Published on January 30, 2016
1. Documento CONPES CONSEJO NACIONAL DE POLÍTICA ECONÓMICA Y SOCIAL REPÚBLICA DE COLOMBIA DEPARTAMENTO NACIONAL DE PLANEACIÓN POLITICA NACIONAL DE SEGURIDAD DIGITAL Ministerio de Tecnologías de la Información y las Comunicaciones Ministerio de Defensa Nacional Ministerio de Justicia y del Derecho Ministerio de Relaciones Exteriores Ministerio de Comercio, Industria y Turismo Ministerio del Interior Ministerio de Hacienda y Crédito Público Ministerio de Ambiente y Desarrollo Sostenible Ministerio de Agricultura y Desarrollo Rural Ministerio de Educación Nacional Ministerio de Salud y de la Protección Social Ministerio de Trabajo Ministerio de Minas y Energía Ministerio de Cultura Ministerio de Transporte Ministerio de Vivienda, Ciudad y Territorio Departamento Nacional de Planeación Departamento Administrativo de la Presidencia Departamento Administrativo de la Función Pública Departamento Administrativo Nacional de Estadística Departamento Administrativo Nacional de la Economía Solidaria Borrador 2 - 22/01/2016 0000
2. 2 Bogotá, D.C., Approval Date
3. 3 CONSEJO NACIONAL DE POLÍTICA ECONÓMICA Y SOCIAL CONPES Juan Manuel Santos Calderón Presidente de la República Germán Vargas Lleras Vicepresidente de la República María Lorena Gutiérrez Botero Ministra de la Presidencia Juan Fernando Cristo Bustos Ministro del Interior María Ángela Holguín Cuéllar Ministra de Relaciones Exteriores Mauricio Cárdenas Santamaría Ministro de Hacienda y Crédito Público Yesid Reyes Alvarado Ministro de Justicia y del Derecho Luis Carlos Villegas Echeverri Ministro de Defensa Nacional Aurelio Iragorri Valencia Ministro de Agricultura y Desarrollo Rural Alejandro Gaviria Uribe Ministro de Salud y Protección Social Luis Eduardo Garzón Ministro de Trabajo Tomás González Estrada Ministro de Minas y Energía Cecilia Álvarez-Correa Ministra de Comercio, Industria y Turismo Gina Parody d'Echeona Ministra de Educación Nacional Gabriel Vallejo López Ministro de Ambiente y Desarrollo Sostenible Luis Felipe Henao Cardona Ministro de Vivienda, Ciudad y Territorio David Luna Sánchez Ministro de Tecnologías de la Información y las Comunicaciones Natalia Abello Vives Ministra de Transporte Mariana Garcés Córdoba Ministra de Cultura Simón Gaviria Muñoz Director General del Departamento Nacional de Planeación Luis Fernando Mejía Alzate Sector Sub-director and Secretario Técnico del CONPES Manuel Fernando Castro Quiroz Sub-director of Territorial and Public Investment
4. 4 Resumen ejecutivo The massive growth in the use of Information and Communication Technologies (i.e. ICT) in Colombia, as well as the increasing services available online and the growing participation of society in economic and social activities in the digital environment have transformed the life of each and every one of the Colombians; however, the use of the digital environment poses risks inherent to the digital security and must be managed. In just one day (7 January 2016), the incident response consulting services company Intel Security Foundstone monitored in total 8128 digital security incidents in Colombia. As a result of the issuance of CONPES document 3701 dated 2011, Policy Guidelines for Cybersecurity and Cyberdefense, institutions were implemented in the country which have been performing their functions and activities in an efficient manner headed by the Ministry of National Defense. Although this effort has allowed an important positioning at international level around the matter, it is essential to strengthen the national Government´s leadership and build a new clear general vision under a comprehensive approach and in accordance with the best international practices to address the risks of digital security. This situation involves a change in the policy guidelines in force thus far. This CONPES document puts forth a National Policy for Digital Security that articulates a clear general vision, supported by the highest level of the Government, under an efficient institutional model that involves each and every one of the stakeholders, these being the same national Government, the public and private organizations, the academia and the civil society. This policy clearly differentiates the economic and social prosperity objectives from the country´s defense and crime and delinquency fighting objectives in the digital environment, and it focuses on the implementation of a set of fundamental principles performing a series of specific actions under some strategic dimensions, around the management of risks in digital security. With respect to the economic and social prosperity objective, this policy addresses the digital security risk as an economic and social challenge, creating conditions for all the stakeholders to manage the digital security risk in their economic and social activities, promoting trust in the digital environment as a means to achieve the objectives of the National Development Plan 2014-2018 “All for a new country– Peace, Equality and Education” as well as of the Vive Digital Plan 2014-2018. To implement this policy, an action plan has been built involving a total investment of $xxxx.
5. 5 The results expected from adopting and implementing the National Policy for Digital Security, is that Colombia: i) strengthens the institutional, regulatory, administrative and management capability in order to address the digital security issues from the highest level, raising awareness among and training all the stakeholders, ii) builds a national strategy for digital security that generates trust and promotes the use of the digital environment in line with its fundamental values, and develops an efficient cooperation model involving all the stakeholders in the framework of the digital security risk management in order to maximize the economic and social benefits in all the economic sectors, iii) protects the fundamental rights and the economic and social activities that its citizens perform in the digital environment, increases the fight against crime and delinquency in the digital environment and implements assistance mechanisms for victims of crimes in that environment, iv) ensures the defense of its fundamental interests and reinforces the digital security of its national critical infrastructures with a risk management approach, and v) participates actively at national and international level in the promotion of an open, stable and reliable digital environment, and in the cooperation, collaboration and assistance with respect to the management of digital security risks. Lastly, it is estimated that the implementation of the National Policy for Digital Security by 2020 shall have a positive impact on Colombia´s economy, generating by 2016 approximately 307.000 jobs and an approximate growth of 0,1% in the average annual variation rate of the Gross Domestic Product (GDP), without generating inflationary pressures. Clasificación: Palabras clave: Digital Security, Cyberdefense, Cybersecurity, Risk Management, Digital Environment, Digital Economy, Economic and Social Prosperity, Computer Threats, Capabilities, Coordination, Strengthening, Leadership, Critical Infrastructure, Cyberspace, Cryptology, Diplomacy.
