Document

advertisement
STATE OF CYBER SECURITY IN
JAMAICA
Hon. Julian Robinson
Chairman
Joint Select Committee on the Cybercrimes Act
January 24, 2013
Policy Framework


The Ministry of Science, Technology, Energy and Mining (MSTEM) is
the lead government institution responsible for coordinating the
prevention of and combating cybercrime, as well as, providing
policy support to all matters regarding cyber security.
At present there is no written/documented strategy for cyber
security. However, the Information and Communications Technology
Policy passed in April 2011 speaks to:
1.
the establishment of a Cyber Emergency Response Team
(CERT) to address matters regarding cyber threats and
appropriate responses thereto.
Policy Framework
2.
Making provision in companion legislation:
 to
require custodians of web-based databases
to maintain system integrity through physical
and logical security on the technology
deployed.
 for
sanctions related to invasion of privacy,
unauthorized access and unauthorized use of
customer information.
Legislative Framework


Cybercrime Act promulgated in December 2010. The Act
provides criminal sanctions for the misuse of computer
systems or data and the abuse of electronic means of
completing transactions and facilitates the investigation and
prosecution of cybercrimes.
Other legislation utilized in cybercrime:
 Larceny Act - Used to prosecute the substantive offence
when a cyber related method is utilized.

Interception of Communications Act - Used for evidence
gathering purposes.
Legislative Framework


Child Pornography Act - makes the production,
possession, importation, exportation and
distribution of child pornography a criminal
offence.
Evidence Act - speaks to hearsay and nonhearsay evidence contained in documents that
are produced by computers.
Administrative Framework - Players

In addition to MSTEM, the other entities involved in the
prevention of and combating cybercrime are:
1. Ministry of National Security - manages and
integrates cyber security within the fields of physical,
information, intelligence & communications security.
2. Ministry of Justice - assist in the development of
legislation and regulations to combat cybercrimes
and cyber attacks.
Administrative Framework - Players
3.




Jamaica Constabulary Force - responds to and investigates
cybercrime incidents.
Specific Unit within the Organised Crime Investigation Division of the JCF
responsible for cybercrime i.e. the Communication Forensic and Cybercrime
Unit (CFCU).
The CFCU’s case load for 2011 & 2012 included on average over 1,700
active cases each year which have one or more digital media devices such as
a laptop, desktop, thumb-drive, thumb device, or other media item.
Increase in electronic fraud in 2012 – specifically credit and debit card fraud.
In 2012, 229 websites were hacked including government entities, tertiary
institutions and private companies.
Administrative Framework - Players
4. Ministry of Foreign Affairs and Foreign Trade - ensure
the timely dispatch to and from the lead Ministry of
requests received from regional and international
organizations on issues related to preventing and
combating cybercrime.
5. Director of Public Prosecution – Specialized unit
dedicated to cybercrime namely Digital Evidence and
Cybercrime Unit (DECU). Responsible for prosecuting
cybercrime incidents and liaising with and supervising
police investigations.
Challenges


Inadequate legal framework leading to loopholes that can be
exploited. Legislative strengthening required.
Insufficient personnel in the CFCU to handle incidents in a timely
manner. Unit has a staff complement of 18 persons. However,
the members do not work exclusively on cybercrime matters.

The CFCU has acquired digital forensic equipment. However,
there is no equipment for Internet related investigations.

DECU (within the DPP) has a complement of 8 staff members.
However, only 3 have received training in cybercrimes and
the members do not work exclusively on cybercrime matters.
Challenges


Further sensitization of judges and prosecutors
(including clerk of courts in the Resident
Magistrates Courts) required. There are no
Judges or prosecutors that specialize
exclusively in cybercrimes.
Novelty of the cybercrime legislation results in
a lack of precedents in establishing the
existence of and prosecuting cybercrimes.
Challenges



Need for increase collaboration/partnership
between public and private sector.
Timeliness of obtaining assistance available
through/via trans-border arrangements.
Undesirable level of awareness of the effects
of cybercrimes.
Things to do:




Identify existing gaps and establish a holistic Cyber
Security Strategy and Plan to minimize those gaps.
Establish capacity building programme - Most
cybercrime incidents are prosecuted in lower courts
(Resident Magistrates Court). Therefore essential that
Clerk of Courts are trained.
Strengthen legislation.
Foster National,
Cooperation.
Regional
and
International
Specific actions undertaken

Technical assistance from
Telecommunication Union (ITU)
the
International
 Engagement
of Prof. Dr. Marco Gercke, an international
expert in the field of law related to Cybercrime and
Cyber Security to:
 Review
existing legislation to identify gaps
 Support in drafting new legislation
 Conduct global benchmarking
 Assist in stakeholder and capacity building consultations
 Establishment
of a cyber emergency response team
(CERT) with training and skills development.
Biography of Prof. Marco Gercke
Prof. Dr. Marco Gercke is an international expert in the field of law related to
Cybercrime, Cybersecurity and ICT and for more than ten years advises governments and
international organizations




He is director of the Cybercrime Research Institute - an independent global think tank dealing with legal
aspects of Internet crime. Holding a PhD in criminal law with a focus on Cybercrime he is for several years
teaching law related to Cybercrime, International Criminal Law and European Criminal Law at the
University of Cologne and is visiting professor for International Criminal Law at the University of Macau. The
focus of his research is on international aspects of law related to Cybercrime.
In this respect he was and is working as an expert for several international organisations among them the
Council of Europe, the European Union, the United Nations and the International Telecommunication Union.
Marco assisted several countries in drafting Cybercrime legislation.
Key elements of his research are the challenges related to the fight against Cybercrime and comparative
law aspects in developing legal response in common law and civil law systems. The latest researches
covered Legal Response to Terrorist use of the Internet, Identity Theft, International Cooperation in Fighting
Identity-Theft, Money Laundering and Terrorist Financing activities involving Internet technology and the
responsibility of Internet Service Providers.
Marco is a frequent national and international speaker and author of more than 100 publications related
to the topic Cybercrime. In addition to articles and books he published several studies including comparative
law analysis for the Council of Europe and the International Telecommunication Union. His latest 225-page
publication on Cybercrime was translated to all UN languages.
Download