STATE OF CYBER SECURITY IN JAMAICA Hon. Julian Robinson Chairman Joint Select Committee on the Cybercrimes Act January 24, 2013 Policy Framework The Ministry of Science, Technology, Energy and Mining (MSTEM) is the lead government institution responsible for coordinating the prevention of and combating cybercrime, as well as, providing policy support to all matters regarding cyber security. At present there is no written/documented strategy for cyber security. However, the Information and Communications Technology Policy passed in April 2011 speaks to: 1. the establishment of a Cyber Emergency Response Team (CERT) to address matters regarding cyber threats and appropriate responses thereto. Policy Framework 2. Making provision in companion legislation: to require custodians of web-based databases to maintain system integrity through physical and logical security on the technology deployed. for sanctions related to invasion of privacy, unauthorized access and unauthorized use of customer information. Legislative Framework Cybercrime Act promulgated in December 2010. The Act provides criminal sanctions for the misuse of computer systems or data and the abuse of electronic means of completing transactions and facilitates the investigation and prosecution of cybercrimes. Other legislation utilized in cybercrime: Larceny Act - Used to prosecute the substantive offence when a cyber related method is utilized. Interception of Communications Act - Used for evidence gathering purposes. Legislative Framework Child Pornography Act - makes the production, possession, importation, exportation and distribution of child pornography a criminal offence. Evidence Act - speaks to hearsay and nonhearsay evidence contained in documents that are produced by computers. Administrative Framework - Players In addition to MSTEM, the other entities involved in the prevention of and combating cybercrime are: 1. Ministry of National Security - manages and integrates cyber security within the fields of physical, information, intelligence & communications security. 2. Ministry of Justice - assist in the development of legislation and regulations to combat cybercrimes and cyber attacks. Administrative Framework - Players 3. Jamaica Constabulary Force - responds to and investigates cybercrime incidents. Specific Unit within the Organised Crime Investigation Division of the JCF responsible for cybercrime i.e. the Communication Forensic and Cybercrime Unit (CFCU). The CFCU’s case load for 2011 & 2012 included on average over 1,700 active cases each year which have one or more digital media devices such as a laptop, desktop, thumb-drive, thumb device, or other media item. Increase in electronic fraud in 2012 – specifically credit and debit card fraud. In 2012, 229 websites were hacked including government entities, tertiary institutions and private companies. Administrative Framework - Players 4. Ministry of Foreign Affairs and Foreign Trade - ensure the timely dispatch to and from the lead Ministry of requests received from regional and international organizations on issues related to preventing and combating cybercrime. 5. Director of Public Prosecution – Specialized unit dedicated to cybercrime namely Digital Evidence and Cybercrime Unit (DECU). Responsible for prosecuting cybercrime incidents and liaising with and supervising police investigations. Challenges Inadequate legal framework leading to loopholes that can be exploited. Legislative strengthening required. Insufficient personnel in the CFCU to handle incidents in a timely manner. Unit has a staff complement of 18 persons. However, the members do not work exclusively on cybercrime matters. The CFCU has acquired digital forensic equipment. However, there is no equipment for Internet related investigations. DECU (within the DPP) has a complement of 8 staff members. However, only 3 have received training in cybercrimes and the members do not work exclusively on cybercrime matters. Challenges Further sensitization of judges and prosecutors (including clerk of courts in the Resident Magistrates Courts) required. There are no Judges or prosecutors that specialize exclusively in cybercrimes. Novelty of the cybercrime legislation results in a lack of precedents in establishing the existence of and prosecuting cybercrimes. Challenges Need for increase collaboration/partnership between public and private sector. Timeliness of obtaining assistance available through/via trans-border arrangements. Undesirable level of awareness of the effects of cybercrimes. Things to do: Identify existing gaps and establish a holistic Cyber Security Strategy and Plan to minimize those gaps. Establish capacity building programme - Most cybercrime incidents are prosecuted in lower courts (Resident Magistrates Court). Therefore essential that Clerk of Courts are trained. Strengthen legislation. Foster National, Cooperation. Regional and International Specific actions undertaken Technical assistance from Telecommunication Union (ITU) the International Engagement of Prof. Dr. Marco Gercke, an international expert in the field of law related to Cybercrime and Cyber Security to: Review existing legislation to identify gaps Support in drafting new legislation Conduct global benchmarking Assist in stakeholder and capacity building consultations Establishment of a cyber emergency response team (CERT) with training and skills development. Biography of Prof. Marco Gercke Prof. Dr. Marco Gercke is an international expert in the field of law related to Cybercrime, Cybersecurity and ICT and for more than ten years advises governments and international organizations He is director of the Cybercrime Research Institute - an independent global think tank dealing with legal aspects of Internet crime. Holding a PhD in criminal law with a focus on Cybercrime he is for several years teaching law related to Cybercrime, International Criminal Law and European Criminal Law at the University of Cologne and is visiting professor for International Criminal Law at the University of Macau. The focus of his research is on international aspects of law related to Cybercrime. In this respect he was and is working as an expert for several international organisations among them the Council of Europe, the European Union, the United Nations and the International Telecommunication Union. Marco assisted several countries in drafting Cybercrime legislation. Key elements of his research are the challenges related to the fight against Cybercrime and comparative law aspects in developing legal response in common law and civil law systems. The latest researches covered Legal Response to Terrorist use of the Internet, Identity Theft, International Cooperation in Fighting Identity-Theft, Money Laundering and Terrorist Financing activities involving Internet technology and the responsibility of Internet Service Providers. Marco is a frequent national and international speaker and author of more than 100 publications related to the topic Cybercrime. In addition to articles and books he published several studies including comparative law analysis for the Council of Europe and the International Telecommunication Union. His latest 225-page publication on Cybercrime was translated to all UN languages.