6. 6 TABLE OF CONTENTS PAGE 1. INTRODUCTION ................................................................................................................10 2. HISTORY AND JUSTIFICATION ...................................................................................12 3. CONCEPTUAL FRAMEWORK ...............................................................................................36 4. ANALYSIS.........................................................................................................................44 4.1. Progress of the recommendations established in CONPES 3701 dated 2011......44 4.2. High-level working groups to analyze the status of the current policy..............48 4.3. General problems................................................................................49 4.3.1. Colombia makes limited efforts to address the digital security issues, as it does not have a clear and general, risk-based vision. ..........................................50
7. 7 TABLE INDEX PAGE Table 2.1. Projections of some indicators of the ICT use worldwide ................................14 Table 2.2. Big incidents of digital securityin the world during 2014.................................20 Table 2.3. Estimated cost of malicious activities in the digital environment ...................26 Table 2.4. Economic impact of the ICT sector on Colombia´s economy between 2010 and 2014 (figures in pesos) .................................................................................................33 Table 2.5. Methods used by criminals in Colombia to obtain information of financial customers ..............................................................................................................................35 Table 3.1. International Regulatory Framework ................................................................37 Table 3.2. Percentage of organizations that apply risk-based digital security strategies ...............................................................................................................................................43 Table 4.1. National Regulatory Framework ........................................................................51 INDEX OF FIGURES PAGE Figure 2.1. Global development of ICT Services ..........................................................................13 Figure 2.2. Digital Economy Ecosystem ......................................................................................14 Figure 2.3. Industry digitization index in 2011 and 2012..............................................................15 Figure 2.4. Industry digitization index in the United States in 2015 ..............................................16 Figure 2.5. Compared economic impact of a country´s digitization and of the broadband and mobile telephony penetration ...............................................................................................................18 Figure 2.6. Participation of the ICT sector in the total added value of OECD countries in 2013 .......18 Figure 2.7. Labor productivity in the ICT sector and in the economy of the OECD countries in 2013 ...............................................................................................................................................19 Figure 2.8. Labor market in the ICT sector in OECD countries......................................................20 Figure 2.9. Global distribution of malware and infection risks in 2014...........................................21 Figure 2.10. Types of most common incidents of digital security in 2015 .....................................23 Figure 2.11. Evolution of malware worldwide to the third quarter of 2015 (cumulative) ................24 Figure 2.12. Breached sectors by number of exposed identities ...................................................24 Figure 2.13. Industries targeted by spear-phishing in 2014..........................................................25 Figure 2.14. Digital security incidents estimated annual cost for a typical organization per industry ...............................................................................................................................................25 Figure 2.15. Predictions of new types of threats in the digital environment in the future ..............27
8. 8 Figure 2.16. Evolution of Internet subscribers in Colombia .........................................................29 Figure 2.17. Economic impact of digitization on Latin America (2005-2013) .................................31 Figure 2.18. Growth of the Gross Domestic Product and of the Post and Telecommunications activity 2010 - 2T 2015 (%) ......................................................................................................32 Figure 2.19. Trends of incidents in the digital environment in Colombia ........................................35 Figure 2.20. Cost of the malicious activity as % of the GDP in some countries in 2014 .................35 Figure 3.1. Evolution of the implementation of a digital security strategy in some countries .........40 Figure 3.2. Schematic summary of the OECD recommendations on Digital Security Risk Management ............................................................................................................................41 Figure 3.3. Principles put forth by the OECD for the building of a digital security risk management policy. ......................................................................................................................................42 Figure 3.4. Adoption of digital security strategies in organizations...............................................43
9. 9 ACRONYMS AND ABBREVIATIONS CAI VIRTUAL: Command for Immediate Virtual Action of the National Police of Colombia CCOC: Joint Cyber Command of CGFM Colombia CCP: Police Cyber Center of the National Police of Colombia CGFM: General Command of the Military Forces of Colombia CICTE: Inter-American Committee Against Terrorism ColCERT: Cyber Emergency Response Group CONPES: National Council for Economic and Social Policy CRC: Communications Regulatory Commission. CSIRT: Computer Security Incident Response Team DANE: National Department of Statistics DIJIN: Criminal Investigation Directorate DNP: National Planning Department EUROPOL: European Police Office CI: Critical Infrastructure INTERPOL: International Criminal Police Organization CGEM: Computable General Equilibrium Model ICT MINISTRY: Ministry of Information and Communication Technologies OECD: Organization for Economic Cooperation and Development OAS: Organization of American States NATO: North Atlantic Treaty Organization AMP: Action and Monitoring Plan GDP: Gross Domestic Product ICT: Information and Communication Technologies ICU: International Telecommunication Union
10. 10 1. INTRODUCTION The massive use growth of Information and Communication Technologies (ICT) in Colombia, reflected in the increase of 2.2 million Internet connections in 2010 to 12.2 million in 20151 , due to the large scale of telecommunications networks as the basis for any socio economic activity 2 and the increase of services available online 3 show a significant increment in the digital participation of citizens which, in turn, is translated into the existence of a digital life for the Colombian people. The massive use of the ICTs to conduct any socio economic activity has led to the development of a growing digital economy in the country, generating the need to establish mechanisms to guarantee the security of the individuals and their activities in the digital environment in the short, mid and long-term. For example, the digital security incidents on IT platforms of the defense sector managed by the CCOC increased by 73% between 2014 and 2015, while the country´s CCP has performed on average 330 arrests in 2014 and 2015, which shows a strong relation between the growth of this economy and the increase of the risks and uncertainties 4 to which people are exposed in the digital environment. 1 According to COLOMBIATIC (2015), this refers to broadband connections (Vive Digital) with a cut-off date to 30 September 2015. The target established in the National Development Plan 2014 – 2018 for 2018 is 27 million Internet connections. 2 According to the SFC (2015), the number of financial operations (monetary and non-monetary) in Colombia through Internet increased by 45% from 2012 to 2014 and through the Mobile Telephony channel by 252%. In the first quarter of 2015, Colombia´s financial system carried out 2.026 million operations for $3.237,8 billion pesos, of which 863 million were carried out through Internet (43% of the total) for an amount of $1.092,61 billion pesos (34% of the total). 3 According to the ICT Ministry´s Online Government Program, the percentage of Colombian citizens that use electronic means to i) obtain information, ii) perform proceedings, iii) obtain services, iv) submit requests, complaints or claims, or v) participate in the decision making process went from 30% in 2009 to 65% in 2014. This also reflected in the Colombian Companies namely 24% in 2009 to 81% in 2014 (http://estrategia.gobiernoenlinea.gov.co/623/w3-propertyvalue-7654.html). Additionally, the Colombian State portal offered in 2015 1.038 online proceedings (http://vive.gobiernoenlinea.gov.co/) 4 According to Intel Security (2014), the cost of malicious activities in the digital environment worldwide is estimated between 0,4% and 1,3% of the global GDP. This cost was approximately 0,14% of the GDP in 2014 for Colombia.
