Shernon Osepa

Caribbean Faces Serious Cyber Security Threats

By Gerard Best

Carlos Martinez, Chief Technology Officer, Latin America and the Caribbean Internet Addresses delivers a presentation on regional cyber security at Internet Week Sint Maarten, Sonesta Great Bay Resort, Philipsburg, October 24, 2016. Looking on is Mark Kosters, Chief Technology Officer, American Registry of Internet Numbers. PHOTO: LACNIC
Carlos Martinez, Chief Technology Officer, Latin America and the Caribbean Internet Addresses delivers a presentation on regional cyber security at Internet Week Sint Maarten, Sonesta Great Bay Resort, Philipsburg, October 24, 2016. Looking on is Mark Kosters, Chief Technology Officer, American Registry of Internet Numbers. PHOTO: LACNIC

PHILIPSBURG, St Maarten—Keep it secret. And make sure it’s safe.

Don’t use your real name, your birth date, or any single word. Instead, try a short phrase that includes some numerals and even some punctuation.

Devising secure passwords for your online accounts and your family’s Internet-connected devices is simple enough, if you follow a few easy guidelines like these. But most people just don’t.

And a major attack on a little-known company underscores how much of the security of the global Internet now depends on that unwitting majority of ordinary Internet users. On October 21, a distributed denial of service, or DDoS attack, brought down a relatively obscure US-based firm called Dyn. Those attacks are fairly common, and they use huge networks of malicious software called botnets to bring down a specific service.

What made the DDoS attack on Dyn more troubling was that it set a dangerous precedent. Dyn provides domain name system or DNS services, which support part of the critical infrastructure underlying the global Internet. By targeting companies that make up the backbone of the Internet, hackers can bring down all kinds of other services.

Also disturbing is the fact that the hackers used networks of common smart devices like watches, TVs and refrigerators, to cause the major disruption. Analysts have linked the attack to the Mirai malware, which uses the Internet of Things, or IoT, as botnets. The Mirai source code was released on hacking websites in October.

Analysts are also linking the Dyn attack to others that took place within a five-week span, each larger than the previous, and all using Mirai. On September 20, a 660 Gbps attack was launched on the KrebsOnSecurity blog. A 1 Tbps attack was also launched on French hosting provider OVH on the same day.

“In the last two years, we’ve had multiple attacks, and the most recent attacks are using IoT devices,” said Mark Kosters, Chief Technology Officer of the American Registry of Internet Numbers, the organisation that provides number resource allocation and registration services for North America and parts of the Caribbean.

He explained that smart devices present an easy target for hackers to turn into botnets because users typically fail to secure them properly.

“A lot of the devices are vulnerable. It means that more and more homes are very quietly becoming potential sites of DDOS attacks,” he said.

“Now, we all have to make sure that all of those devices that we have around the house are secure.”

As smart devices proliferate, it will become easier for hackers to launch significant cyber attacks using unsecured IoT devices, unless ordinary end-users become more security-conscious. When it comes to cyber security, it turns out personal choices can have global consequences. And for the foreseeable future, it is the network of human beings who will have to keep the Internet of Things safe.

The ARIN CTO was speaking on the second day of a technology conference jointly held by the Caribbean Network Operators Group and the Internet Corporation for Assigned Names and Numbers (ICANN) in Philipsburg, Sint Maarten from October 24 to 26.

He co-presented with Carlos Martinez, Chief Technology Officer of the Latin America and Caribbean Internet Addresses Registry (LACNIC), ARIN’s counterpart in the Caribbean, Central and South America.

Also presenting on the technical, social and policy aspects of cyber security issues facing the Caribbean region were CaribNOG co-founder Bevil Wooding, an Internet Strategist with Packet Clearing House; Albert Daniels, ICANN Senior Manager for Stakeholder Engagement in the Caribbean; and Shernon Osepa, Regional Affairs Manager for Latin America and the Caribbean at the Internet Society (ISOC).

Supported by the Caribbean Telecommunications Union, Packet Clearing House and ArkiTechs, the event was part of Internet Week Sint Maarten, a five-day conference coordinated by the St Maarten telecommunications regulator, BTP and focused on developing the Caribbean Internet. The week ended with Sint Maarten on the Move, a two-day event jointly hosted by LACNIC and ISOC.


