Relevant Strategy Documents, Other Documents, and Communications.
Official documents of the intergovernmental organization designed to outline the policy plans, priorities, and principles in cybersecurity and cybersecurity-related matters.
- Adopted by the OAS General Assembly resolution AG/RES.2004 (XXXIV-O/04)
- Envisages three lines of action:
- Creation of a Hemispheric Network of Computer Security Incident Response Teams (CSIRTs)
- Identification and adoption of technical standards for a secure Internet architecture
- Adoption and/or adaptation of the legal tools necessary to protect Internet users and information networks from criminals and organized crime groups that exploit these systems
Guideline documents that lay out common approaches, frameworks, best practices etc. pertaining to cyber policy.
- A series of research publications and reports on cybersecurity-related topics has been prepared by the OAS Cybersecurity Programme to its task of strengthening the capacities and level of awareness in relation to the growing threats to digital security pursuant to the objective of strengthening the capacities and level of awareness in relation to the growing threats to digital security in Americas and the Caribbean
- The list of publications and reports by topics includes :
- Cybersecurity in the banking sector: State of cybersecurity in the banking sector in Latin America and the Caribbean (2018)
- Infrastructure protection: Critical Infrastructure Protection in Latin America and the Caribbean (OAS-Microsoft, 2018)
- Cybersecurity incidents: Study on the impact of digital incidents in Colombia (2017)
- Cybersecurity in Latin America and the Caribbean: Cybersecurity: Are we ready in Latin America and the Caribbean? (2016)
- Critical infrastructure: Cybersecurity and Critical Infrastructure in the Americas (OAS-Trend Micro 2015)
- Cybersecurity trends: Latin American and Caribbean Cyber Security Trends (OAS-Symantec 2014)
- In October 2017, a joint agreement to advance cybersecurity education efforts was signed between OAS and Amazon Web Services (AWS)
- Pursuant to the agreement goals, a series of White papers on cybersecurity and cyber risk related topics were publised in partnership between OAS and AWS in 2018
- The White paper series aims at increasing the level of awareness among the public and business leaders throughout the region of Americas and the Caribbean
- The list of published White papers include:
- Discusses the process of managing a project for the creation and deployment of a National CSIRT, including approaches and considerations necessary to define its constitution, mission, vision, scope, services, timeframe, legal, and institutional or organizational aspects
- Outlines detailed descriptions of infrastructure, covering hardware, software, and technical procedures
- Analyzes different policies and procedures necessary for fluid CSIRT operation, including review and highlight of elements of existing CSIRT frameworks such as those developed by ENISA and GÉANT
- Discusses guidelines for membership and participation in certain international bodies, such as the Forum of Incident Response and Security Teams (FIRST)
Statements distributed by organizations and/or organizational agencies outlining positions, commitments, action plans, obligations etc. in the area of cyber policy.
- Adopted at the Sixteenth Regular Session of CICTE at the OAS Headquarters, Washington, D.C.
- In the declaration, the OAS member countries:
- Declare their commitment to creating confidence-building measures that strengthen international peace and security and that can increase cooperation, transparency, predictability, and stability among states in the use of cyberspace, recognizing confidence and security building measures as one of the lynchpins of collaboration among member states which enhance trust and cooperation and reduce the risk of conflict
- Recognize that the threat of terrorism is exacerbated when connections exist between terrorism and illicit drug trafficking, cybercrime, illicit arms trafficking, money laundering, and other forms of transnational organized crime, and that such illicit activities may be used to support and finance terrorist activities
- Reiterate their commitment to prevent, combat, and eliminate terrorism through the broadest possible cooperation, with full respect for the sovereignty of states and in compliance with their obligations under national and international law, including international human rights law, international humanitarian law, and international refugee law
- Adopted by the OAS member states at the CICTE´s Fifteenth Regular Session
- In the declaration, the OAS member countries:
- establish their commitment to identifying and combating emerging terrorist threats, regardless of their origin or motivation, such as threats to critical infrastructure, and cyber security, among others
- declare their willingness to identify and promote, when deemed appropriate, in accordance with domestic laws, forms of public-private partnerships in the fight against terrorism, and in connection with critical infrastructure and cyber security
- urge the OAS member states who have not yet done so, to sign, ratify, or accede to as the case may be, and to implement in an effective way, the Inter-American Convention against Terrorism, and the other pertinent universal legal instruments, as well as the resolutions of the UN GA and Security Council related to combating terrorism
- Condemns terrorism
- Reaffirms commitment to implement the OAS Comprehensive Inter-American Strategy to Combat Threats to Cybersecurity
- Asserts the need for all member states to continue their efforts to establish, and/or strengthen national cyber incident alert, watch, and warning groups (CSIRTs)
Relevant Specialized Agencies and Key Positions.