11. 11 The development of a solid digital economy that contributes positively to the generation of economic and social prosperity in the country, requires the creation of an open, safe and reliable digital environment, in accordance with the increment and dynamics of the people´s digital activities. To that end, there must be a comprehensive and clear vision in respect of the digital security and the management of risks associated with threats and incidents that may attempt against the citizens´integrity, the rule of law, the exercise of fundamental rights, the national security and defense, the sovereignty and therefore, against the economic and social prosperity. Thus a need emerges to establish new digital security guidelines and directives taking into account components such as governance, education, regulations, cooperation, research and development, innovation, security and the defense of critical infrastructures, protection of the country´s sovereignty, and focused on the citizens, the society in general, the Military Forces and the public and private sectors, so that the country has a social and economic structure in place that facilitates the achievement of the State´s goals. Considering the aforementioned issues and the needs associated thereto, this document describes the guidelines to develop the Digital Security General Policy, whose intent is to ensure that the National Government, the public and private organizations, the academia and the civil society in Colombia, make massive and responsible use of an open, safe and reliable digital environment through the strengthening of its capabilities to identify, manage and mitigate the risks associated with the digital activities. To develop the Digital Security General Policy some unwavering fundamental principles are established, as well as some dimensions and strategic objectives which once mapped, result in a set of specific goals and actions that materialize said policy (see section 5). To prepare this document, the following input was taken mainly into consideration: Recommendations issued in September 2015 by the Organization for Economic Cooperation and Development (OECD), in respect of digital security risk management. Recommendations agreed during the international technical assistance missions and issued in April 2014 and in July 2015, which were sponsored by the Inter- American Committee Against Terrorism (CICTE) of the Organization of American
12. 12 States (OAS), with experts of the governments of Canada, Spain, United States, Estonia, South Korea, Israel, United Kingdom, Dominican Republic and Uruguay, as well as representatives of international organizations such as the World Economic Forum, the OECD, NATO and INTERPOL. Official statements and documents of the North Atlantic Treaty Organization (NATO) in respect of the good practices in the design of national digital security strategies. Recommendations provided in 2014 and 2015 by national experts convened by the Ministry of Defense, Justice and Law and the Ministry of Information and Communication Technologies. Recommendations from the work groups in 2014 and 2015, expanded with key players of the public and private sectors, the civil society organizations, the academia, the ICT industry and companies specialized in digital security in Colombia. Recommendations from the work groups of the National Planning Department, the Ministry of Information and Communication Technologies, the Ministry of National Defense and other institutions related with digital security in Colombia, as well as from other stakeholders during the period between November 2015 and February 2016. This document is organized as follows, this section serving as introduction. The second section contains the background, the description and scaling of the current issues around digital security, allowing to establish the justification. The third section contains the conceptual framework, while the fourth presents an analysis of the issues identified. The fifth section sets out Colombia´s Digital Security National Policy, describing the fundamental principles, the strategic dimensions, the strategic objectives and the main goals with the actions to reach the core objective. Similarly, this section presents the timelines to track the implementation of this policy and its funding scheme. The sixth section presents a series of recommendations to implement the policy. Lastly, section seven to nine contain the glossary, the bibliography and the schedules, which include a detailed Action and Monitoring Plan (AMP). 2. HISTORY AND JUSTIFICATION This section presents the international and national landscape on the trends in the use of the ICTs as the basis for any socio economic activity, the resulting dynamics in the uncertainties of the digital security during the last years, and the importance of these
13. 13 aspects for the development of a digital economy. Similarly, considerations are presented to formulate the Digital Security National Policy. International landscape The swift evolution and adoption of technologies for any socio economic activity, the increasing use of those by all socio economic levels, the expansion of the telecommunications networks, and the convergence phenomenon in the provision of communications services, have marked the dynamics of this sector worldwide in recent years. Figure 2.1 shows the evolution of the global indicators on ICT services. For each one of these, an increasing evolution is observed overtime, showing that the ICT services are becoming more important for people. According to ITU (2015), a strong growth has taken place in the penetration of the mobile broadband sector, going from 12.6 subscribers per each 100 inhabitants in 2010 to an estimate of 47.2 in 2015, which reflects the greater availability of this type of services and the subsequent fall of prices, allowing access to more people, and the growing large scale and use of smart devices (smart phones and tablets). The individuals who use Internet and the households with Internet access have maintained a stable annual growth rates worldwide. We went from 29.2 individuals per each one hundred who used Internet in 2010 to an estimate of 43.4 in 2015, and 29,9 households with Internet access per each one hundred to an estimate of 46.6 in 2015. Figure 2.1. Global development of ICT Services Source: ITU (2015)
14. 14 Similarly, the international trends show that the digital environment is dynamic and grows continuously. Table 2.1 shows the projections of this growth worldwide. It is estimated that in the next five years, the users of mobile broadband will grow by 33%, the terminals connected to Internet by 49%, the generated data in 400%, the network traffic by 132%, the Internet devices 1200% and the public cloud market 63%, these are aspects that show the increasing relation between the socio economic activities and the digital environment. Table 2.1. Projections of some indicators of the ICT use worldwide Projections 2015 2020 Increase in % More usersof mobilebroadband 3 billion 4 billion 33% More connectedterminals 16.3 billion 24.4 billion 49% More generateddata 8,8 zettabytes 44 zettabytes 400% More IP networktraffic (monthly) 72,4 exabytes 168 exabytes 132% Devices– Internet of Things 15 billion 200 billion * 1200% Size of the global public cloudmarket USD$97 billion USD$159 billion 63% Note: * to 2018. Source: Adapted of Intel Security Labs (2015a) As described thus far, worldwide the ICTs have become an important factor in nearly all aspects of the economic and social life of individuals, providing channels for education, labor productivity, social interaction, development of more inclusive businesses, democracy, financial transactions, public utilities, national security and defense and other interfaces between the key stakeholders in the digital environment. According to CEPAL (2014), a technology-based economy (digital economy) has been consolidated, which is a facilitator whose development and deployment takes place in an ecosystem characterized by a growing and accelerated convergence of various technologies, resulting in communication networks, hardware equipment, processing services and web technologies. Figure 2.2 shows an digital economy ecosystem model with three main components: the broadband network infrastructure, the ICT applications industry and the end users, with enabling platforms and an institutional basis. Figure 2.2. Digital Economy Ecosystem
15. 15 Source: CEPAL (2014) It is widely acceptedthat the evolution and maturity of the digital economy ecosystem generates a positive impact on all the economic and social fields of society and on all the sectors of the economy. This is how a worldwide digitization process has been generated, resulting in financial benefits for the industries and the businesses that have been at the forefront of said trends, obtaining greater knowledge from their customers and achieving higher productivity and creating new business models. PwC (2011) designed an industry digitization index based on which it identifies the businesses that lead the digitization process such as the financial and insurance services industry, the automotive industry, the computer and electronic equipment industry, and the media and telecommunications industry. Similarly, it concludes that the digitization leading industries are moving fast, while the progress among those lagging remains relatively low. Figure 2.3. Industry digitization index in 2011 and 2012
16. 16 Source: PwC (2011) and PwC (2012) McKinsey Global Institute (2015) also designed the Industry digitization Index in the United States where all economy sectors are analyzed through the lens of digital assets, digital use and digital workforce. The index shows that the US economy is digitizing unevenly, with large disparities between sectors. Beyond the ICT sector which often sets the highest standard of digitization, and in accord with PwC measurements (2011) and (2012), the communications, professional services and financial services are the economy sectors most highly digitized . The index also highlights where there is space to grow the digital capabilities. Public utilities, mining and manufacturing, for example are in the first phases of digitization and could be at the forefront of the next digitization wave. Additionally, the working capital industries such as retail and health care are expanding digital use, but a significant part of their big workforce does not use technology widely. Industries that heavily depend on workforce and localized labor, such as construction, entertainment and agriculture, tend to be less digitized. Figure 2.4. Industry digitization index in the United States in 2015
17. 17 Source: McKinsey (2015) In this digitization process, the Internet is deemed as a platform on which each sector of the economy is supported and it is a driving shaft to achieve gains in productivity, competitiveness and economic growth. Katz (2015) concludes that both the digitization in a country as well as the increase of ICT penetration such as broadband or mobile telephony contribute positively to the growth of the countries´GDP. For example, an annual increase by 10% in the penetration of broadband in a medium-sized country of the OECD shall contribute to the country´s GDP annual growth by 0,29%, or an increase of 10% of the digitization index of one country would generate an increment of 0,75% in its GDP per capita.
