Five Questions to Understand the New Regulations on Cybersecurity in Cuba

Five Questions to Understand the New Regulations on Cybersecurity in Cuba
Fecha de publicación: 
29 August 2021
Imagen principal: 

With the access from more than five million citizens to Internet, Cuba updated its regulations in terms of cybersecurity after the release of Resolution 105, which typifies for the first time the sort of events that occur in the cyberspace.

In the words of Pablo Domínguez Vázquez, director of Cybersecurity at the Ministry of Communication (MINCOM) in Cuba, the resolution does not limit at all the active interaction of Cubans in social networks or their freedom of speech. In turn, it is a clear legislative statement aiming at enforcing a civil and responsible behavior in the cyberspace, which is mandatory in the physical world.

The Cuban Agency News sheds light on the main questions of Internet users have, based on the exclusive interview granted by the specialist, the regulation issued at the Ordinary Official Gazette No.92 as well as other information from the UN’s International Telecommunication Union (ITU).

Why did Cuba develop a legal norm such as the Resolution 105 to manage Cybersecurity incidents?

The Director of Cybersecurity at MINCOM said that this regulation is a methodologic document that gives continuity to a process and therefore, it is the best way to meet the provisions of article 25, Decree 360, issued in 2019, which highlighted the need to establish a national model for actions to face incidents at cyberspace.

In this line, he said they have been working for years in the development of this regulation with a clear intention, as it is a complicated issue and working teams have been created to analyze it and hence come up with a more comprehensive regulation, given the Cuban context.

The Resolution 105 was paramount as there was a legal void regarding the categorization of incidents in the virtual world, which transcend the technological issue. It was not an urgency for the nation years ago, but it is vital now with the growing use of Internet and widespread practice of social network.

What are the potentials in the implementation of Resolution 105?

Although the incidents management in Cuba is not something new, the Resolution 105 expands its scope to natural people and this way, the protection to their rights are guaranteed according to the categorization of the incidents that may actually threat individuals, civil peace, and the development of society in every aspect.

Domínguez Vázquez said that by having an established national model for action by stages, a greater responsibility is given to legal entities on how to proceed before a cybersecurity incident, its notice, investigation, and finally the mitigation or recovery — period of time where order is restored.

Likewise, the specialist pointed out that by defined actions, the model of action has a preventive nature for both legal persons and natural persons, with the latter being benefitted by a methodological tool that will allow them to know what cybersecurity incidents are as well as the irresponsible behavior that must be avoided, which was a rule enforceable for legal entities in former regulations.

The specialist also stated that the Resolution poses a correlation between the incident threat and its impact.  For instance, it is not weighed up the same that fake news associated to a certain problem of the nation, involving a high number of people, the prestige of entities, or inciting future actions that may affect the right course of daily life that the fake news related to a certain issue, with a barely negative impact.

Another new element is that the regulation allowed to create conditions for facilitate the notice of threats thought a joint front-desk service with several alternative of communication (single number 18810).

Does the Resolution 105 protect natural persons?

The regulation does protect natural persons, but it will always depend on a multitude of factors, said Domínguez Vázquez, who explained that it is paramount to bear in mind the characteristics of the platforms (whether they are domestic or foreign), the possibility of collecting evidence from the incidents, and getting to know the presence (or not) of involved individuals.

The result will always be positive, the official from MINCOM added, as people will generate recommendations and data will be filed, which may contribute to other actions in the international cooperation and political fields, as well as the assessment of trends.

He also stated that even though the final answer may not be the one we expect, the incident management will allow us to work with statistics and elements to analyze trends, “a paramount contribution to the present situation, where we know that incidents occur but there is no way to manage these processes.”

This protection shall be made accessible against any kind of incidents happening from Cuba and on platforms and services under state control, a trend that must grow along with the enhancement of legal and organizational aspects that guarantee the compatibility of actions in the interaction with citizens.

What are the consequences you face once you commit a Cybersecurity incident?

None of the categorizations weighed in the Resolution 105 are crimes by themselves, although they may be regarded as such, stated the MINCOM’s cybersecurity director.

For example, if a natural person is responsible of a crime in the workplace, and after its analysis and event tracking, it is believed it may have an administrative solution, then a Labor-code-based sanction will be imposed.

In case of distribution of pornographic content, and after the initial inquiry, it is also proven child molestation, this person will be trialed under the Penal Code.

How are Cybersecurity incidents being regulated in other countries?

Cuba is not the first country to legislate about incidents in the cyberspace. Several nations have developed regulations on the management of these processes, with huge impact over all sectors of society and wider scope to both natural and legal persons, according to a web search.

The countries with greater number of regulations are top 20 in the global rate of cybersecurity released by ITU. For instance, in Spain, 4th in the global ranking, there is a Code for the Cybersecurity Law, which establishes provisions related to national security, telecommunications, cybercrimes, data privacy, network security and information systems.

In Latin America, we have Colombia, among others, which owns a Virtual Incident-Based Reporting System and a Police Cybernetic Center, and Peru, a nation that has established in its legal framework that the illegal use of social networks to attribute a person a feature or behavior that may prejudice his or her fundamental rights is regarded as an aggravated form of crime of defamation.

In general terms, the adoption of regulations in different nations have positively impacted on reducing and better management of incidents. It has also raised awareness and culture among citizens while allowing to have a much better organization of specialized entities fighting these incidents.

Translated by Sergio A. Paneque Díaz / CubaSí Translation Staff

Add new comment

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Enter the characters shown in the image.