Caribbean Review: Grenada’s CSIRT: The First Fight Against Cyberattacks in the Caribbean
Attracting investment involves building trust and weighing risk. The trust between investors and government officials and the risk of attracting a large enough consumer base to sustain operations are some of the economic successes measured every day. Considering that a digital transformation is underway within the Caribbean region, the threats posed by a weak cybersecurity infrastructure and a lack of response base leave investors and residents vulnerable to attack.
What is CSIRT?
In 2022, the Prime Minister of Grenada, Rt. Hon. Keith Mitchell, announced the creation of the Cyber Security Incident Response Team (CSIRT) to serve the nation’s needs in protecting its growing information and communications technology (ICT) ecosystem. Recognizing the critical coexistence needed to spurn economic development in the digital world, the Prime Minister highlighted, “ICT has now become a central pillar in the overall development landscape.” According to CSIRT’s website, their mission is to address four critical areas for Grenadians: Cybersecurity Awareness Raising and Capacity Building, Information Sharing, Cyber Threat Intelligence, and Incident Management. However, the team’s real value derives from their indirect benefit of attracting key economic investments.
Vulnerabilities in Caribbean Cybersecurity
A few months ago, the World Bank calculated that developing nations particularly in Latin America and the Caribbean are encountering a major uptick in major disclosed cyber incidents amounting to 25% more cases than the previous decade. Of the unique challenges faced by Caribbean nations, Grenada shares common vulnerabilities with nations like St. Lucia and Trinidad and Tobago in that outdated infrastructure, shrinking funding and the lack of professional talent are to blame for this rise in unaddressed cyberattacks. Yet, CSIRT is a pioneering force in the region that is sparking unprecedented cooperation and modelling the response needed to defend, document and respond to threats of any nature on the ICT systems within the Caribbean.
While national response teams like CSIRT are important for addressing immediate threats and concerns arising from national phishing attacks, financial hackers or digital imposters, regional cooperation to build collective resilience in the cybersecurity sphere is paramount. As laid out by CARICOM Secretariat, Jennifer Britton speaking in Guyana, “No CSIRT community can be successful in isolation, just as no country can be secure on its own.” Her words allude to the inescapable fact that as the capabilities of one Caribbean nation may be insufficient on its own, especially as CSIRT Grenada is the first of its kind in the region, strength is in numbers. If more nations in the CARICOM community, Organization of Eastern Caribbean States (OECS) and the Commonwealth can boost investment to achieve cybersecurity then current stresses put on CSIRT can be mitigated and managed.
Regional and International Cooperation
Last month, an encouraging sign of increased regional cooperation had manifested when the inaugural meeting of the Commonwealth Caribbean Cyber Fellowship convened in the Port of Spain, Trinidad and Tobago to discuss solutions to boosting cooperation in responding to round-the-clock online crimes and threats. As a result of the meeting between the fifteen Caribbean delegates, a roadmap had been developed to meet these concerns with provisions that range from pooling knowledge and resources in an information-sharing system to enhancing coordinated responses to digital threats. This is a welcome for the Caribbean and Grenada that attempts to alleviate the current vulnerabilities and small size of cybersecurity response teams.
One of the delegates, Anish Bachu, Head of the Cyber Security Incident Response Team at Trinidad and Tobago’s Ministry of National Security, underscored the need for the coalescing of resources as some countries maintain cybersecurity teams of just one or two people.
In terms of international cooperation, earlier in 2024, Grenada deposited its instrument of accession to the Convention on Cybercrime otherwise known as the Budapest Convention, the first CARICOM nation to do so. A significant step that demonstrates to investors that Grenada, as opposed to other Caribbean nations, is committed to international standards, following countries like the United States, United Kingdom and Brazil which operate massive ICT modus operandi. A competitive advantage that is likely to persuade other CARICOM nations to do the same making Grenada the leading voice on cybersecurity within regional frameworks and dialogues.
One of the most cumbersome challenges to overcome in strengthening a cybersecurity response and building up capacity is the talent pool of precious cybersecurity professionals. Critically, as part of the ambitious rollout of CSIRT within Grenada, a new 16-week training program has been initiated to train at least 100 new cybersecurity professionals to join CSIRT’s ranks. In collaboration with Canada’s Ministry of International Development, the pilot program utilizes Canadian cybersecurity professionals and their expertise to train Grenadians in a unique, intergovernmental effort to bolster Grenadian capabilities.
Perplexingly, a potential partnership with St. George’s University (SGU) could have presented an obvious alignment of goals in securing a pipeline for government jobs in CSIRT and a comfortable landing for recent SGU graduates in the workforce yet no such connection exists.
Conclusion
One of the defining efforts within a successful cybersecurity response campaign is the effectiveness by which incidents can be reported, documented, studied and learned in order to develop societal awareness about possible upcoming attacks that might mimic those of the past. While CSIRT may only encounter sixteen major documentable attacks per year, the digital transformation signals to the world’s digital predators that a major vulnerability is opening, putting a target on the Caribbean’s back. While CSIRT signals to the world that Grenada and the Caribbean are making progress on preparedness for a future cyberattack, Prime Minister, Dickon Mitchell admits that CSIRT and the Ministry of ICT are, “not where they need to be.”
Considering the recent uptick in regional coordination and government initiative to combat the lingering threat that emanates from a cyberattack, the threat will only grow larger and more serious to which should effectuate an increased commitment from CARICOM and OECS to pay close attention to this detrimental vulnerability.