18. 18 Figure 2.5. Compared economic impact of a country´s digitization and of the broadband and mobile telephony penetration Source: Katz (2015a) Additionally, the participation of the ICTs in the total added value of the economy is significant and has remained stable worldwide. Figure 2.6, OECD (2015b) estimated that the ICT sector represented 5,5% of the total added value of the OECD countries (namely, around USD$ 2,4 billion dollars) in 2013. This percentage shows great variations between the countries, i.e. from 10,7% of the added value in Korea to less than 3% in Iceland and Mexico. Figure 2.6. Participation of the ICT sector in the total added value of OECD countries in 2013 Source: OECD (2015b)
19. 19 Similarly, OECD (2015b) estimated that the labor productivity (added value per employed person) in the ICT sector for OECD countries was approximately USD$ 162.000 PPP5 , being 79% higher than the rest of the economy. Figure 2.7 shows the labor productivity estimates for said group where one can see that it varies from USD$ 200.000 PPP in the United States to USD$ 74.000 PPP in Hungary. Figure 2.7. Labor productivity in the ICT sector and in the economy of the OECD countries in 2013 Source: OECD (2015b) Employment in the ICT sector represents more than 14 million people in the OECD countries, nearly 3% of the total employment in said countries. Figure 2.8 shows the annual growth rates of employment in the ICT sector between 2001 and 2013, as well as a comparison of the percentage of employment of the ICT sector in respect of the total employment in said countries between 2011 and 2014. OECD (2015b) concludes that the contribution of the ICT sector to the growth of the total employment has varied significantly in the last fifteen years. In 2013, the ICT sector represented 22% of the total employment growth. Similarly, it concludes that while the employment in the ICT sector is stable, the employment of ICT specialists in all the sectors of the economy has increased, reaching at least 3% of the total employment in the majority of the OECD countries. 5 According to the OECD, the Purchasing Power Parity (PPP) is a currency conversion rate that is equal to the purchasing power of various currencies eliminating the differences in the levels of prices between the countries.
20. 20 Figure 2.8. Labor market in the ICT sector in OECD countries Annual growth of ICT jobs % ICT jobs in respect of the total of 2011 and 2014 Source: OECD (2015b) Considering the foregoing, the increasing relevancy of the digital environment in the socio economic activities, and its high dynamism has brought about a set of joint risks, threats, vulnerabilities and incidents of various types, to which individuals and public and private organizations have been exposed. Table 2.2 summarizes some relevant cases of digital security incidents during 2014 worldwide, wherein one can observe their effect on any sector of the economy, with consequences that may impact negatively millions of people, and even billions of people in the world. Table 2.2. Big incidents of digital securityin the world during 2014 Month of 2014 Organization Sector Impact January SNAPCHAT Social network 4,5 million names and mobile numbers compromised February KICKSTARTER Crowd funding 5,6 million victims March KOREAN TELECOM Telecommunications 12 million subscriptions compromised April HEARTBLEED Software First of three open source vulnerabilities May EBAY Purchases Database of 145 million buyers compromised June PF CHANG´S Food Highest violation of high-level information of the month July ENERGETIC BEAR Power Cyber espionage operation in the energy industry August CYBERVOR Technology 1.2 million credentials compromised September iCLOUD Entertainment Celebrities accounts compromised October SANDWORM Technology Attack to Windows vulnerability November SONY PICTURES Entertainment Highest violation of high-level information of the year December INCEPTION FRAMEWORK Public Sector Cyber espionage operation in the public sector Source: Adapted from Verizon (2015)
21. 21 Digital security incidents are generally based on some malicious software, designed to damage or illicitly use the information systems of the organizations. In particular, the malware6 is a type of software whose purpose is to infiltrate and damage a terminal or an information system without the users´authorization.. Figures 2.9 and 2.10 show the most common types of digital security incidents worldwide in 2014 and 2015, respectively, among which we can highlight the trojans, worms and viruses 7 . Phishing incidents are also highlighted as their intent is to acquire confidential information fraudulently. Figure 2.9. Global distribution of malware and infection risks in 2014 6 English term used for any malicious software. 7 The trojan is a malware presented to the user as a seemingly legitimate and harmless program, but when executed, it provides the attacker with a remote access to the infected terminal. The worm is a malware that has the ability to duplicate itself. The virus is a malware whose purpose is to alter the normal operation of the terminal, without the user´s permission or awareness.
22. 22 Source: ISS (2014)
23. 23 Figure 2.10. Types of most common digital security incidents in 2015 Source: Ponemon Institute (2015) Today, the digital security incidents worldwide8 , have evolved and are more sophisticated to the point of being able to penetrate the security systems of government institutions, international organizations, private sector businesses and State´s critical infrastructure. According to Intel Security (2015b), incidents caused by malware have increased continuously in the last years, and the expectation is to go beyond five hundred million incidents in 2015. 8 According to the OAS (2014), “the current landscape in matters of cybernetic threats in Latin America and the Caribbean shows that users are suffering the impact of threats that can be seen as a global trend and other characteristics of each region As a aggravating factor, Latin America and the Caribbean have the fastest growing population of Internet users worldwide, with an increase of 12 percent in the last year” Said reported identified the main trends that impact the region: 1) Data breach is increasing, 2) Targeted attacks continue to increase, 3) social scams are increasing, 4) the malware increased, especially the bank trojans and thefts, and 5) mass events are very attractive for criminals.
