U.S. Foreign Policy on Cybersecurity and Its Impact on Latin America's Societal Trust in Technology
By Camila Herrera
Cybersecurity plays a crucial role in shaping societal trust in technology. When individuals and organizations feel secure in their digital interactions, they are more likely to embrace technology and harness its full potential. Conversely, cybersecurity incidents erode trust and have far-reaching consequences for the adoption and utilization of technology.
Latin America has emerged as a vibrant and dynamic region in the global technology landscape. However, cyberattacks and data breaches have become a threat across Latin America, with incidents targeting government agencies, critical infrastructure, and private companies.
Latin America and the Caribbean are one of the regions in the world with the highest incidences of cyberattacks. According to data from various cybersecurity firms, the region receives more than 1,600 cyberattacks per second. To get an idea of the proportion, during the first six months of 2022, global ransomware distribution attacks reached 384,000, with the region accounting for 14% of the total. These attacks not only result in economic losses but also severely undermine societal trust in technology, as individuals question the security and reliability of digital systems\that are essential to modern life. Such breaches erode confidence in the ability of technology to protect personal information and safeguard critical infrastructure, exacerbating concerns about privacy and cybersecurity. As Latin American countries attempt to strengthen their cybersecurity posture, they face constraints from limited resources, lack of skilled personnel, and inadequate policy frameworks. Moreover, internet-connected technology and networks; interconnected nature means that vulnerabilities in one country can exploit to target others across the region andbeyond. This complex landscape highlights the need for greater cooperation – both within Latin America and with international partners like the United States – to enhance cyber readiness through funding, technical assistance, and collective defense measures. By supporting Latin American countries in building robust cybersecurity governance, the United States can help mitigate risks to shared economic and security interests. However, competing influences and priorities across the region pose potential challenges for U.S. collaboration efforts.
This article aims to explore the current state of cybersecurity regulation in Latin America, the challenges faced by the region, the impact of cybersecurity on societal trust in technology, and provide recommendations on the role of the United States in shaping cybersecurity policies in Latin America.
Cyberattacks in Latin America
Latin America has faced a wave of cyberattacks since 2020 exacerbated by the COVID-19 pandemic's digital transformation. IBM lists Brazil, Mexico, and Peru as the top regionaltargets in 2022. In 2018, hackers attacked Mexico's Interbank Electronic Payment System (Sistema de Pagos Electronicos Interbancarios), causing a $42 million loss and one of the country's worst cyberattacks ever. Similarly, In 2020, the Superior Court of Justice in Brazil, one of the top courts in the world, was hit by ransomware that prevented hundreds of cases from moving forward. In 2021–2022, cyberattacks in Brazil also brought down coronavirus vaccination platforms and municipal administrations.
In April of 2022, Costa Rica was the target of one of the most impactful cyberattacks in. Latin America. A week after Rodrigo Chaves was elected as the nation's new president, the Russian ransomware group Conti targeted 27 ministries, causing serious damage to nine of them. The cyberattacks occurred in April through June, and on May 8, forcing the newly elected President to declare an extraordinary state of emergency.
Disinformation campaigns, ransomware attacks, and cyber espionage by state-sponsored groups are just a few of the complex challenges that Latin American nations are facing. These issues have all contributed to a generalized lack of trust in society. Cyber espionage with state support jeopardizes confidential information and erodes trust in institutions; information security measures. Campaigns of disinformation generate discord and increase mistrust of official sources of information. Attacks using ransomware interrupt vital services, increasing a person's sense of vulnerability and undermining confidence in an institution's ability to maintain stability. Rebuilding trust across societal institutions demands a holistic strategy that includes strengthening cybersecurity, improving media literacy, and promoting transparent governance.
Overview and Challenges of Cybersecurity Regulations in Latin America
Latin American countries have made significant strides in enacting cybersecurity regulations to safeguard their digital ecosystems. Among these safeguards are Blockchain for protecting sensitive data and transactions in the financial and governmental sectors, Artificial Intelligence (AI) for real-time threat detection and response, and Machine Learning (ML) to learn from previous occurrences and forecast future risks. However, the level of maturity and effectiveness of these regulations vary across the region. Some countries have comprehensive frameworks in place, while others are still in the nascent stages of developing their cybersecurity policies.
