Compare
Compare
Costa Rica has established itself as a leading country in technological adoption, in combination with a complete commitment to sustainability and the protection of the environment. Information and communications technology services accounted for 49% of the country’s exports (twice the average of OECD countries), placing the Central American country at the forefront of the digital economy.
Over the past decade, Australia has been a frontrunner in terms of digital transformation; the country ranked 11th globally on the 2020 Global Connectivity Index and 2nd in the Indo-Pacific. Australia’s better-than-expected economic performance in 2021 was largely owed to increased government efforts at promoting the digitalisation of businesses and government services, with significant investment being poured into the ICT sector under the Digital Economy Strategy and the Regional Connectivity Program. Meanwhile, however, self-reported losses from cybercrime amounted to more than $33 billion during the 2020-2021 financial year (E), while roughly a quarter of cyber incidents reported during the same period involved Australia’s critical infrastructure or essential services (E). In the cyber diplomacy realm, Australia has traditionally been a prominent member of the ‘like-minded’ group, promoting a vision of a free, open, and secure cyberspace that is very much in line with EU values and efforts.
According to the International Telecommunications Union (ITU), as of 2021, Peru had an internet penetration rate of around 71.1 %. However other indexes place this number in the mid 60’s. Although many improvements were made in the past few years, Peru still possesses low network coverage, especially in rural areas and a relatively low network performance.
The government of Peru has been implementing initiatives to increase connectivity in rural areas, including a national broadband plan and a program to deploy free Wi-Fi hotspots in public spaces, with a year-on-year increase of almost 100 %.
Peru ranked 86 out of 182 countries surveyed in the ITU’s Global Cybersecurity Index in 2020.
The government of Peru has been implementing initiatives to increase connectivity in rural areas, including a national broadband plan and a program to deploy free Wi-Fi hotspots in public spaces, with a year-on-year increase of almost 100 %.
Peru ranked 86 out of 182 countries surveyed in the ITU’s Global Cybersecurity Index in 2020.
Costa Rica has played a paramount role in the Organisation of American States as is one of seven American countries that sponsored a resolution within the framework of the OAS as part of a Working Group on Cooperation and Confidence-Building Measures in Cyberspace. The resolution is inspired by the work of the United Nations Group of Governmental Experts and aims at enhancing interstate cooperation, transparency, predictability, and stability in cyberspace.
Australia believes that “the foundation for responsible state behaviour in cyberspace is our mutual commitment to existing international law” and that, as per the 2021 report of the Open-Ended Working Group (OEWG), international law is “essential to maintaining peace and stability and promoting an open, secure, […] stable, accessible and peaceful ICT environment.” In particular, Australia has affirmed that the UN Charter applies in its entirety to state actions in cyberspace, including the prohibition on the use of force, the peaceful settlement of disputes, the right to self-defence in response to an armed attack, the law of state responsibility during peacetime, and the doctrine of countermeasures in response to internationally wrongful acts. International legal obligations also include the respect for human rights and fundamental freedoms (especially the right to privacy and freedom of expression), as well as the application of international humanitarian law (IHL) to cyber operations in armed conflict. On the application of IHL, Australia echoes the position taken by the ICRC that “recognition of the application of IHL neither encourages militarisation, nor legitimises resort to conflict in any domain”.
Peru is one of the Latin American countries to have signed and ratified the Council of Europe’s Convention 108+.
The country has also participated in the United Nations Open-ended Working Group (OEWG) on Developments in the Field of Information and Telecommunications in the Context of International Security. As a matter of fact, after the third substantive session of the OEWG, Peru issued a statement supporting the primacy of the UN Charter and the application of international law in the use of ICTs and in cyberspace, as well as the future establishment of legally binding obligations.
On the other hand, Peru along with Chile and the United States of America, has a divergent view on the notion of cyber attack and the applicability of international law. Peru states that in order for a cyber operation to be considered an attack, it results in direct death, injury or physical harm.
The country has also participated in the United Nations Open-ended Working Group (OEWG) on Developments in the Field of Information and Telecommunications in the Context of International Security. As a matter of fact, after the third substantive session of the OEWG, Peru issued a statement supporting the primacy of the UN Charter and the application of international law in the use of ICTs and in cyberspace, as well as the future establishment of legally binding obligations.
On the other hand, Peru along with Chile and the United States of America, has a divergent view on the notion of cyber attack and the applicability of international law. Peru states that in order for a cyber operation to be considered an attack, it results in direct death, injury or physical harm.