Google, Netflix to join Caribbean Internet providers for CarPIF

By Gerard Best

If you live in the Caribbean, you don’t need to be a computer expert to know that the region’s Internet services need to improve.
If your connection falters so often that you’ve long since stopped calling customer service for redress, then you’ve got a pretty good idea about the challenges of regional connectivity.
Or if you’ve ever tried to launch a web-based startup, but have found yourself at a competitive disadvantage simply because download or upload speeds aren’t cutting it, then you have already have a decent understanding of why the region needs more robust Internet infrastructure.
No further expertise needed.
Of course, fixing the underlying issues that cause those problems is another matter, requiring technical expertise, commerce negotiations and a healthy dose of good old-fashioned collaboration.
That’s precisely the mission of the Bevil Wooding, Shernon Osepa and a volunteer group of Caribbean Internet experts going by the name CaribNOG. They are behind the upcoming Caribbean Peering and Interconnection Forum (CarPIF) to be held in Barbados from May 27 to 28.
The event is being organised by the Caribbean Network Operators Group (CaribNOG), with support from Packet Clearing House (PCH), the Internet Society (ISOC) and the Caribbean Telecommunications Union (CTU). It will bring together high-level Internet industry players from across the region and around the world.
It marks the first time that Caribbean Internet service providers and major international content providers such as Google, Akamai and Netflix, will be gathering in the Caribbean for this kind of interaction, said Wooding, Internet Strategist with PCH.
“Internet Peering fora are commonplace in other regions of the world. They are used to bring Internet service providers and content providers from across the spectrum of the Internet ecosystem into one space to build relationships, broker agreements and discuss matters related to the development and strengthening of the peering relationships that underpin the Internet,” Wooding told the Guardian.
As an outcome of the upcoming CarPIF, regional consumers can look forward to a more stable, resilient, efficient Caribbean Internet, he said.

Growing Caribbean Internet economy
Shernon Osepa, Manager, Regional Affairs for Latin America and the Caribbean at ISOC, said “the forum is a testament to the growth and maturity that has taken place in the Caribbean Internet landscape over the past few years.”
He explained that the meeting will address “strategies for encouraging and increasing local digital content development, and opportunities for content delivery network operators in the Caribbean.”
Internet exchange point (IXP) operators, infrastructure providers, Internet service providers (ISPs), policymakers and regulators make up the list of registered attendees for the event. The wide range of participants will gain valuable insight into “how the Caribbean can maximise the opportunities that can be derived for greater interconnection and peering,” said Bernadette Lewis, secretary general of the CTU.
That organisation has been playing a major role in bringing regional governments into a greater appreciation of the value of creating a healthy regional Internet ecosystem. Strengthening the region’s critical Internet infrastructure is now widely understood to be a necessary first step to strengthening its Internet economy, as online commerce remains a largely underexploited way for local businesses to deliver local services for local Internet users.

Tech experts talk regional cyber security at CaribNOG

Shernon Osepa, the Curacao-born manager of regional affairs for the Internet Society (ISOC) Latin America and the Caribbean, is interviewed by Guardian New Media Editor Gerard Best, at CaribNOG 8, Hilton Curacao, Willemstad, September 30. PHOTO: GERARD BESTCyber security was top of the agenda as over 80 technology professionals from 15 countries gathered in Curacao for the second day of a major regional technology conference. And one expert the issue of data collection

The meeting is the eighth regional gathering of the Caribbean Network Operators Group (CaribNOG).

Because technology plays such an important role in the region’s development, cybersecurity is a major concern, said Shernon Osepa, the Curacao-born manager of regional affairs for the Internet Society (ISOC) Latin America and the Caribbean.

“A lot of commercial banks in the region are being attacked, but they simply don’t report when these attacks are done. So we know that they are happening but we don’t know to what extent,” Osepa said.

“These attacks are being masterminded by people who are highly educated, technically competent and very knowledgeable about Caribbean security vulnerabilities. This is their full-time job. And it is a global industry.”

 Osepa, alongside Albert Daniels, manager of stakeholder engagement for the Caribbean at the Internet Corporation for Assigned Names and Numbers (ICANN), delivered the day’s first presentations, which focused on the need to secure critical Caribbean Internet infrastructure.

“2013 was the year of the mega-breach,” Daniels said, explaining that the number of security breaches reported internationally hit a high last year, a trend that has continued in 2014.

 Daniels said the region’s businesses, governments and citizens needed to better understand the real-world repercussions of unsafe practices in the digital realm.

 One important aspect of education, he said, was to develop the practice of reporting confirmed or suspected cases of computer hacking, identity theft and other kinds of Internet-based criminal activity.

“If you live in the Caribbean, don’t think that the hackers are not trying to use our systems to perpetuate their crime. Even in the countries where there are few reports, that simply means that attacks are going unreported.”

Without reporting, decision-makers are unable to make informed decisions to properly address cybersecurity issues, said Elgeline Martis, head of the Caribbean Cyber Emergency Response Team.

“We in the Caribbean are not collecting data, so we cannot support our decision makers in taking the right cyber security measures. We need to start collecting our own data,” she said.

“For example, if we collect data and we see that spam is a big issue, then we are able to tell decision-makers they should invest in solving problems with spam. You always need updated facts and figures to support informed decision-making.”