Senator K. Pugh Chile "We must focus and move forward to turning our country into a power into cybersecurity"
(Infodefense.com)
Chile is one of the countries with the highest Internet penetration rate in Latin America, with more than an 80 of its connected population.This capacity allows society to take advantage of cyberspace but represents a challenge for the protection of networks and critical infrastructure against incidents and computer attacks.
In this new digital society there is a great risk of leaks and information trafficking, since much of the State institutions, organizations and companies work with the processing of personal data which forces to improve the country's computer security standards and faceCyberdelites effectively.
The independent senator for the Valparaíso Region and Vice Admiral in Retirement of the Chilean Navy, Kenneth Pugh, has been one of the main drivers of the importance of cybersecurity in aspects such as robust infrastructure focused on risk management, sheltering of cyber rightsof people and the promotion of the development of the cybersecurity industry with strategic motifs.
Pugh pointed in an interview with Infodefensa.com that it is necessary for Chile to generate a new institutionality in cybersecurity according to the times and protect the personal and sensitive data of people in charge of a National Agency for Data Protection with organic and budgetary autonomy.
In the same way, the need that in the initiative of the Cybersecurity Framework Law is reinforced by cyberinteligence and defines the scope of the concept of critical infrastructure, both physical and virtual, to enable their protection by the Armed Forces by the Armed Forces by the armed forces by the armed forces by the Armed Forces is.
Why did you decide to focus your parliamentary work on the area of cybersecurity?
I trained as an electronic engineer and my whole life I have been in digital systems, intelligence systems and electronic warfare.Then the information operations and all the issues related to the use of cyberspace for development begin but also understanding that cyberspace has been militarized and that is why cybersecurity is born.That is what took me, when I joined Parliament, to take it as something personal for my knowledge and I realized that there was no cybersecurity word in the Chilean Congress, it was not mentioned and that is why my first bill was precisely to changeCulture and to do so take an idea of the northern hemisphere, European countries and also from the United States, to use a full month to raise awareness.
October is the month that Europe and the United States occupies but not only to create awareness but also create capabilities and the only way to verify them is with national exercises this law that created the national month of cybersecurity, it is to promote knowledge, update it allyears and be able to carry out national cybersecurity exercises and thus verify that we have the right capacity.For those incredible things and with transversal support, that law was published in the Official Gazette on October 1, 2018, in the same year that I left as a senator and in the same month in which we were proposing it.
That is why I decided that it was a characteristic seal, as the human being is able to be inhabiting this new space that we do not know, the first ecosystem created by man but safely, such as giving legal certainty to digital acts, such as ensuring that thePeople are safe in their homes and I have dedicated a lot of effort to update, creating bills and I even have a constitutional reform precisely to recognize the citizen's right to digitally interact with the State, as we achieve that the State recognizes my digital identity and I relate myselfUnique and digitally with him, I do not need to go to the procedures, and that will turn the State because he will force him to have to improve his digital services to people and that is what I hope that in the new Constitution is considered.
¿Existe interés en la población respecto a la Ciberseguridad&39;?
You can't believe something you don't know and you can't also be afraid of something you don't know.We are the same as children in this new world and as we do not understand it we do not know the advantages they have nor the risks.That is why culture is important and created a month dedicated to cybersecurity.Last year we made a special session called on October 1 that had first level exhibitors such as Chema Alonso and Rosa Diaz, the director of the National Institute of Spanish Cybersecurity to explain to parliamentarians that all this we have that is wonderfulof the digital world has large risks and those risks must be known.People need this because they don't understand.At an early age you have to have digital habits and hygiene and you always have to minimize the risks to confront them safely.
What cyberamezas faces the country?
The largest cyber -cyberants we have at this time are related to those that affect people with their identity as credential robberies using techniques as simple and simple as uncle's tales of antiquity that today is phishing.Some think that this is economical, destroying reputation, creating false accounts or selling personal information from social networks that manages that affects the integrity of people, not only economic destruction, but also reputational and that also affects our democracy bypeople who are making malicious use of cyberspace creating and spreading false news.Fake News are gigantic forms of attack against which you have to prepare.And finally, what is more critical, infrastructure, everything we depend on, electrical systems can be blocked causing blackouts and causing people's death, generating accidents in controlled systems such as machinery, transport or aircraft and can pollutefood generating control processes in undue things.