Costa Rica has a long history of collaborating on cyber issues within the OAS Cyber Security Program, from training to capacity-building for both the public and private sectors. At a 2019 intervention, Costa Rica recognised the leadership carried out by the aforementioned Working Group in coordinating the response to cyber incidents regionally and establishing a cooperative framework of action to cyber threats.
Costa Rican participation in the UN OEWG is guaranteed until 2025. As part of the second substantive session in 2022, Costa Rica confirmed - along with several other countries - that international law is fully applicable to the use of ICT by states [OH1], with a focus on how international humanitarian law and the principles of humanity, necessity, proportionality, and distinction apply in cyberspace.
An interesting approach was taken by Costa Rica during this session, as the Caribbean country emphasised a multi-stakeholder approach to cybersecurity, involving the private sector, civil society, and researchers’ analysis, information, and capacity on threat. Australia has been actively involved in both norm-building processes that have been occurring under the auspices of the UN, namely the UN Open-Ended Working Group (GGE) and the OEWG. The country’s 2021 International Cyber and Critical Tech Engagement Strategy notes that the 11 voluntary, non-binding norms on responsible state behaviour agreed under the 2015 UN GGE consensus reports serve to “promote predictability, stability, and security” in cyberspace and should be seen as the “point of departure” for any constructive norm-building discussion. Australian diplomats have consistently reiterated the complementarity between international law and norms of responsible state behaviour, stating that “norms are not a panacea” and that they should not be understood as a standalone “normative framework”, since they do not replace existing state obligations under international law. For this reason, Australia stands against the establishment of binding norms or agreements. The country is not prima facie opposed to discussing other states’ proposals for the development of new norms, but Australia’s own “proactive priority” is reaching agreement of guidance on the implementation of the existing norms. In the current environment, Australia believes that “we will have the biggest impact on international peace and stability if we translate norms ‘on paper’ into norms ‘in practice’”. While not discounting the value of “norms agreed among friends”, it has also highlighted that the framework will only be effective when it is any proposals for new norms would first need to be negotiated, agreed upon, and endorsed by universal consensus. Peru stresses the need to make a distinction between 'cyber attacks' (which involve 'damage being caused to a militarily relevant target, which may be totally or partially destroyed, even captured or neutralised') and an 'abrupt disruption of communications in cyberspace', i.e. cyber operations that cause inconvenience, even extreme inconvenience, but not direct injury or death, or destruction of property. Accordingly, Peru emphasises the determination of the legality of cyber operations in the context of the use of force by taking into account whether they may result in death or injury to persons or property.
Peru has noted the difficulty of attribution in cyberspace. Coinciding with other American states, Peru has focused on the state's duty to ensure that its territory is not used by non-state actors to launch attacks. In this regard, Peru states that the inertia of a state towards a non-state actor that could unleash a cyber-attack on another state and that it was in a position to control could make its behaviour attributable to the state.
In any case, Peru highlights the validity of various human rights in cyberspace, including 'the right to privacy and intimacy, freedom of information, freedom of expression, free and equal access to information, bridging the digital divide, intellectual property rights, free flow of information, the right to secrecy of communications'.
Costa Rican participation in the UN OEWG is guaranteed until 2025. As part of the second substantive session in 2022, Costa Rica confirmed - along with several other countries - that international law is fully applicable to the use of ICT by states [OH1], with a focus on how international humanitarian law and the principles of humanity, necessity, proportionality, and distinction apply in cyberspace.
An interesting approach was taken by Costa Rica during this session, as the Caribbean country emphasised a multi-stakeholder approach to cybersecurity, involving the private sector, civil society, and researchers’ analysis, information, and capacity on threat. Australia has been actively involved in both norm-building processes that have been occurring under the auspices of the UN, namely the UN Open-Ended Working Group (GGE) and the OEWG. The country’s 2021 International Cyber and Critical Tech Engagement Strategy notes that the 11 voluntary, non-binding norms on responsible state behaviour agreed under the 2015 UN GGE consensus reports serve to “promote predictability, stability, and security” in cyberspace and should be seen as the “point of departure” for any constructive norm-building discussion. Australian diplomats have consistently reiterated the complementarity between international law and norms of responsible state behaviour, stating that “norms are not a panacea” and that they should not be understood as a standalone “normative framework”, since they do not replace existing state obligations under international law. For this reason, Australia stands against the establishment of binding norms or agreements. The country is not prima facie opposed to discussing other states’ proposals for the development of new norms, but Australia’s own “proactive priority” is reaching agreement of guidance on the implementation of the existing norms. In the current environment, Australia believes that “we will have the biggest impact on international peace and stability if we translate norms ‘on paper’ into norms ‘in practice’”. While not discounting the value of “norms agreed among friends”, it has also highlighted that the framework will only be effective when it is any proposals for new norms would first need to be negotiated, agreed upon, and endorsed by universal consensus. Peru stresses the need to make a distinction between 'cyber attacks' (which involve 'damage being caused to a militarily relevant target, which may be totally or partially destroyed, even captured or neutralised') and an 'abrupt disruption of communications in cyberspace', i.e. cyber operations that cause inconvenience, even extreme inconvenience, but not direct injury or death, or destruction of property. Accordingly, Peru emphasises the determination of the legality of cyber operations in the context of the use of force by taking into account whether they may result in death or injury to persons or property.