24. 24 Figure 2.11. Evolution of malware worldwide to the third quarter of 2015 (cumulative) Source: Intel Security Labs (2015b) Digital incidents not only show an increasing global trend, but also affect any sector of the economy. Figures 2.12 and 2.13, taken from the Internet security report 2015 of SYMANTEC (2015), show how various sectors of the economy are affected by one specific type of digital incident. Figure 2.12 shows the list of the ten sectors with more identity exposure incidents in 2014, where the retail and financial sector can be highlighted Figure 2.13 shows the ten sectors most affected in 2014 by “spear-phishing” incidents9 . Figure 2.12. Breached sectors by number of exposed identities 9 Fraud attempt through identity theft aimed at a specific organization, seeking non-authorized access to confidential data, likely carried out by attackers seeking profit, trade secrets or military information.
25. 25 Source: Adapted from SYMANTEC (2015) Figure 2.13. Industries targeted by spear-phishing in 2014 Source: Adapted from SYMANTEC (2015) On the other hand, the digital security incidents also have direct impact on the finances of individuals and organizations. According to the Ponemon Institute (2015), the estimated annual cost caused by digital security incidents varies according to the affected economy sector. Figure 2.14 shows the digital security incidents estimated annual cost for 2015, where one can observe that for a typical organization of the financial sector the cost is nearly USD $13 million per year, while for the public sector it is approximately USD $6 million. Figure 2.14. Digital security incidents estimated annual cost for a typical organization per industry (millions of dollars per year)
26. 26 Source: Ponemon Institute (2015) On the other hand, Intel Security (2013) estimated that the cost of malicious activities in the digital environment for 2013, including the losses of intellectual property and confidentiality of information, digital environment crimes, loss of strategic information, opportunity costs due to the reduction of trust in digital environment activities, additional insurance costs, and reputation loss for the attacked companies, were equivalent to an aggregated figure between USD $300 billion (equivalent to Singapore or Hong Kong´s GDP) and USD $1 billion (Mexico´s GDP) worldwide. Intel Security (2014) estimated that the approximate annual cost for the global economy of said malicious activities in 2014 was US$445 billion which is equivalent to 0,57% of the global GDP, including the profit for the criminal offenders as well as the security and recovery costs for the businesses. The conservative estimation was US$375 billion, while the maximum was estimated in US$575 billion. Given that the digital economy generated in 2014 between US$2 billion and $ 3 billion, Intel Security (2014) estimated that the cost of the malicious activity in the digital environment is equivalent between 15% to 20% of the value created by the Internet. Table 2.3. Estimated cost of malicious activities in the digital environment ITEM Estimated cost Percentage of the global GDP Piracy USD$1 billion to USD$16 billion 0,0012% to 0,02% Arms trafficking USD$600 billion 0,77%* Malicious activity in thedigital environment USD$300 billion to USD$1 trillion 0,4% to 1,3%
27. 27 Note: * recalculated based on the World Bank´s GDP figures. Source: Adapted from Intel Security Labs (2013) On the other hand, according to Intel Security (2015b), 2015 has marked the beginning of a significant change towards new threats that are more difficult to detect, including fileless threats, encrypted infiltrations and stolen credentials, among others. Figure 2.15 shows the predictions of new types of threats in the digital environment, which represents a scenario of greater uncertainty in respect of global digital security. Figure 2.15. Predictions of new types of threats in the digital environment in the future Source: Adapted from Intel Security Labs (2015b) Other important aspect of digital security is that the associated risks point not only to databases or information systems, but also to the national physical infrastructure, such as hydro power stations, power networks, SCADA systems10 , port systems, defense systems, weapons of war, among others. To cite an example, terrorists could attempt to turn-off the collection of water of am hydro power plant or take the control of drones, weapons and guidance systems of the military forces to cause damage to the population or even to the very military facilities. A study conducted by Intel Security (2015c) on incidents in critical infrastructures, based on a survey held in 2015 among information security professionals of 625 global organizations show that nearly nine out of ten respondents have experienced at least one attack to their security systems in 2014, with an average of nearly twenty attacks per year. 10 English acronym for Supervisory Control And Data Acquisition. Control and monitoring system for remote industrial equipment that operates with coded signals over a communication channel
28. 28 Additionally, more than 70% of the respondents thinks that the threats to their organizations are increasing and 48% thinks it is likely that an attacked to put out of operation the critical infrastructure can be accompanied by potential loss of life. Similarly, it has been proven that threats to critical infrastructure are a unquestionable reality and show an increasing trend. For example, more than 59% of the respondents indicated that the attacks resulted in physical damage and more than 33% led to service interruption. In addition to the foregoing, the OAS and Trend Micro (2015) conducted an online survey in January 2015 among the Security Leads of the main critical infrastructures of the Member States. Similarly, private organizations that manage the critical infrastructure of the countries were included. Among the main outcomes it was found that that 53% of the respondents observed an increment in the incidents in their computer systems during 2015 and that 76% of the respondents perceive that the incidents against the critical infrastructures are becoming more sophisticated. In this sense, they also concluded that the creators of the threats may be targeting the most vulnerable and critical infrastructures in the future. This leads to conclude that at international level the greater access and use of the digital environment to perform socio economic activities is generating a new digital economy with important social and economic impact in the countries. However, this new economic environment has brought along new types of threats and modalities of digital security incidents that demand more planning, prevention and attention by all the stakeholders(i.e. governments, public and private organizations, academia and civil society). National overview In line with the international scene, Colombia has lived a digital revolution during the last decade, especially since 2010 through the implementation of the Live Digital Plan (Plan Vive Digital). According to the Ministry of Information and Communication Technologies,
29. 29 in the country, the number of Internet connections increased five times going from 2,2 million in 2010 to 12,2 million in 2015.11 . Figure 2.16. Evolution of Internet subscribers in Colombia Source: DNP (2014a) Similarly, according to the ICT MINISTRY, currently in Colombia 1.078 out of the 1.123 municipalities are connected to the optical fiber backbone. Also worth highlighting is the implementation of 899 Vive Digital points, these are community access centers that provide education in the use of Internet to persons of strata 1 and 2 in the entire country, as well as 7.621 Vive Digital Kiosks, which are community access centers located in remote areas and and towns of more than 100 residents of rural Colombia. Similarly, the ICT MINISTRY (2015a) established that the National Government made the largest investment and donation of technology for public schools and colleges in the entire country: 2 millions of tablets and computers. And through the initiative called Apps.co, the largest entrepreneur network of Latin America was established (80.000 entrepreneurs) who are materializing their ICT-based business ideas. Today, 65% of the citizens interact through electronic means with government agencies performing more than four hundred procedures online. Therefore, the citizens and the businesses are more open and willing to interact with the State through the use of the ICT. 11 According to COLOMBIATIC (2015), this refers to broadband connections (Vive Digital) with a cut-off date to 30 September 2015. The target established in the National Development Plan 2014 – 2018 for 2018 is 27 million Internet connections.