The official nodal agencies within the organization established or proposed to be established and designated with responsibilities for supporting processes related to cyber policy matters.
- Condemns terrorism
- Reaﬃrms commitment to implement the OAS Comprehensive Inter-American Strategy to Combat Threats to Cybersecurity
- Provides political and technical assistance to its member states in different areas agreed to in its annual Work Plan, including Cybersecurit
- Main functions include:
- Provide technical and administrative support for CICTE sessions and maintain communication and coordination between sessions
- Provide technical assistance and training to member states in response to their needs and requests
- Coordinate activities with other international, regional and subregional organizations
- Assert the need for all member states to continue their eﬀorts to establish, and/or strengthen national cyber incident alert, watch, and warning groups (CSIRTs)
Key positions pertinent to the cyber policy of the organization (or aspects thereof) and its implementation.
- Provides programmatic and management support to the CICTE Secretariat in the planning, organization and execution of cyber security initiatives in the Americas including:
- Creation and Development of Computer Emergency Response Teams (CERTs)
- Provision of Technical Training; Implementation of Crisis Management Exercises
- Capacity building on Industrial Control Systems (ICS); and
- coordinating outreach and collaboration with other international and regional organizations working on cyber issues
- Leads the Executive Office of the Secretary for Multidimensional Security at the Secretariat for Multidimensional Security (SMS)
- Works to implement the Secretariat's Mission: to promote and coordinate cooperation among the OAS member states and between them and the inter-American system and other bodies in the international system, in order to assess, prevent, confront, and respond effectively to threats to security, with a view to being the leading point of reference in the Hemisphere for developing cooperation and capacity-building in the OAS member states
- Coordinates acitivities of the Secretariat defined by the Declaration on Security in the Americas and its new concept of hemispheric security as being multidimensional and comprising traditional threats and new threats, concerns, and challenges to the security of the states of the Hemisphere
- Appointed by the Secretary General of the OAS to lead the CICTE Secretariat
- Responsible for promoting the Organization’s counter terrorism agenda throughout Latin America and the Caribbean, including activities in Cybersecurity
- Manages the day-to-day operations of the CICTE Secretariat
Regulations and Directives.
Relevant Meetings, Activities, and External Cooperation.
Conferences and dialogues related to cyber policy matters carried out by the regional, sub-regional or multilateral organization.
- Strengthens international cooperation in the prevention, investigation and prosecution of cybercrime, facilitate the exchange of information and experiences among its members, and make necessary recommendations to enhance and ensure eﬀorts to combat these crimes
- Last meeting (IX) took place in December 2016
- The Meetings of Ministers of Justice or other Ministers or Attorneys General of the Americas (Spanish acronym REMJA), was for the first time conceived during the 27th Regular Session of the General Assembly of the OAS in Lima, Peru (1997)
- The REMJA is:
- attended by the Ministers of Justice, other Ministers, or Attorneys General, with responsibilities in the area of public policy regarding justice matters, as well as international legal cooperation, particularly with regard to criminal matters, from the 34 OAS Member States
- supported by the OAS Department of Legal Cooperation of the Secretariat for Legal Affairs
- structured around a high-level dialogue at the Ministerial level, which allows for direct and horizontal cooperation between OAS member States
- The Working Group on Cooperation and CBMs in Cyberspace was established by CICTE through Resolution CICTE/RES.1/17 on April 7, 2017 with the mandate to prepare a set of draft confidence-building measures (CBMs), based on the consensus reports of the UN GGE, and report its advances and activities to CICTE and the Committee on Hemispheric Security of the OAS
- At the first meeting of the WG on February 28-March 1, 2018, a Draft Set of "Cyber CBMs for the Inter-American System” was presented to the WG for their consideration; these proposed Cyber CBMs were agreed to with a proposed plan of action to establish additional measures
- In accordance with the Resolution AG/RES. 2925 (XLVIII-O/18) adopted on June 5, 2018, the OAS General Assembly agreed to adopt the recommendation of the WG and the CICTE Plenary, in which Member States agreed, inter alia, to the following two priority voluntary cyber CBMs:
- Member States also acknowledged the benefits of continuing the WG as an ongoing mechanism and agree to continue to meet to establish the requisite procedures for continuing discussion of new and agreed-upon cyber CBMs
Joint exercises, training programs, and other initiatives related to cyber policy matters undertaken by the organization.