Peru has noted the difficulty of attribution in cyberspace. Coinciding with other American states, Peru has focused on the state's duty to ensure that its territory is not used by non-state actors to launch attacks. In this regard, Peru states that the inertia of a state towards a non-state actor that could unleash a cyber-attack on another state and that it was in a position to control could make its behaviour attributable to the state.
In any case, Peru highlights the validity of various human rights in cyberspace, including 'the right to privacy and intimacy, freedom of information, freedom of expression, free and equal access to information, bridging the digital divide, intellectual property rights, free flow of information, the right to secrecy of communications'.
In 2016, Costa Rican Cybersecurity Incident Response Team (CSIRT) joined CAMP, an international alliance that serves as a platform for the members to enhance their cybersecurity capacity.
Costa Rica is also collaborating with Israel on cyber issues and digital transformation in an effort that has the potential to streamline innovation in the public sector, transforming public services and institutions and positioning Costa Rica as a regional benchmark in cybersecurity.
On a national scale, Costa Rica launched a digital transformation strategy for the public sector in 2018 and is now working to create a strategy for the implementation of Artificial Intelligence. The initiative seeks to promote the use of digital technologies and access to scientific knowledge, innovation, technology, and telecommunications for social and productive transformation.
Having suffered a cyber attack in 2022, Costa Rica is now positioning cybersecurity as a top national priority, and the Ministry of Science, Innovation, Technology and Telecommunications is beginning to implement various actions to detect, respond and correct cyber intrusions, build faster and more robust response protocols, and train individuals in skilled threat detection. In recent years, Australia has emerged as a regional leader in conversations surrounding cyber resilience in the Indo-Pacific as well as globally. The new 2021 International Cyber and Critical Tech Strategy constitutes one of the most comprehensive documents of its kind, with “secure, resilient, and trusted technology” representing a crucial objective. Key initiatives include enhanced protections for critical infrastructure and systems of national significance, as well as greater support for businesses and individuals to develop their cybersecurity resilience. In the past three years, Australian cyber diplomats have brokered a series of bilateral partnerships in the form of cyber Memoranda of Understanding (MOUs); currently there are agreements with India (2020), Indonesia (2018), Papua New Guinea (2018), Singapore (2020), and Thailand (2019), all of which include capacity-building and information-sharing elements. On a regional level, the country is chairing the Asia-Pacific CERT community and the Asia-Pacific cybersecurity operations network. Australians have also significantly extended their regional outreach through their flagship capacity-building initiative, the Cyber and Critical Technology Cooperation Program. Meanwhile, Australia participates in several multipartite initiatives with a strong cyber component such as the Structured Quadrilateral Security Dialogue (the eponymous Quad) along with India, Japan, and the US, and the tripartite AUKUS coalition along with the US and the UK. In international fora, Australia has been a vocal champion of increased international collaboration in cyber capacity building (CCB), welcoming references to further cooperation within the 2021 OEWG report but cautioning against limiting such cooperation to the protection of national, translational and supranational infrastructure. Australia has also argued that CCB should be mainstreamed into the larger development agenda of the UN, specifically the Sustainable Development Goals. The Personal Data Protection Law N° 29733 (PDPL) was enacted in June 2011. In March 2013, the Supreme Decree N° 003-2013-JUS-Regulation of the PDLP (Regulation) was published in order to develop, clarify and expand on the requirements of the PDPL and set forth specific rules, terms and provisions regarding data protection.
Together, the PDLP and its Regulation are the primary data protection laws in Peru.
As of 2021, Peru approved the Bill that creates the National Authority for Transparency, Access to Public Information and Protection of Personal Data.
Peru possesses a Digital Trust Framework, as a means to establish certain obligations for public or private entities acting as digital service providers. These include reporting when a digital security incident involving personal data occurs, as well as implementing technical, organisational, and legal security measures to guarantee the confidentiality of information transmitted through its communications services.
