The Organization of American States (OAS) has partnered with Trend Micro to produce its Report on Cybersecurity and Critical Infrastructure in the Americas, recently released and available at the link. With this detailed study, we hope to gain a greater understanding of the threats faced by critical infrastructure in the region, in order to 
build a more effective defensive.
Latin America has one of the fastest growing Internet populations in the world. This provides great social and economic benefits for the region, but it is also bringing an undesirable trend: cyber attacks. The National Critical Infrastructure (ICN) industry is particularly vulnerable here, with IT managers historically relying too much on “security by obscurity” to keep old systems secure. The report sought to know the scale of the problem and how the region is prepared to defend itself.
Cyber attackers are targeting Latin American countries. The trend was documented in the report in conjunction with the OAS in 2013, but ICN is particularly vulnerable because of the lack of investment in security and due to the growing volume of at-risk systems now connected to the Internet. This is not only true for energy and water companies, but also for banks, hospitals, telecommunications companies and even food producers. As such, cyber attacks have the potential to cause huge financial and reputational damage to ICN organizations, but also to cause serious economic and social damage to the affected country.
Since most critical infrastructures are run by private companies, partnership between government agencies and the private sector regarding the sharing of incident detection information is vital to successful cybersecurity strategies. Governments need to improve their communication and speak to each other, in order to share best practices. This is especially important given the relative immaturity of the information security industry in the Latin American region and the limited budgets available.
The new report debated the views of security chiefs working in critical infrastructure sectors across America. More than half (53%) said that ICN attacks had increased since the previous year, while 76% said that the attacks had become more sophisticated. Government (51%) and Energy (47%) were the sectors most targeted by cyber attackers, followed by Communications (44%) and Finance (42%).
Most Latin American countries, including Argentina, Brazil, Chile, Mexico and Peru, pointed out that the attacks have specifically targeted ICS / SCADA industrial equipment. These attacks will only increase as organizations get better at detecting them, and more systems are connected to the Internet, increasing their risk exposure. Only one Latin American country, Chile, said it felt fully prepared for a cyber incident, and only three reported that security budgets had definitely increased over the previous year.
Reducing SCADA risk
Latin American organizations are being targeted by the same types of worms, trojans, browser exploits, hacking tools and other threats. Outdated systems, insecure removable devices and reckless user behavior are making the job of criminals even easier.
Not every attack on critical infrastructure was aimed at ICS / SCADA systems. In fact, information theft was experienced by most participants (60%), more than attacks on control systems (54%). However, industrial control systems are particularly vulnerable.
Based on the study, a brief list of security checks for ICN organizations using ICS / SCADA was developed:
· Implement anti-malware software, wherever possible, across the ICS environment
· Use a bastion host to prevent unauthorized access to protected locations throughout the ICS environment
· Application whitelisting across the ICS environment to prevent unauthorized applications from running
· Implement a breach detection system
· Enable a USB lock in all SCADA environments. This prevents malware from physically entering the environment
· Implement basic security measures between network segments, such as a firewall / IPS, between the business network and the ICS network.
quick access
EN 
PT 
