Latin America, a region so complex in its political maneuverings and so diverse in its cultural and historical trajectories that makes it virtually impossible to do a thorough and general analysis or even a sane description of anything that has even the slightest relation to national security or any political issue. The key relies on narrowing the viewpoint and directing the analytical lens on a specific region, whilst untangling the data alongside with the relevant facts that provides a canvas on which a proper analysis can be crafted. Furthermore, analyzing cybersecurity from a strategic and political point of view can be a daunting task if the scope is too broad in terms of a regional approach. This is where geo-political science comes into play and suggests an appropriate point of departure—Central America; a region that rises to the forefront of this analysis for its importance on the role it plays within the continent’s political and international security landscape.

The Central American region, which is roughly the same size as France, serves as a bridge between North and South America. It connects both considerably larger landmasses, making it a key strategic target for logistics, transportation, telecommunications, commerce, and unfortunately — organized crime. This, with the addition of crucial factors ranging from a lack of a sustainable development in education, a weak legal framework, heightened corruption, and struggling law enforcement initiatives generates a perfect storm; an impeccable environment for transnational organized crime to proliferate into different forms and shapes, creating an impossible cat and mouse game in which the capacity to respond is relegated a couple of steps behind. The so-called Central American Northern Triangle (i.e., Guatemala, Honduras and El Salvador) is subject to the worst of it, which is reflected in murder rates that rival those of countries that are in midst of an armed conflict or war. According to statistics from the National Police of each country, the murder rate at the end of 2019 was 21.5 murders per 100,000 inhabitants for Guatemala, 50.3 in El Salvador and 43.6 for Honduras; though there has been a significant decrease in the last ten years, the numbers today are still worrisome and depicts each country as some of the most dangerous in the world.

The Northern Triangle countries’ privileged position alongside with its weakened State conditions allow for drug trafficking cartels from South American countries to smuggle their illicit products via land, air, or sea through its territories, finding its way up to the more consuming part of the continent in the north. It also allows for transnational organized crime – originating mainly from North America – to thrive in the illicit trade of contraband arms and ammunition, originating mainly from North American countries finding its way to other countries in the south. Lastly, the lack of proper sustainable development and job opportunities in Central American countries is driving its inhabitants to look for better chances to provide for their families in countries in the north, particularly the United States of America. Many of these people are forced to leave their country because of the increased level of crime and violence that these conditions yield. This phenomenon results in mass migration, in which according to UN statistics around 3.6 million people migrated in 2019 from Northern Triangle countries. Unfortunately, this mass migration enables other potential threats in human trafficking—specifically unaccompanied children—to be added to the already disquieting list of international security threats in the region.

This brief expose contextualizes why cybersecurity is challenging for government authorities – they have to juggle between the most important issues in national security worldwide and now face the complications and risks that cyber developments carry. they have to add the cyber component to the mix. However, the reality is that most of these criminal groups are shifting and taking advantage of cyberspace to facilitate its operations, in order to better hide their actions and increase their illicit profits.

For instance, according to statistics provided by the Guatemalan National Security Council, the second listed reason for violent murders in the country in the last 5 years – after personal vengeance – is street gang related, with it contributing 25% of the total cases in 2019. Street gang organized crime has become the number one national security threat in the northern triangle because of this reason, relegating drug trafficking to second place, and the increased use of cyberspace from these groups has shifted the focus of government authorities towards developing laws, policies, and strategies to try to mitigate their actions. Cyberspace has become an excellent weapon and prolific environment not only for street gangs, but for drug trafficking cartels and other transnational organized crime groups; it is used to communicate with their peers, to improve their logistics, as a propaganda and recruitment device; and to attack, extort and instill panic in the already established online businesses and electronic services. In addition, and setting aside the organized crime aspect of cybersecurity, there are other important issues that need to be taken into account as well—those being hacktivism and critical infrastructure protection.

So, the big question government authorities ask is: how to tackle multiple and major national security threats whilst dealing at the same time with a fairly new and mostly unknown domain in cyberspace? The answer so far has been designing a solution with a top-down approach; this meaning a strategic and political solution that scatters down to an operational level, with a breadth of focus on society, since cyberspace is inherently a multi-stakeholder domain. and with a whole of society focus since cyberspace is inherently a multi-stakeholder domain. Guatemala has set a great example by developing a roadmap that includes designing a National Security Strategy, commencing a discussion of a bill in Congress that seeks to legislate cybercrime at a national level based on the Budapest Convention, and starting a National Computer Emergency Response Team as its initial steps. This approach is coherent with a top-down perspective since the National Cybersecurity Strategy and the Cybercrime Act serve as a starting point, a framework to guide the operational levels on how to act properly and efficiently in cyberspace.

Regarding national cybersecurity strategies and cybercrime acts, it is of utmost importance that countries share similarities and a certain harmony between them in order to guarantee a successful functionality. This harmony is key if we take into account that cybercrime knows no borders; and as such, principles like jurisdiction and accountability become challenging to say the least. That is why global and regional conventions such as the Budapest Convention are vital in reducing the gap in capacity countries have to respond to cybercrime worldwide, in attracting more participants to adhere to said convention, and to develop coherent and harmonized cybercrime acts locally. Though the Budapest Convention is not without controversy, many countries would argue that the convention, alongside with the current state of international law, is not enough and that a new framework is needed.

International and regional organizations are also important. For Latin America and the Caribbean, the OAS has been vital to provide a set of norms, methodologies, and guidance to several countries in developing their national cybersecurity strategies. The OAS, through the Inter-American Committee against Terrorism (CICTE) and its Cyber Security Program, has cooperated with countries in the region in designing and implementing a national cybersecurity strategy that not only provides the necessary framework within each state but also facilitates international cooperation in building confidence measures while providing tools to combat cybercrime. In 2018, 10 countries in the region had published a National Cybersecurity Strategy-—three of them being Central American countries (i.e., Guatemala, Costa Rica and Panama)—in which the OAS provided crucial cooperation. In the same manner, countries like Guatemala and El Salvador have come forward with the Council of Europe to request cooperation through their Global Action on Cybercrime Extended (GLACY+) Program to implement a cybercrime act that can enable those countries to adhere to the Budapest Convention. This will enable them to exchange information and build capacities with other members more efficiently and be part of the solution to crack cybercrime globally. In this sense, Guatemala has taken significant steps in implementing a cybercrime act aligned with the Budapest Convention to the point where an official invitation was extended in February of 2020 by the Council of Europe for Guatemala to adhere to the convention.

On a conclusive note, Central American countries have achieved important milestones into developing a strong foundation for national cybersecurity, such as countries like Guatemala and Panama which already have a national strategy in place and have joined the Budapest Convention. Although these political and strategic instruments already exist and were recently implemented, there is still a significant gap between them and the operational field. Local law enforcement as well as the judicial and legislative branches needs urgent capacity building programs, human talent, resources, and equipment to close down the complex circle that represents an all-inclusive fight against cybercrime.