Therefore, much damage can be done and we have to understand that this is real and that Chile is a place where we do not have good practices, digital hygiene and a national cybersecurity system, we are a true guerrilla field of the 21st century becauseThey come here to train their techniques, procedures, all their tactics and play with us.Chile still fails to generate an institutionality and as long as we do not have it we are going to be targets of these attacks of people who come not only to look for the money that some can have but to achieve training and experience because they know that here we are a third division team, the amounts they want can come to go to goals and they come to entertain with us
What critical infrastructure should the country ensure in the face of this type of attack?
In other countries what exists is a good capacity of cyberinteligence, of being able to anticipate.This is not only open intelligence but is cyber intelligence that is able to penetrate dark networks such as Deepweb to see what is being prepared and can prevent attacks.The first thing that is needed is a powerful system and has to reside within our state intelligence system.There is a law that is trying to modify to give greater capabilities to the National Intelligence Agency but we do not have what they have specialized technical intelligence organisms equivalent to a NSA or an 8200 unit of Israel.Chile does not have it and must develop better technical intelligence.
Then you have to have a system and coordinating centers for attacks and those are the critical infrastructure protection centers.The CNPIC, for example in Spain, where the Civil Guard and the National Police converge, has 54 people, because they have to act together and we do not have an agency where the police are in search of an objective.The physical surveillance of the critical infrastructure is of police and digital cybersecurity is pursued by the PDI, therefore the two must act together because the answer is not only to protect in cyberspace or in the physical place, but they must also be coordinated.
We have to advance this, I have made a concrete proposal and have been trying for more than a year for the President Piñera to accept, to separate the Ministry of Interior and Public Security.What would allow the new Ministry of Public Security is that it specializes in an interagential system.Chile has to advance to an interagencial system, which is linked much better by the State's intelligence system with the public emergency system and also with the new law with the integrated policemen between them.If we are able to create a new ecosystem, all this will be part and there the cybersecurity is an element enabled everything, we do not need to generate a new tsar as spoken of cybersecurity is enough to have a coordinating authority and this new organism that explained forgive the strength that the country requires and thus protect the critical infrastructure that is fundamental.
What are the main cybersecurity challenges facing the armed forces?
The armed forces have a national cyber -defense policy and consider cyberspace as the fifth battle space, the first was the land where the military forces are, second the naval or maritime forces, the third was the air, the fourth was space and space was the space and space andThe fifth is cyberspace.Where is it physically?Well I say that it is under the sea, because the 99.9 of time the entire cloud, when talking about the cloud, movements, data or analysis, are occurring not by the air is occurring under the sea throughThe optical fiber cables that connect to all humanity.So there we have the essential first critical infrastructure that we have to protect from humanity that are submarine optical fiber cables, if they are cut we will be degraded in an incredible way because satellites are not able to have the speed we now have.
The Armed Forces have to know how to occupy this scenario to develop support operations and those are called information operations and know how to use in a favorable way but also know how to deny it and the denial of a space is normally using cybermines so they must have capacities to have cybermarksAnd develop them and that requires cybersolders and this is in the national cyber -defense politics but since it is not possibleThey can also put them at the service of the country, a kind of military service and the modality or way will have to be defined to contribute to their knowledge because cyberspace is the confrontation of knowledge, it is finally artificial intelligent algorithms programs that are acting andThey are developed by people.So when Chile has to invest?In person.If that is achieved, we will be able to have adequate cyberness to defend the country and then respond in the way that the State decides because the cyber attacks are not decently answered with a cyber attack, it can be with a conventional attack, a bombadeo, a block or what the president decides because finally the answer will depend on the damage that has been done, it does not necessarily have to be using the same means.If they destroy my electrical system with a cyber attack I can, if I have determined who is the one who has originated the attack and there is evidence, that is known as attribution, responding in a way that the legitimate defense allows it with all meansMilitary available.
Do the institutions of National Defense and Safety have technical and human capacities to face this new threats?