Over the last decades, the Peruvian state has made efforts to promote digital transformation, both within its institutions and in the services it offers to citizens and has outlined a Digital Agenda in 2021 for Digital Transformation.
Costa Rica is also collaborating with Israel on cyber issues and digital transformation in an effort that has the potential to streamline innovation in the public sector, transforming public services and institutions and positioning Costa Rica as a regional benchmark in cybersecurity.
On a national scale, Costa Rica launched a digital transformation strategy for the public sector in 2018 and is now working to create a strategy for the implementation of Artificial Intelligence. The initiative seeks to promote the use of digital technologies and access to scientific knowledge, innovation, technology, and telecommunications for social and productive transformation.
Having suffered a cyber attack in 2022, Costa Rica is now positioning cybersecurity as a top national priority, and the Ministry of Science, Innovation, Technology and Telecommunications is beginning to implement various actions to detect, respond and correct cyber intrusions, build faster and more robust response protocols, and train individuals in skilled threat detection. In recent years, Australia has emerged as a regional leader in conversations surrounding cyber resilience in the Indo-Pacific as well as globally. The new 2021 International Cyber and Critical Tech Strategy constitutes one of the most comprehensive documents of its kind, with “secure, resilient, and trusted technology” representing a crucial objective. Key initiatives include enhanced protections for critical infrastructure and systems of national significance, as well as greater support for businesses and individuals to develop their cybersecurity resilience. In the past three years, Australian cyber diplomats have brokered a series of bilateral partnerships in the form of cyber Memoranda of Understanding (MOUs); currently there are agreements with India (2020), Indonesia (2018), Papua New Guinea (2018), Singapore (2020), and Thailand (2019), all of which include capacity-building and information-sharing elements. On a regional level, the country is chairing the Asia-Pacific CERT community and the Asia-Pacific cybersecurity operations network. Australians have also significantly extended their regional outreach through their flagship capacity-building initiative, the Cyber and Critical Technology Cooperation Program. Meanwhile, Australia participates in several multipartite initiatives with a strong cyber component such as the Structured Quadrilateral Security Dialogue (the eponymous Quad) along with India, Japan, and the US, and the tripartite AUKUS coalition along with the US and the UK. In international fora, Australia has been a vocal champion of increased international collaboration in cyber capacity building (CCB), welcoming references to further cooperation within the 2021 OEWG report but cautioning against limiting such cooperation to the protection of national, translational and supranational infrastructure. Australia has also argued that CCB should be mainstreamed into the larger development agenda of the UN, specifically the Sustainable Development Goals. The Personal Data Protection Law N° 29733 (PDPL) was enacted in June 2011. In March 2013, the Supreme Decree N° 003-2013-JUS-Regulation of the PDLP (Regulation) was published in order to develop, clarify and expand on the requirements of the PDPL and set forth specific rules, terms and provisions regarding data protection.
Together, the PDLP and its Regulation are the primary data protection laws in Peru.
As of 2021, Peru approved the Bill that creates the National Authority for Transparency, Access to Public Information and Protection of Personal Data.
Peru possesses a Digital Trust Framework, as a means to establish certain obligations for public or private entities acting as digital service providers. These include reporting when a digital security incident involving personal data occurs, as well as implementing technical, organisational, and legal security measures to guarantee the confidentiality of information transmitted through its communications services.
Over the last decades, the Peruvian state has made efforts to promote digital transformation, both within its institutions and in the services it offers to citizens and has outlined a Digital Agenda in 2021 for Digital Transformation.
Costa Rica is one of the few Latin American countries to have signed the Budapest Convention on Cybercrime, along with the First and Second Protocol (this one was signed in 2022 but yet to be ratified), and is at the forefront of cybercrime legislation in the region.
National legislation on cybercrime is fully compliant with the Convention and is contained in the Law on Intervention of Telecommunications and the Law of Computer Crimes and Related Crimes. It includes penalties for committing cybercrimes in the country. Additionally, legislative regulations were introduced to govern the use of social networks and other electronic means.