30. 30 Moreover, it is necessary to remember that Colombia currently has the National Development Plan “All for a new country” whose pillars are peace, equality and education for the period 2014 – 2018. For its execution, said plan is based on ICT supported cross- sectional strategies. For example, DNP (2014b) provides that with respect to the competitiveness and the strategic infrastructures, the plan sets forth the use of ICTs as platform to achieve high levels of equality and education improving competitiveness. Similarly, the ICTs are deemed as a cross-sectional component that is relevant in the development of all the other economic sectors of the country12 . As for social mobility, the objective of the plan is to close even more the gap in the access to education and improve its quality through the efficient use of ICTs. With regards to the transformation of the agricultural sector, the objective is to achieve rural competitiveness through the adoption and promotion of said technologies. In aspects such as justice, security and democracy to achieve peace, the pursuit is to guarantee access to all the citizens to all types of justice related services through the use of ICTs. The good government is achieved through the adequate use of the citizens information, ensuring its timely and efficient management, as well as through the building of a more transparent and open government. The green growth is aimed at achieving resilience and reducing the vulnerability in respect of the risk of disasters and the climate change, and all this must be supported by better and more integrated information systems. Colombia invests in the benefits generated by the use of ICTs because these are powerful tools that help transform the life of each and everyone of the Colombians 12 For example, the ICTs are considered as support to the electric sector of Colombia where the National Interconnected System (SIN) groups the different activities of the service provision chain , which are divided into: Generation system, National Transmission System (STN), Regional Transmission System (STR) and Local Distribution System (SDL). The SIN includes 98,9% of the installed generation in the country. Under this context, Colombia has made important progress in matters of automation of the STN and its integration with the generation systems located in different areas of the national territory, showing the use of the ICT infrastructure that supports the electric power system. Looking at the experience with the STN, the electric sector is ready to take the next step to continue the automation of the SDL, which has a network of 200.000 km of lines divided in more than 5.000 circuits with an average of nearly 100 transformers per circuit, which represent the challenge of achieving the automation of the electric network in the Colombian territory by 2030.
31. 31 through the supply of more and better infrastructure that allows access to Internet in conjunction with the opportunities that are generated throughout the country, creating an ICT appropriation and adoption culture that promotes the country´s economic and social development. According to the Digital Evolution Index of Tufts University (2013), Colombia is one of the markets with the potential to develop strong digital economies, showing a consistent and impressive improvement of its digital preparation status. Katz (2015b) points out that the country went from being a “transitional digitization” country in 2013 to one of “advanced transitional digitization” in 2015, by showing adequate changes in the political and institutional context in respect of the ICT sector. At regional level, digitization in Latin America has contributed in US$ 195 billion dollars to the region´s GDP between 2005 and 2013. This means that the development of digitization generated approximately 4,3% accumulated growth to Latin America´s GDP. From Figure 2.17, Katz (2015b) estimated that digitization in Colombia contributed in USD$ 16 billion to the country´s GDP from 2005 to 2013, which represented 6,12% of the accumulated growth of the GDP in said period. Figure 2.17. Economic impact of digitization on Latin America (2005-2013) In US$ millions at current exchange rate % of the GDP that represents an increment of the GDP resulting from digitization ( %) Source: Adapted from Katz (2015a) This situation is in accord with the economic behavior of the ICT sector in the country over the last five years. Figure 2.18 shows the growth of the GDP and the GDP associated
32. 32 to the Post and Telecommunications economic activity. However, there is a decrease of 1,8% in the second quarter of 2015, during the period 2010 to 2014 said branch showed positive growth rates, and in some cases above the economic growth rate. Figure 2.18. Growth of the Gross Domestic Product and of the Post and Telecommunications activity 2010 - 2T 2015 (%) Source: ICT MINISTRY (2015b) Between 2010 and 2014, according to numbers from the Annual Service Survey of the DANE, the ICT sector 13 had a participation of 24% of the total added value of Colombia´s economy in 2014. This means that the ICT sector is positioned as one of the sectors that generates more added value in the country. Table 2.4 shows that although the added value of the ICT sector grows at an annual average rate of 9% its participation in the total added value has decreased slightly since 2012. On the other hand, as for the consumption of intermediate goods, taking advantage of the production in the other sectors, the ICT sector grew 48% between 2010 and 2014. Said increase evidences that each year, the ICT sector behaves as a cross-sectional sector in Colombia´s economy, therefore influencing the growth of the other sectors. Similarly, the participation of the intermediate consumption of the ICT sector in the total intermediate consumption has increased reaching 33% in 2014. 13 The analysis of the ICT sector ´s economic impact on the Colombian economy between 2010 and 2014 based on the Annual Service Survey of the DANE displayed in Table 2.4 considers an approximate sample of 5.318 companies in Colombia (566 of the ICT sector) and deems the ICT sector in Colombia as a set of activities according to the CIIU classification 3 and 4 established by the United Nations (UN) as follows: i) Under CIIU classification 3 the activities: I3 Post and mail activities, I4 Telecommunications, O1 radio and television and news agencies activities and K2 computer and related activities, and ii) under the CIIU classification, the activities: H2 Post and Mail, J3 telecommunications activities, J2 Radio and television broadcasting and news agencies and J4 Computer and information services.