Who is better prepared right now is the Investigations Police with its cybercrime brigade.They have decided to invest a lot in the training of people and purchase of equipment.That is why they have also been an ally from the moment in which the national month of cybersecurity was created.In fact, the PDI, together with the Cybersecurity Institute, are the founders of the first international seminars, we are already in the third, the last one that was inaugurated by Mr. Hector Espinoza, general director of the PDI, together with the rector of the universitySanta María, and there one can see the collaborative work between the academic world and the police.The Investigation Police bought the technological building that Corfo had in Curauma, in the Valparaíso region, and in that place the new CIBER capacities are being installed and a space to have advanced cybersecurity research laboratories has been reserved.PDI is an investigations office.Advanced investigations are precisely to detect the border of the cyberdelito, where they are going, and that is why it is very virtuous to be able to work in decentralized regional governments of Santiago with the academic world, with universities, such as the Santa María University, the UniversityAndrés Bello, INACAP, the Catholic University of Valparaíso, which are the ones that are contributing researchers along with a state institution that is in this that is the Investigation Police.Then it has been naturally given that in this area the Investigation Police is much stronger
What is more required?
Generate capacities to have better handling of technological event sites.Notice that the crime can be in the RAM of the computer and if I turn off the computer the crime goes out, there is no evidence.So of that complexity we are talking about, how we manage to have specialized people who can reach where a technological crime has occurred, they can collect the evidence and have the digital custody chain so that this evidence arrives later through the prosecutor to be presented as a test.And there come the specialized prosecutors who know what we are talking about.In Spain, the Chief Prosecutor of Cyberdelito, Elvira Tejada, a great woman with whom we have talked a lot and has helped us in this, has pointed out the need to prepare the police, in this case the Investigation Police and on the other sidejudges who know and understand this so that they can condemn according to.This is also somehow developing but a new Law on Computer Crimes is fundamental.That is in the second legislative procedure, has just left the Security Commission of the Chamber of Deputies and integrates everything that is the Budapest agreement that allows to pursue the transnational cybercrimel, because these crimes no longer have borders, there are the criminals ofNorth Korea, Iran, Russia or anywhere, and how do I pursue them?If we manage to identify them, use mechanisms, conventions and thus be able to block them, neutralize them and it is necessaryThe technology that does humanity very well if used well.That is why we want ethical people developing ethical programs and algorithms and not people who are making a misuse destroying people, equipment, countries and even democracies making a misuse of technology.
What other cybersecurity initiatives are in process in Congress?
The most important is the new personal data protection law.The protection of personal data is the starting point of cybersecurity because we have to guarantee the person who has delivered ownership of their information to a third party, whether the State or a private one, is done with a consent for a specific purpose,not for anything.We have to work with data but the data has to be safe and if used for something that was not intended or not able to take care of them, they do not have the necessary cybersecurity measures and that data is taken third, fine those who do not have made.That fine will immediately have to raise the levels of information security protection.I hope companies opt, for example, to ISO 27001 that is the minimum standard we have for information security and from there up and that the government does the same.The State cannot be doing something that the rest is already applying.The private ones have already departed that this in Europe is law since May 25, 2018 and came to three places in the world by launching the European Data Protection Regulation such as India and Santiago de Chile because Europeans recognize that in Chile there is leadership.That was approved and made more than 300 indications for the law to be as adapted as possible to this European Personal Data Protection Regulation, but it has been standing in the Senate Finance Commission for more than a year in its first constitutional procedure.There has been no desire or look to advance.
For now, it is considered the creation of a National Personal Data Protection Agency that would depend on the Council for Transparency which I consider to be a big mistake, since the data is so important and it is a right that we must guarantee all thepeople who require maximum autonomy.Our Council for Transparency is a political agreement, we had many problems to achieve the appointment of the latest directors, we cannot do the same with personal data and both of them can be gathered for an economy for an economy.The country can perfectly finance a director who can be chosen by the Public Senior Directorate System to have a National Data Protection Agency completely Autonomous.That is late and requires to be put in a table because Chile need a new law on the protection of personal data and an institutionality such as the National Data Protection Agency.