Brazil, for example, has taken a proactive approach by implementing the Brazilian General Data Protection Law (LGPD) in 2020.This law aims to protect the personal data of Brazilian citizens and enhance cybersecurity measures. Similarly, Mexico has enacted the Federal Law on Protection of Personal Data Held by Private Parties, which establishes guidelinesfor the collection, use, and storage of personal data.
Costa Rica took a significant step in strengthening its data privacy protections in 2023 when legislators introduced a comprehensive Data Protection Law to their policy agenda insupport of 5G-focused measures. Additionally, in August 2023, President Chaves issued a decree regulating 5G rollouts across multiple dimensions — banning firms from countries not party to cybercrime conventions, enforcing stringent network development rules, enabling nationwide spectrum auctions, and formalizing supply chain risk standards for telecommunications vendors.
The road to cyber resilience in Latin American countries is not clear-cut. OAS memberstates have agreed on a series of Cyber Confidence Building Measures since 2017, which aim to promote greater exchange of information on initiatives and incidents from across the region. Moreover, seventeen countries lacked a national cybersecurity strategy that addressed critical. infrastructure and resilience, and fourteen countries lacked a national computer incident response team, according to the International Telecommunications Union (ITU) Global Cybersecurity Index (GCI). Twenty-eight countries in Latin America offered no incentives to raise private sector cybersecurity. Despite challenges, countries have nevertheless reaffirmed their commitments to norms for responsible state behavior in cyberspace, and nine of them have. acceded to the Budapest convention, which enhances mechanisms for transnational cooperation in fighting cybercrime.
Challenges Confronting Latin America's Cybersecurity Landscape: Awareness Gaps, Resource Limitations, and Transnational Threats. Latin America faces several notable challenges in strengthening its regional cybersecurity landscape. A major challenge in the region is the limited awareness of cyber threats in government agencies. For instance, some government agencies do not have comprehensive strategies to counter sophisticated cyberattacks. There is a lack of trained personnel or outdated cybersecurity protocols in place, leaving government systems vulnerable to breaches. Additionally, the absence of standardized cybersecurity practices across different governmental bodies could pose challenges in efficiently mitigating emerging threats.
Furthermore, most Latin American countries grapple with budget constraints for public expenditures, including for national cybersecurity capacity.Some lack specialized agencies focused wholly on cyber defense. Insufficient skilled IT security personnel also cause gaps. Additionally, the transnational nature of cybercrimes poses a significant challenge. Cybercriminals can exploit vulnerabilities in one country to launch attacks on another, making it essential for countries to collaborate and share information. However, limited cross-border cooperation and information sharing hinder effective cybersecurity governance in Latin America. Finally, Latin America faces borderless cyber threats originating well beyond the region, requiring shared responses. Attacks from Eastern European cybercriminal groups, China, North Korea, Russia and more undermine institutions. Close economic ties with China also pressure some Latin American governments to potentially turn a blind eye to cyberespionage risks. The region’s cyber readiness is compromised by these factors that erode governmental confidence.
Impact of Cybersecurity on Societal Trust in Technology in Latin America
In Latin America, the impact of cybersecurity on societal trust is particularly pronounced. The region has witnessed several high-profile cyber incidents that have shaken public confidence in technology. Such incidents undermine trust not only in government institutions but also in private organizations and service providers. They create a sense of vulnerability and skepticism among individuals, discouraging them from fully embracing digital solutions and inhibiting the growth of the digital economy. For example, the 2019 Ecuadorian data breach compromised the personal information of almost the entire population, highlighting the vulnerability of digital infrastructure.
These data breaches resulting from inadequate security protocols make individuals hesitant to use digital services due to concerns about further breaches and violations of privacy. Similarly, cyberattacks targeting financial institutions or online transactions foster mistrust in digital payment systems, causing doubts about their reliability. Businesses also suffer as consumer trust diminishes when companies fall victim to cyber incidents, impacting their brand reliability and customer loyalty. Moreover, governmental systems's; vulnerabilities can erode confidence in public institutions'; abilities to safeguard sensitive information and provide secure digital services. Overall, these cybersecurity concerns hinder technological innovation and progress, potentially widening societal inequalities and limiting participation in the digital
economy. Latin America's potential for technological advancement is deterred by the lack of confidence resulting from these security concerns. Efforts to build robust cybersecurity infrastructures and promote a resilient cyber culture are essential to restore and uphold trust in technology across the region.
