The workshop aimed to enhance a practice-based and regionally sensitive norms guidance by addressing ransomware incidents in Latin America and the Caribbean. Participants shared experiences to collectively map how this cross-cutting regional concern can inform regional norms guidance.
Representatives of Chile and the Dominican Republic shared lessons from ransomware incidents. Chile detailed its Ministry of Foreign Affairs’ efforts to implement norms of responsible state behavior, focusing on international cooperation and information exchange. The Dominican Republic described their cybersecurity governance model, which enables quick interagency cooperation and collaboration with private sector actors, which crucial in handling major ransomware incidents.
Further insights were provided by representatives from Colombia, Uruguay, and Brazil. Colombia reported their swift and efficient response to ransomware attacks through cooperation with public institutions and private sector actors, emphasizing the importance of establishing incident response protocols and learning from past incidents. Uruguay discussed applying norms of responsible state behavior to ransomware cases, highlighting their participation in the Counter Ransomware Initiative and efforts to strengthen national cybercrime capabilities. Brazil outlined the role of government coordination, describing their Federal Incident Management Networks and special cybercrime directorate that coordinate responses at the state level, and mentioning their National Cybersecurity Council, which includes civil society organizations.
Participants discussed ransomware as an emerging threat to international peace and security, as recognized in the Annual Progress Report of the OEWG. The need for further steps towards a practice-oriented dialogue on how norms connect with such emerging threats was emphasized. It was acknowledged that countries in Latin America and the Caribbean have been dealing with an increasing number of ransomware incidents in recent years, disproportionately impacting governments and critical national infrastructure.
In response, LAC4 highlighted their work in enhancing regional capabilities to combat ransomware through awareness and technical trainings, crisis response, and collaboration at various levels. This ongoing effort by LAC4 serves as a mean to assist countries, underscoring the importance of collective regional efforts to address and mitigate the growing threat of ransomware.
The side-event workshop was organized by EU CyberNet, LAC4, Permanent Mission of Estonia to the United Nation, Ministry of Foreign Affairs of Chile, Ministry of Foreign Affairs of the Dominican Republic and Royal United Services Intitute (RUSI).