33. 33 With regard to the productivity of the ICT sector, Table 2.4 shows that for each peso spent in the ICT sector in 2014, $1,6 pesos were generated as income or in other words $0,6 pesos as return. This taking into account that the survey of the DANE measures the productivity of the economic activities through the relation between income and intermediate consumption. It is worth to note that the productivity of the sector has decreased slightly since 2012. The labor productivity in the ICT sector for Colombia in 2014 was approximately $138.000 pesos, this one being 257% higher than the country´s total labor productivity. It is important to mention that the DANE calculates the labor productivity for each working person through the relation between the added value of the economic activity and the number of persons working in said activities. The ICT sectors ranks first on the list of activities with highest productivity levels per working person in 2014. Lastly, the contribution of the ICT sector to the growth of total employment in Colombia has increased slightly during the last five years. During said period, the employment annual growth rate in the ICT sector was 2%. Moreover, it can be concluded that the employment in the ICT sector accounted for 7% of the country´s total employment. Table 2.4. Economic impact of the ICT sector on Colombia´s economy between 2010 and 2014 (figures in pesos)
34. 34 Source: ICT MINISTRY based on DANE´s Annual Service Survey (ASS) for 2010, 2011, 2012, 2013 and 2014 In addition to the foregoing, Colombia is making great efforts to reduce the digital gap, since more Internet is equivalent to less poverty and more productivity, and the development of the information infrastructure and its active use become a swift path for economic growth. Obviously, the country wants to seize these said opportunities and seeks to become a relevant player in the digital economy. But it is also understood that that this would not be possible if the citizens and the businesses do not trust the digital environment if there is no general and clear vision in place regarding digital security in the country. Although the increase of connectivity in Colombia has brought along countless benefits for the country, it has also contributed to an increment of threats, crimes and incidents in the digital environment that affect the security of citizens, public and private organizations, and even the infrastructures that are part of the nation´s interests. During the last few years, Colombia has been the focus of interest for several types of attackers. The attack techniques and vectors have improved bringing increased, and resulting in greater difficulty to timely detect them. CRC (2015) mentions that in Colombia, three specific trends of incidents have been identified, these are shown in Figure 2.19. Furthermore, Table 2.5 displays the methods used by criminals in Colombia to obtain the information of financial customers and identified by ASOBANCARIA (2015). 2010 2011 2012 2013 2014 Tasa de Crecimiento entre 2010 y 2014 Tasa de crecimiento promedio anual entre los años 2010 y 2014 Empresas Total 5343 5170 5427 5301 5351 0% 0% Empresas Sector TIC 576 552 563 558 579 1% 0% Empresas Sector TIC vs Empreas Total 10,8% 10,7% 10,4% 10,5% 10,8% Personal Ocupado Total 1364309 1415763 1493676 1595485 1705181 25% 6% Personal Ocupado Sector TIC 84576 85948 93000 105725 116221 37% 8% Personal Ocupado Sector TIC vs Personal Ocupado Total 6,2% 6,1% 6,2% 6,6% 6,8% 10% 2% Ingresos Total (miles de $corr.) 82.389.436.832$ 91.756.810.788$ 103.402.734.660$ 115.243.624.805$ 126.035.184.558$ 53% 11% Ingresos Sector TIC (miles de $ corr.) 25.091.681.684$ 28.017.099.021$ 30.604.072.934$ 34.411.551.510$ 37.769.880.923$ 51% 11% Ingresos Sector TIC vs Ingresos Total (%) 30,5% 30,5% 29,6% 29,9% 30,0% Ingresos Sector TIC por empresa (miles de $ corr.) 43.561.947$ 50.755.614$ 54.358.922$ 61.669.447$ 65.232.955$ 50% 11% Valor agregado Total (miles de $corr.) 43.076.868.441$ 48.857.194.019$ 55.278.004.839$ 61.419.292.334$ 65.745.558.538$ 53% 11% Valor agregado Sector TIC (miles de $ corr.) 11.315.515.483$ 12.646.287.222$ 14.192.750.788$ 15.640.944.849$ 16.008.414.582$ 41% 9% VA Sector TIC vs VA Total (%) 26,3% 25,9% 25,7% 25,5% 24,3% Consumo Intermedio Total (miles de $corr.) 37.060.840.194$ 40.202.277.869$ 44.925.214.151$ 49.991.809.439$ 55.543.342.122$ 50% 11% Consumo Intermedio Sector TIC (miles de $ corr.) 12.315.349.763$ 13.547.743.059$ 14.285.044.139$ 16.067.664.387$ 18.232.907.927$ 48% 10% CI Sector TIC vs CI Total (%) 33,2% 33,7% 31,8% 32,1% 32,8% Gastos de Personal Total (miles de $corr.) 27.989.926.902$ 30.521.312.413$ 34.889.923.521$ 37.879.397.772$ 41.487.367.815$ 48% 10% Gastos de Personal Sector TIC (miles de $ corr.) 3.420.469.121$ 3.863.365.433$ 4.423.222.526$ 5.029.288.455$ 5.499.769.526$ 61% 13% Gastos de Personal Sector TIC vs Gastos de Personal Total (%) 12,2% 12,7% 12,7% 13,3% 13,3% Productividad Total 1,27 1,30 1,30 1,31 1,30 3% 1% Productividad Total Sector TIC 1,59 1,61 1,64 1,63 1,59 0% 0% Productividad Laboral 31.574$ 34.509$ 37.008$ 38.496$ 38.556$ 22% 5% Productividad Laboral Sector TIC 133.791$ 147.139$ 152.610$ 147.940$ 137.741$ 3% 1% Remuneración Mensual 1.593$ 1.682$ 1.798$ 1.839$ 1.890$ 19% 4% Remuneración Mensual Sector TIC 2.937$ 3.320$ 3.487$ 3.559$ 3.588$ 22% 5%
35. 35 Figure 2.19. Trends of incidents in the digital environment in Colombia Source: CRC (2015) Table 2.5. Methods used by criminals in Colombia to obtain information of financial customers Concept Description Phishing Criminalsforgethe institution´swebsitein orderto obtain personal andfinancialinformation (credit card numbersandpasswords) andvia electronic mail orpop-ups, they direct the clients toa forgedweb page where they request their information. Smishing This fraudulentpracticeuses text messagesi.e.SMS andsocial engineeringto deceive personsin order to obtain personal andfinancial information. Spy Software (Malware ortrojans) Criminalsusea software to monitor theactivities performed by thePC user. Similarly, they have access to the information that the user keys andto the contentsof his electronic mails. Key logger By using software or hardware, criminalsseekto recordthe texttypedby the users on their PCs. Cloning Copyingtheinformation containedmagnetic stripon debit andcredit cards. Source: ASOBANCARIA (2015) In relation with the costs of the country´s digital security incidents, on the one hand ISSS (2014) estimated that in Colombia, the cost of malicious activity in the digital environment for 2013 was approximately USD$ 464 million. On the other hand, Intel Security (2014) estimated that said cost for Colombia in 2014, was approximately 0,14% of the GDP. Figure 2.20. Cost of the malicious activity as % of the GDP in some countries in 2014
36. 36 Source: Adapted from Intel Security (2014) In addition to the foregoing, based on the information provided Intel Security Foundstone, a consulting services company in the field of response to incidents, discovery of vulnerabilities and security strategy and in collaboration with Intel Security, reported on 7 January 2016 in the United States a total of 604.493 incidents and in Brazil 77.423, while in Colombia that number was 8.128. Having analyzed the international and national arena around the evolution of access to and use of ICTs in the digital environment, the conclusion is that Colombia is increasingly digital thanks to the efforts of the national Government through the implementation of effective sector policies that allow to promote the participation of the society in the economic and social activities in the digital environment. The country´s digitization generates economic growth and improvement of productivity and competitiveness. However, greater use of the digital environment entails greater risks and uncertainties. How to address them has been a topic of discussion at international level, because the conditions to execute said economic and social activities have been changing drastically. Therefore, the increase of incidents in the world and in the country generates impact on the digital economy that must be addressed under an updated vision around the matter. 3. CONCEPTUAL FRAMEWORK This section discusses the new trends in respect of defining digital security strategies or policies and the digital security risk management model based on best practices at international level around the matter, a model towards which the national Government must work.