There is a lack of the new cybersecurity framework law and that we are going to do with critical infrastructure.We cannot create other external organs, we have to reinforce what we have and there what I am proposing is, through the Intelligence Law, reinforce cyberinteligence and dedicate to it the responsibility of everything that is the coordination for the protection of the protection of thecomplete critical infrastructure, both physical and virtual and not separate them.That is something that I hope is part of these reform processes that are being requested from the public security system and that a bilateral Senate Security Commission and the Chamber of Deputies are created.I have requested that the separation of ministries be the first and that in this new ministry the interagencial work is enhanced by the cyberin -religion capacity and the coordination is created to be able to protect all the national critical infrastructure coordinating the police and if necessary the armed forces.
I am also the author of a constitutional reform motion to allow the president, without the need for a state of exception, of being able to include the armed forces in specific support if there is clear evidence that a critical infrastructure will be attacked and without needto change the conditions of personal freedoms, allow certain places to receive specialized personnel from the armed forces that can act properly against an attack that can be of unusual violence and with a fire capacity that the police cannot even beable to face.
What advantages does the signature of Cybersecurity collaboration agreements with countries such as the United States, the United Kingdom, Spain, Israel and Estonia represent?
They are fundamental because that demonstrates the trust you have to exchange sensitive issues.The collaboration agreements allow the exchange but we need to make it more important, which is that once you collaborate and develop knowledge you begin to generate products and there are products in the field of cybersecurity that have a dual use and can be occupied in a wayCivil but also military and that is regulated.The country has possibilities with the agreements, I am asking that with the agreement we have with Estonia, Locked Shields that are made in Tallinn can go and that it is one of the most important cyber -defense exercises in the world in which they participateEuropean Union and NATO countries as well as invited nations.Use that agreement for specific purposes and thus give each of the agreements a specific sense.Once we use them and generate knowledge, raise level and be able to articulate them with strategic trade in this type of technologies and be able to regulate them.
What importance do organizations such as the National Cybersecurity and CSirt Institute acquire to face this strategic challenge?
Chile needs within its national cybersecurity system, that all industries have their CSirt.These are the response centers for incidents that occur in the computer scope, whether generated internally to damage the organization or externally.You need to coordinate them and that coordination has to be a national capacity.We do not have it and each one is acting autonomously and without even sharing data, I do not stamped to share information.There are certain sectors that have defined up the standards, for example the financial one, through the financial market commission that has special instructions for banks to report if they are being attacked.We have much more critical infrastructure such as electric, sanitary, transport and sea in which we have nothing.Each industry must have these capabilities and then coordinate this industrial level coordination is done in Spain through the Cybersecurity Institute (INCIBE) that is in León.
Personally, I believe that national critical infrastructure, which in more than an 85 is in private hands, can be coordinated with an external entity that gives confidence to both private and public and an institution as the National Cybersecurity InstituteYou can do perfectly
The government has a CSirt but that is for the state connectivity network.We have given the task to the Government CSIRT to try to be the national coordination CSIRT but its function is to be the Coordinating Center for the State Network as the CSIRT of the Defense and all the CSirt does that eachDefense institution has.
In cybersecurity there is no hierarchy, if there were jeerochies and dependencies the systems would be much slower and if you destroy and attack everything would fall.The systems work in a network and all collaborate, so if one can follow the other but the primus interpares is always given to the most important or to the one who has the responsibility or that has the task in that minute of the coordination.We lack the National Coordinating Center that is something that for example in the United Kingdom does the National Cyber Security Center.Those structures are what we have to incorporate into Chile and for that the framework law of cybersecurity that says how we are going to do this.
What other tools do you think are to guarantee the security required by technological development and innovation in the country?
The first thing is to raise awareness, is to realize what is happening to us.Consciousness must have the leaders and I hope the president once uses the word cybersecurity in his speech to the nation.Many state leaders consider it as something relevant and occupy it.
The second, the ministers, that is an issue that summons them.I am asking that I hope an interministerial collaboration agreement between the Ministry of Science,, Knowledge and Innovation with the Ministry of Interior and Public Security and the Ministry of Defense was signed to be able to do advanced research in cybersecurity.
Consciousness allows us to realize the shortcomings and the great lack of Chile is of knowledge.I have worried that the new law that strengthens the regions appears the word knowledge that was not and is given a leading role in the generation of regional strategies to the new Ministry of Science,, Knowledge and Innovation.I am convinced that we are not alone in a knowledge society, but that knowledge is the greatest wealth that a region can have for the development of talents.