Their Cybersecurity Policy from 2017 was updated in 2021 with the creation of the CSIRT, the implementation of cybersecurity protocols across public institutions and the establishment of partnerships with strategic actors, mainly in the private sector. The 2021 International Cyber and Critical Tech Engagement Strategy recognises that Australia, and the Indo-Pacific region more widely, faces a “worsening” cybercrime landscape characterized by “expanding threats, low barriers to entry, and increasingly resourceful actors”. Australia acceded to the Council of Europe’s Budapest Convention in 2013 and has since been vocal about the Convention’s status as the “most comprehensive and effective basis upon which to pursue a common international approach”. The country voted against the Russia-sponsored UN resolution on the establishment of a new cybercrime treaty; however, upon the passage of the resolution and the subsequent creation of a dedicated Ad Hoc Committee, Australia has been active in advocating for a “transparent, inclusive, and consensus-based process with multi-stakeholder participation”. More specifically, it has stated that the new Convention should “draw heavily” from existing international instruments such as the UN Convention against Transnational Organized Crime (UNTOC), the UN Convention against Corruption (UNCAC), and especially the Budapest Convention, so as to avoid undermining these regimes and ensure the protection of human rights. Australia has additionally placed great emphasis on the need for international cooperation, with the 2021 Strategy noting that “information sharing, discussion and capacity building are vital to any meaningful response to the threat posed by cybercrime”. The country has launched numerous regional cooperation and capacity-building initiatives, partnering with Pacific Island countries (Tonga, Fiji, Samoa, Vanuatu, Solomon Islands, Niue, Tuvalu) to advance cybercrime law reform and ensure alignment with Budapest provisions. Peru’s signature and ratification of the Budapest Convention on Cybercrime, which is the only binding international instrument dealing with cybercrime, was a great step towards advancing a cyber agenda.
In 2019, Peru passed a Cyber Defence Act, with the objectives of defending and protecting sovereignty, national interests, critical national assets and key resources to maintain national capabilities against threats or attacks in and through cyberspace, when these affect national security.Peru has also passed a Cybersecurity Framework for the private sector, with the objective of identifying and protecting information assets, detecting security events, and providing for response and recovery from cybersecurity incidents.
In this context, there are more and more reports of cybercrime in the country. According to data from the Public Prosecutor's Office, in 2021 they received 18,596 reports of cybercrime cases, which represents a percentage increase of 92.9% compared to 2020, with phishing and ransomware being the most common attacks.
National legislation on cybercrime is fully compliant with the Convention and is contained in the Law on Intervention of Telecommunications and the Law of Computer Crimes and Related Crimes. It includes penalties for committing cybercrimes in the country. Additionally, legislative regulations were introduced to govern the use of social networks and other electronic means.
Their Cybersecurity Policy from 2017 was updated in 2021 with the creation of the CSIRT, the implementation of cybersecurity protocols across public institutions and the establishment of partnerships with strategic actors, mainly in the private sector. The 2021 International Cyber and Critical Tech Engagement Strategy recognises that Australia, and the Indo-Pacific region more widely, faces a “worsening” cybercrime landscape characterized by “expanding threats, low barriers to entry, and increasingly resourceful actors”. Australia acceded to the Council of Europe’s Budapest Convention in 2013 and has since been vocal about the Convention’s status as the “most comprehensive and effective basis upon which to pursue a common international approach”. The country voted against the Russia-sponsored UN resolution on the establishment of a new cybercrime treaty; however, upon the passage of the resolution and the subsequent creation of a dedicated Ad Hoc Committee, Australia has been active in advocating for a “transparent, inclusive, and consensus-based process with multi-stakeholder participation”. More specifically, it has stated that the new Convention should “draw heavily” from existing international instruments such as the UN Convention against Transnational Organized Crime (UNTOC), the UN Convention against Corruption (UNCAC), and especially the Budapest Convention, so as to avoid undermining these regimes and ensure the protection of human rights. Australia has additionally placed great emphasis on the need for international cooperation, with the 2021 Strategy noting that “information sharing, discussion and capacity building are vital to any meaningful response to the threat posed by cybercrime”. The country has launched numerous regional cooperation and capacity-building initiatives, partnering with Pacific Island countries (Tonga, Fiji, Samoa, Vanuatu, Solomon Islands, Niue, Tuvalu) to advance cybercrime law reform and ensure alignment with Budapest provisions. Peru’s signature and ratification of the Budapest Convention on Cybercrime, which is the only binding international instrument dealing with cybercrime, was a great step towards advancing a cyber agenda.
In 2019, Peru passed a Cyber Defence Act, with the objectives of defending and protecting sovereignty, national interests, critical national assets and key resources to maintain national capabilities against threats or attacks in and through cyberspace, when these affect national security.Peru has also passed a Cybersecurity Framework for the private sector, with the objective of identifying and protecting information assets, detecting security events, and providing for response and recovery from cybersecurity incidents.
In this context, there are more and more reports of cybercrime in the country. According to data from the Public Prosecutor's Office, in 2021 they received 18,596 reports of cybercrime cases, which represents a percentage increase of 92.9% compared to 2020, with phishing and ransomware being the most common attacks.