37. 37 According to the OECD (2015a), during the last ten years, the digital security incidents have increased generating a series of uncertainties and significant consequences for each and every one of the individuals and organizations. This situation has generated the issuance of an international regulatory framework, see Table 3.1, as well as an intense debate on how to address these incidents today. Table 3.1. International Regulatory Framework Instrument Matter Convention on Cybercrime of the Council of Europa – CCC (known as the Budapest Convention on Cybercrime) adopted in November2001 and in force since 1 July 2004) The main purpose ofthe convention is the adoption of a legislation that facilitatesthe prevention of criminal behavior and that contributes with effective tools in the penalfield to allow the detection, investigation and prosecution ofillegal behaviors. Only binding instrument on the matter at international level as well as its protocol to criminalize racist and xenophobic actions committed via computer systems. The Council deems that cybernetic crime demandsa common penalpolicy intended to prevent crime in the cyberspace and in particular, through the adoption ofa suitable legislation and the strengthening ofinternational cooperation.It is important to highlight thatalthough the CCC originatedat European regional level, it is an open instrumentfor adherence by all the countries ofthe world.Worth to note is thatColombia received an invitation of the Council of Europe to adhere tothe BudapestConvention as a result of a process started in 2011 with theenactment of CONPESdocument 3701,which requiredthe Ministry of Foreign Relationsto submit a formal request with theCouncilof Europa to invite Colombia to be part of the Budapest Convention. This way, on 20 September2013, the Council ofEurope´sCouncil of Ministers approved the invitation for Colombiato adhere totheBudapestConvention, andbe part of the additional protocol related with the criminalization of racism or xenophobic relatedactionscommittedthrough computer systems.Based on this decision, Colombia has five (5) years to adhere to the international instrument. Resolution AG /RES 2004 (XXXIV- O/04) of the General Assembly of the Organization of American States Comprehensive Strategy to Combat Threats to Cybersecurity Multidimensional andmultidisciplinary approach to creating a culture of cybersecurity It stipulates three avenues of action: i) Creation of an hemispheric network of Computer Security Incident Response Teams – CSIRT, assigned tothe Inter-American Committee against Terrorism – CICTE; ii) identification and adoption of technical standards for safe Internet architecture,a jobcarried out by the Inter-American Telecommunications Commission;and iii) adoption and/or adapting of the legal instruments necessary to protectInternetusersandinformation networks from criminals and organized criminal groups thatusethese means, under theresponsibility of Meeting of Ministers of Justice or of Ministers or Attorneys General of the Americas-REMJA.The Comprehensive Strategy is described in this AG/RES Resolution.2004 (XXXIV-O/04), approved at the plenary session of the thirty fourth periodof sessionsof theOAS General Assembly, held on 8 June 2004. To thisextent, the Resolutionshavea compliance level different from that generated by a Treaty or a Convention, because if a country member of the OAS has approvedthe Resolution by vote, it is expected that the country has the same commitment to comply with it. In this case, Colombia as a member of the General Assembly of the OAS signed this Resolution, and the binding force of the resolutions is reflected in the obligation ofthe countries to submit reportsandpresent results in relation with theagreements in saidresolutions.Moreover,Colombia as member of the Inter-American Committee Against Terrorism (CICTE) and of the Inter- American Inter-American Telecommunications Commission (CITEL), must be
38. 38 Instrument Matter subject tothe Resolutions and recommendations issued by those bodies. Lastly, it is importantto consider that the OASResolutions do not have the bindingnatureof a treaty; however, the General Assembly is the supreme body of the OASandallits expressionshold high diplomatic political value. Decision 587 of the Andean Community dated 10 July 2004 Whereby the Guidelines for the External Security Policy of the Andean Community areestablishedObjectivesof saidpolicy are to prevent, combat and eradicate the new threats tothe security,and their interrelations, when appropriate,through cooperation andcoordination efforts to confront the challenges that such threats represent for the Andean Community.. Accordingto article 3 of theTreaty CreatingtheCourt ofJustice of the CAN, the legal schemeof the CAN is supranational, which is translated into the issuance of common laws or standards that have direct effect and are bindingin the member states as of their publication date in the Official Gazette of the Cartagena Agreement without the need to request prior approval by the NationalParliaments fortheir entry into force and effect in each one of the member states. Consensuson Cybersecurity of the International Telecommunications Union -ITU, within the United Nations, in execution of the Tunis action program for for information society 2005 It seeks to promotethe analysis ofpertinentinternational concepts intended to strengthen the security of global information and telecommunications systems. The Resolutions that the ITU may issueare bindingfor Colombia, as the constitution of the ITU andtheITU Convention were approved by means of Laws 252 dated 1995and873 dated 2004, as well as the subsequent amendments. Resolution 64/25 “Developments in the field of information and telecommunications in the context of international security”. United Nations General Assembly (UNGA). (2009) The GeneralAssembly exhorts allthemember states to continue promoting the multilateral analysis of real and potential threats in the information security fieldandpossible measuresto limitthe threatsthat may arisein that area, consistently with the need to preserve the free circulation of information.This Resolution follows the Assembly´s monitoring, with the Resolutions
Se perfila el borrador del documento Conpes de Seguridad Digital ... Se perfila el borrador del documento Conpes de Seguridad Digital ... 2 Sepa cómo ...
MinTIC invita a participar de la construcción del documento Conpes de Seguridad Digital en Colombia Conpes busca establecer una política pública de ...
... documento Conpes de Seguridad Digital en Colombia. MinTIC pone a disposición de la ciudadanía el borrador del documento Conpes de Seguridad ... 2 3 4 ...
MinTIC pone a disposición de la ciudadanía el borrador del documento Conpes de Seguridad Digital ... en este borrador de política de Seguridad Digital ...
Finalizaron mesas de trabajo de discusión del borrador de CONPES de Seguridad Digital, ... de la nueva Política de Seguridad Digital ... Conpes ...
Listo borrador del documento Conpes de Seguridad Digital ... la creación de una Política Pública Nacional de Seguridad Digital en ... 2: 3: 4: 5: 6: 7 ...
2-2-2016 IR A LA PORTADA DE HOY: Mesas de trabajo discutieron sobre el borrador de Conpes de Seguridad Digital ... documento Conpes de Seguridad Digital ...
301 Moved Permanently. nginx