Experts join heads on Caribbean cyber security

Cyber security topped the agenda as 60 technology professionals from 13 countries gathered in Curacao for the second day of a major regional technology conference.

The meeting is the eighth gathering of the Caribbean Network Operators Group (CaribNOG) and the sixth in a series of Caribbean meetings hosted by the Latin American and Caribbean Internet Addresses Registry (LACNIC).

The choice of venue for discussions about Internet security seemed fitting. Curacao is an exceptional Caribbean island, in that its critical Internet infrastructure development allows it to offer data centre services to a global market.

Because technology-based enterprise is such an important part of the country’s economy, cyber security is recognised as an important, said Shernon Osepa, manager of regional affairs for the Internet Society (ISOC) Latin America and the Caribbean, who is from Curacao.

“Curacao is not immune. We are facing the same challenges as the wider Caribbean. A lot of commercial banks in the region are being attacked, but they simply don’t report when these attacks are done. So we know that they are happening but we don’t know to what extent,” Osepa said.

“These attacks are being masterminded by people who are highly educated, technically competent and very knowledgeable about Caribbean security vulnerabilities. This is their full-time job. And it is a global industry.”

Osepa, alongside Albert Daniels, manager of stakeholder engagement for the Caribbean at the Internet Corporation for Assigned Names and Numbers (ICANN), delivered the day’s first presentations, which focused on the need to secure critical Caribbean Internet infrastructure.

“2013 was the year of the mega-breach,” Daniels said, explaining that the number of security breaches reported internationally hit a high last year, a trend that has continued in 2014.

Daniels said the region’s businesses, governments and citizens needed to be made to better understand the real-world repercussions of unsafe practices in the digital realm.

One important aspect of education, he said, was to develop the culture and capacity to report confirmed or suspected cases of identity theft and other kinds of Internet-based criminal activity.

“If you live in the Caribbean, don’t think that the hackers are not trying to use our systems to perpetuate their crime. Even in the countries where there are few reports, that simply means that attacks are continuing to occur but are going unreported.”

Without reporting, decision-makers are unable to make informed decisions to properly address cyber security issues, said Elgeline Martis, head of the Caribbean Cyber Emergency Response Team.

“We in the Caribbean are not collecting data, so we cannot support our decision makers in taking the right cyber security measures. We need to start collecting our own data,” she said.

“For example, if we collect data and we see that spam is a big issue, then we are able to tell decision-makers they should invest in solving problems with spam. You always need updated facts and figures to support informed decision-making.”

In the following session, Mark Kosters, chief technical officer with the American Registry of Internet Numbers (ARIN) and Carlos Martínez, chief technology officer at LACNIC, took a more practical and in-depth look at the nuts and bolts of Internet security. Martinez said he was “very, very disappointed” with the security industry because their operatives were being motivated by the wrong incentives. He compared digital security to national security.

“It works the same way as a private prison. Their best interest is to keep things in a bad state. Their best business comes about by having a bad security situation. What is the financial incentive for them to improve the overall security situation? The best interest of the private prison is to have many prisoners but is that in the best interest of society? No, but the financial incentives of the security industry are wrong.”

The final session of the day was a practical lab on network defense techniques, moderated by Fernando Gont of SI6 Networks.

“The best way to improve the security of your network is to break into it. You can’t defend a network if you don’t know how to attack it,” Gont said.

After the lab, which walked participants through many basic and advanced concepts of network vulnerability and risk mitigation, the formal part of the day ended on a collegial note, with participants lingering in pockets of conversation long after the official close of the final session. Many were making plans to regroup for more informal social networking.

Business meetings over meals and side meetings during coffee breaks are a regular and important feature of the weeklong conference, which attracts technology professionals of varied nationalities, representing diverse interests. Day Two attracted participants from Antigua, Argentina, Aruba, Belize, Curacao, Grenada, Mexico, St Lucia, St Vincent, T&T, USA, Uruguay and Venezuela.

CaribNOG 8-LACNIC Caribbean 6 covers a range of technology topics including cyber security, cloud computing, mobile broadband and other critical Internet infrastructure. Day Three will focus on critical Internet infrastructure, such as exchange points and routers. Sessions will be led by Bevil Wooding, founder and executive director of CaribNOG, Claire Craig, doctoral researcher at The University of the West Indies, Junior Mc Intyre, Caribbean Telecommunications Union project coordinator for the Caribbean Regional Communications Infrastructure Program (CARCIP), Chris Roberts, CARCIP St Lucia project coordinator, Nico Scheper, AMS-IX Caribbean and Arturo Servin, Google.

The event is being held at the Hilton Curacao, Willemstad from September 29 to October 3. 

More information is available on the official event and