- Support OAS member states in the development of technical and political capacities to prevent, identify, respond to and recover from cyber-incidents
- Improve the exchange of information, cooperation and coordination among cybersecurity stakeholders at the national, regional and international levels
- Increase access to knowledge and information about threats and cyber risks by public, private and civil society stakeholders, as well as internet users
- Addresses cyber security issues based on a ﬂexible and dynamic approach, with focus on three core areas:
- Policy development: Helps OAS member states to develop cybersecurity strategies that involve all relevant stakeholders and that adjust to the legislative, cultural, economic and structural situation of each country and support the national assessments of the capacity and maturity of cybersecurity. Under this path, the program supports the development of confidence-building measures in cyberspace.
- Capacity building: Helps establish and develop the capacity of existing national computer security incident response (CSIRT) teams and provides personalized technical assistance and exercise opportunities to strengthen national and regional institutions and organizations. The development of a cybersecurity workforce is also carried out through various forms of professional development opportunities.
- Research and Outreach: Develops technical documents, toolkits and research-based reports to guide policy makers, CSIRTs, infrastructure operators, private organizations and civil society, highlighting current developments and identifying key cybersecurity challenges in the region
- Launched to facilitate and streamline cooperation and information exchange among government experts from OAS Member States with responsibilities in the area of cybercrime or in international cooperation for its investigation and prosecution
- Consists of:
- Public component: data on national legislation of OAS Member States in the area of cybercrime, as well as on action taken within the OAS related to training workshops, WG meetings, and other technical cooperation activities
- Private component: information exclusively of interest to the government experts from OAS Member States with responsibilities in the area of cybercrime or in international cooperation for its investigation and prosecution
- The Portal's public component includes:
- Cybercrime related useful document directory
- Questionnaires on cyber crime and replies from Member States
- Directory of national points of contact (POC) on cybercrime in the Member States
- Materials from Technical Workshops of the WG on Cybercrime
- Calendar of Meetings of Government Experts on Cyber Crime
- Information on the OAS country developments in cybercrime area
- Online platform designed to:
- Facilitate real-time communication and information sharing
- Provide early warning feeds and alerts
- Identify incident trends in the region
- Facilitate online and real-time collaboration between national CSIRTs
- Provide virtual sandboxes to develop tools
- Membership includes national, police, defense and government CSIRTs from Americas
Legally binding and non-legally binding agreement(s) and initiatives related to cyber policy matters undertaken by the organization with non-member States and other organizations.
- GFCE is a global platform for countries, international organizations and private companies to exchange best practices and expertise on cyber capacity building
- OAS participates in the following GFCE initiatives:
- The Governmetnal Advisory Committee (GAC) is an advisory committee to the Internet Corporation for Assigned Names and Numbers (ICANN), created under the ICANN ByLaws
- The GAC provides advice to ICANN on public policy aspects of ICANN’s responsibilities with regard to the Internet Domain Name System (DNS)
- The GAC is not a decision-making body; it advises ICANN on issues that are within ICANN’s scope.
- The OAS sits as an observer organization with GAC