Mexico. A few days ago Javier López Casarín, president of the Commission of Science, Technology and Innovation of the Chamber of Deputies, in an interview with the media ConsumoTIC, spoke about the need for a National Cybersecurity Agency that they hope to have ready by 2024.
Deputy López said, in response to the creation of the agency: "It is important that we begin to understand what is happening with the great powers, which pay peculiar attention to create their agencies. We cannot be left behind and that is why we have to be creating ours. Don't wait for something to happen."
This initiative arises in part from the current challenges derived from technological developments, but also from the increase, impact and sophistication of cyberattacks carried out since the beginning of the pandemic. In that sense, the security multinational Fortinet detected a 600% increase in computer security threats in 2021.
The challenge is undeniable, according to a study conducted by the company Sophos in 2020, 44% of mexican companies surveyed were affected by ransomware and only 24% of attacks could be stopped before criminals encrypted the information. However, according to data from FortiGuard Labs, Latin America and the Caribbean suffered more than 289 billion cyberattack attempts in 2021, of which Mexico was the most affected country as it received 53.98% of such attack attempts.
Indeed, this would not be the first time that the idea of forming a National Cybersecurity Agency in Mexico. The National Cybersecurity Strategy launched in 2017 by the Government and with which it is intended to reduce the risks associated with the use of technologies and the number of cybercrimes, in addition to generating a general culture of cybersecurity addresses the need to create a National Cybersecurity Agency that coordinates the strategy that is being defined and generates the critical path of Internet governance, and that also helps to generate certainty and confidence in the new digital ecosystem.
This initiative emerged, then, based on the study Evaluation of Cybersecurity in Mexico: Gaps and Recommendations in a Hyper-Connected World, published in 2017, which revealed some important findings for the country, among which stand out "the need to have a National Cybersecurity Agency that coordinates the strategy that is being defined and generates the critical path of Internet governance, and that also contributes to generating certainty and confidence in the new digital ecosystem".
Other findings and needs to consider
In light of a launch of the agency in 2024, other findings of the study "Evaluation of Cybersecurity in Mexico" show some needs to be solved not only for the execution and implementation of the agency, which are also essential aspects for the security industry, among the results thrown are evidenced: the importance of reformulating the legal framework of cybersecurity for the harmonization between federal and state legislations. Provide the country's police forces with the necessary tools. Ensure the protection of critical infrastructure, especially cyber resilience under a risk management approach, also, the development of skills and competencies for the new digital ecosystem, as well as recruit the best possible talent. This is not to mention the budgetary considerations of the start-up.
Many are the details that remain to be established regarding how the National Cybersecurity Agency would operate, but what is clear to Javier López Casarín is where it should be located: "Inside the office of the Presidency is where it could be operating best, because at the end of the day it is a matter of national security, which would have to be agreed directly with the president ... in case you need a point of view, it is a transversal area, our entire government works from there... That would be a first serve, if they tell us that no, then we would have to see if this would be with the Ministry of the Interior."
The deputy also commented that meetings are being held to support the proposal with different actors such as the Secretariat of National Defense (Sedena), the Secretariat of the Navy (Semar) and the National Guard. Well, the plan is to build the first version of the project, establish the outline of the legal framework and define the budget prior to the end of the period of the current federal administration, in 2024.