The Role of The United States in Shaping Cybersecurity Policies in Latin America
The U.S. has been actively engaged in fostering collaboration and knowledge sharing with Latin American countries to enhance cybersecurity governance. As a global leader in technology and cybersecurity, the U.S. has a vested interest in promoting a secure digital environment across the region. Moreover, as the United States increasingly relies on countries like Mexico, Costa Rica, and Panama for advanced global supply chains due to decoupling from China in critical industries like semiconductors, there is heightened importance for the U.S. to bolster the cybersecurity defenses of critical infrastructure in Latin America. Strengthening cybersecurity in these regions is crucial to safeguarding the interconnected networks that underpin supply chains and ensuring the resilience of global trade partnerships.
The region's potential weaknesses in cyber defenses pose risks not only for Latin American networks but also for American targets. Strengthening cybersecurity in Latin America is essential to bolster collective resilience against cybercriminals and nation-state actors who exploit vulnerabilities across borders. Moreover, Latin America serves as a vital trade partner for the U.S., and significant cyber disruptions in the region could destabilize interconnected supply chains and financial systems that American companies heavily rely on. By aiding in enhancing cybersecurity readiness in Latin America, the U.S. safeguards its shared economic interests and bolsters stability in critical trade networks.
Additionally, the alliances forged between the United States and Latin American countries extend beyond regional security. Strengthening partnerships in cyber defense aligns interests in tackling global challenges and reduces shared risks associated with inadequate security capabilities. This collaboration not only enhances cybersecurity but also supports broader efforts in regional security, anti-corruption measures, and other mutual interests.
Furthermore, the U.S. has been instrumental in fostering partnerships between Latin American countries and international organizations like the Organization of American States (OAS) and the Inter-American Development Bank (IDB). These partnerships facilitate the exchange of best practices, promote regional cooperation, and support the development of cybersecurity policies.
Current initiatives and collaborations between the United States and Latin American
countries in cybersecurity
The United States is actively engaged in fostering digital growth across Latin America and the Caribbean while prioritizing security, privacy, and inclusivity. Through initiatives like Growth in the Americas and the Digital Connectivity and Cybersecurity Partnership (DCCP), the U.S. provides both technical expertise and financial support to drive digital transformations in the Western Hemisphere. Furthermore, several ongoing initiatives and collaborations between the United States and Latin American countries are aimed at addressing cybersecurity challenges in the region. Among those initiatives is the U.S.-Mexico Cybersecurity Dialogue, which seeks to enhance collaboration and information sharing between the two countries in combating cyber threats. Similarly, the U.S. has partnered with Brazil through the U.S.-Brazil Cybersecurity Working Group to strengthen collaboration on cybersecurity issues. This partnership focuses on. sharing threat intelligence, promoting cybersecurity research and development, and enhancing incident response capabilities. Additionally, the U.S. has supported the establishment of national Computer Emergency Response Teams (CERTs) in several Latin American countries. These. CERTs serve as focal points for coordinating cybersecurity incident response and facilitating information sharing within the region. Additionally, in 2023, the United States announced a
three-year, $9.8 million security assistance initiative funded through the Foreign Military Financing (FMF) grant. 44 This initiative aims to bolster Costa Rica’s cyber defense capacity and. will support the establishment of a Cyber-Security Operations Center by 2026 within Costa. Rica’s Ministry of Public Security. In August 2023, The U.S. Department of State announced plans to give Costa Rica $25 million to strengthen its defenses against cyberattacks, reaffirming the countries; cooperation in this area. The funding will enable a centralized cybersecurity operations center to enhance its capabilities in threat monitoring and provide extensive support for long-term capacity building, tools, and training. Moreover, in light of recent high-profile ransomware attacks that affected vital services, it expands on previous efforts by Costa Rica's Ministry of Science, Innovation, Technology, and Telecommunications to implement the nation's cybersecurity policy.
Comparably, in September of 2023, the Organization of American States (OAS) in Washington hosted a historic summit between Latin American and American nations to strengthen cybersecurity defenses against prospective adversaries, particularly China and Russia. The focus of this conference was on the importance of working together to improve regional and personal cyberdefenses. Concerns about China's infrastructure influence in the region were also highlighted, with discussions focusing on creating a regional cybersecurity hub, protecting critical systems, enhancing law enforcement capabilities against cyber criminals, and addressing foreign influence campaigns accompanying cyberattacks. These collaborative efforts demonstrate a shared commitment towards securing the digital landscape and safeguarding democracy and prosperity in Latin America.
