contact via email at technologymatters@brightpathfoundation.org. 

Telecom infrastructure upgrades key to regional development—experts

Creating Caribbean futures

Why data infrastructure upgrades are the next step in regional evolution

Many Caribbean livelihoods are made and lost around seasonal fluctuations in foreigners’ travel. For much of the region, tourism, an all-too-inefficient form of intraregional human traffic, is economic lifeblood. But for one group of Caribbean islands, a different kind of traffic is generating a new model for intraregional economic partnership.

Read More

Experts join heads on Caribbean cyber security

Cyber security topped the agenda as 60 technology professionals from 13 countries gathered in Curacao for the second day of a major regional technology conference.

The meeting is the eighth gathering of the Caribbean Network Operators Group (CaribNOG) and the sixth in a series of Caribbean meetings hosted by the Latin American and Caribbean Internet Addresses Registry (LACNIC).

The choice of venue for discussions about Internet security seemed fitting. Curacao is an exceptional Caribbean island, in that its critical Internet infrastructure development allows it to offer data centre services to a global market.

Read More