Cuba- The management of cybersecurity incidents in the country is not a new activity. This work has been conducted on the basis of a system that involves a group of entities specialized in detection and response to such events, established as legal entities, formalized with the creation of the Incident Response Center (Cucert), within the organizational structure of the Computer Networks Security Office (OSRI). Thus, the entry into effect of Decree-Law 35 and Resolution 105, entitled “Regulation on the national action model for the response to cybersecurity incidents,” which outlines clearly defined stages and concrete actions, strengthens management in this arena, contributes to better coordination and cooperation among those involved, and standardizes processes, while emphasizing preventive measures to avoid incidents and their harmful repercussions.
Pablo Domínguez Vázquez, director of Cybersecurity at the Ministry of Communications (Mincom), explained to Granma that the Regulation detailing the national action model for response to cybersecurity incidents stipulates as a novel element the inclusion of natural persons within the scope of those participating in incident management, which means citizens have the right to submit notifications, and are held responsible for the objectivity and veracity of information reported.
Domínguez additionally noted that a very comprehensive categorization is established that defines, from a technological point of view, what may constitute a threat to the daily economic, political and social life of a country that struggles every day to construct a more prosperous and cultured society, in which respect, ethical and civic behavior prevail, which contributes to citizen tranquility, and protects the rights of all citizens equally, with no distinction whatsoever.
He commented, «This is a task that involves the coordinated action of a group of entities, that will conduct evaluations to determine which incidents require action and which require a prophylactic approach or measures of some other nature, depending on the repercussions.»
This Resolution is in line with provisions of the Constitution of the Republic’s Article 48, which stipulates that all persons have the right to respect for their personal and family privacy, their own image and voice, their honor and identity. These regulations are intended to protect the interests of citizens in the use of Telecommunications/Information and Communication Technologies (ICT) services. It is the duty of the Cuban state to establish procedures, in this new scenario of digital transformation, to ensure that the population can report and denounce events that affect them.
Categorization of incidents:
Ethical and social damage
-Media echo of false news
-Massive blocking of accounts on social networks
-Incidents undermining dignity and individuality
-Earthquakes, floods, hurricanes, lightning, tsunamis, landslides, mudslides, avalanches and others
-Communications system damage due to fire, gas or water leaks, pollution, corrosion, cable breakage, automobile or airplane accidents and other causes
-Theft of computer equipment
Incidents of aggression
-Unauthorized use of resources
-Illegal ICT service
-Unauthorized software installation
-Unauthorized access to website administration
-Air conditioning failure
-Failure of applications or services
-Deletion or modification of information
-Publication or loss of classified official information
-Loss of data or information
-Man in the middle (MITM) attacks
-Illegal testing or scanning
-Radiation, electromagnetic pulses and other interference.
-Changes in the characteristics of applications, equipment or components and services.
-Illegal marketing of software or hardware products and network services
Misconfiguration of websites
-Local or remote file embedding
The Mincom Director of Cybersecurity stated that contrary to some news circulating on the net, Resolution 105 does not limit freedom of expression in the country or publishing on social networks, but is directed toward creating a civic culture in the digital environment, and codifies the citizen right to report incidents that threaten a person, community tranquility or public order.
In all cases, when an incident is reported through the established channels, the information must be truthful and, in the event that its reliability is not verified, the person making the report will be held responsible.
Many states have created high level regulations to address these issues, all guided by the same objectives, to ensure national defense and security, with emphasis on citizen tranquility.
Domínguez pointed out that in the process of drafting the Regulations, an analysis was conducted of such norms at the international level.
As a member state of the International Telecommunication Union (ITU), he explained, Cuba regularly submits to an evaluation of the state’s commitment to cybersecurity based on the Global Cybersecurity Index, which uses a numbered scale to assess the implementation and compliance in five central areas.
Through different legal instruments, the vast majority of countries, including some in Latin America, have approved guidelines for incident management with an impact on all sectors of society, including natural and legal persons.
How are cyber-security incidents handled in Cuba?
He noted that regular updating of regulations has become standard practice, including amendments associated with increased use of the Internet, especially social networks.
The adoption of regulations in different countries has had a positive impact on the reduction and better management of incidents and, therefore, of their disastrous consequences; greater citizen awareness and digital culture; and better organization of the forces and entities specialized in dealing with these events.
How are cyber-security incidents handled in Cuba?
In the case of Cuba, Decree 360, “Security of information and communication technologies for the computerization of society and the defense of national cyberspace,” has been in effect since May 31, 2019, and in its Article 25 subsection d), stipulates that the Ministry, in coordination with the Ministries of the Interior and the Revolutionary Armed Forces, must establish a National Action Model to respond to cybersecurity incidents and procedures to ensure its implementation at all levels by all government institutions, Central State Administration agencies, the Central Bank of Cuba, national entities and People’s Power bodies; as well as conduct law enforcement and neutralization of such events, in accordance with the responsibilities established for each party.