Recommendations for Improving Cybersecurity Governance in Latin America
International collaboration and cooperation are essential to assist Latin American countries in addressing these cybersecurity concerns. The United States should work closely with these countries to develop and implement comprehensive cybersecurity strategies tailored to their specific needs. This includes providing technical assistance, capacity building, and sharing best practices in cybersecurity. To improve cybersecurity governance in Latin America, several key recommendations should be considered by policymakers and stakeholders across the region.
First, countries need to develop comprehensive and harmonized cybersecurity regulations that align with international standards. This includes establishing clear guidelines for data protection similar to the National Institute of Standards and Technology Cybersecurity Framework (NIST), incident response, and voluntary Risk Management Frameworks (RMFs).
Second, governments should invest in building cybersecurity capacity through education and training programs. This includes fostering partnerships with academia, industry, and international organizations to develop a skilled cybersecurity workforce. Experts from the region believe that more investments in human capital would go the furthest in building cyber capacity across Latin America. Governments should try to create opportunities that bridge education. programs with job prospects, for example, encouraging graduates to launch new cybersecurity initiatives such as joint initiatives with public institutions at all levels of government.
Third, cross-border cooperation and information sharing should be strengthened to. effectively combat transnational cyber threats. Latin American countries should work together and with international partners to establish mechanisms for sharing threat intelligence and coordinating incident response.
Finally, it is important to support public-private partnerships in order to encourage cooperation and information exchange between the public and private sectors. This can guarantee that cybersecurity measures are in line with industry best practices. Moreover, closing the gap between the creation and execution of policies involves ensuring that policy decisions are effectively implemented and translated into concrete actions.
Potential Challenges in U.S. Support for Latin American Cybersecurity Efforts
When the United States supports Latin American countries in strengthening cybersecurity protections, it may encounter several challenges. One major challenge is the inconsistent progress made by these countries in cybersecurity measures. Often, Latin American countries prioritize economic development over cybersecurity until a significant cyber incident occurs. This approach leaves them vulnerable to cyber threats and attacks.
As mentioned above, another challenge is the limited resources available for developing. robust cybersecurity capabilities. Many Latin American countries face budget constraints and need more funding to invest in advanced cybersecurity technologies and infrastructure. This limitation hampers their ability to effectively combat cyber threats and protect their critical systems and data. Moreover, outdated digital infrastructure, including legacy systems and. inadequate network security measures, further exacerbates the cybersecurity risks. In addition to. limited resources, underdeveloped policies, and outdated digital infrastructure pose significant challenges in ensuring cybersecurity in Latin American countries. The absence of comprehensive cybersecurity policies and regulations leaves these countries vulnerable to cybercrime and makes it difficult to establish a strong defense against cyber threats. This can affect the trade partnerships that the U.S. established in the last five years with Latin American countries on. semiconductors and overall supply chain technology.
Furthermore, the United States faces competing influences in the region, primarily from China. China's growing influence in Latin America raises concerns about data security and potential control by the Chinese government. As China invests heavily in infrastructure projects in the region, there is a risk that these projects may compromise data security and allow for unauthorized access to sensitive information. The United States should offer alternatives to Chinese investments and foster partnerships based on mutual trust and shared interests. By doing so, the United States can help ensure data security and prevent potential control by foreign entities.
By providing technical assistance, fostering partnerships, and sharing best practices, the U.S. has played a significant role in enhancing cybersecurity capabilities in Latin America. It is essential moving forward that the U.S. stays involved in combating cyber threats and providing technical assistance to Latin American countries. The United States can assist Latin America in constructing a safe and resilient digital ecosystem by supporting collaborations, investing in capacity building, and encouraging the adoption of strong cybersecurity measures.
Ultimately, the trust of individuals and organizations in technology hinges on effective cybersecurity governance. By prioritizing cybersecurity in foreign policy, the United States canhelp build societal trust in technology and pave the way for a prosperous and secure digital future in Latin America.
In summary, investing in Latin American cybersecurity is crucial for the United States, as it mitigates risks that can directly impact American interests. By addressing cyber vulnerabilities in the region, the US secures economic, security, and geopolitical advantages, fortifying vital relationships with its neighbors and promoting stability in shared networks and partnerships.