Init0

Business leaders are worried about national cybersecurity in light of the September hack of the Defense Ministry (Sedena), and have urged the federal government to take action in a statement released last week.

In a document titled “Sedena’s hack: serious and concerning,” the national employers association (Coparmex) expressed its concern regarding the hack. The statement emphasized that investment in cybersecurity should be a priority for both companies and governments and lamented that Mexico doesn’t have a cybersecurity law.

The association said that “The need for a Federal Law on Cybersecurity has been made clear […] to quickly deal with this type of threat in a world increasingly dependent on information technologies.”

After the Ministry was hacked, Coparmex insisted that Sedena and all government agencies responsible for national security and public security need to be strengthened — particularly cyber units to combat crimes such as extortion, “which has grown by a 55.6% between the years 2018 and 2022 (according to numbers from the first four months),” said the statement, which was published last week.

A Coparmex graphic displays the name of the associations new report, “Serious and concerning: the Sedena Hack.” Coparmex

Back in September, the Guacamaya group of Central American hackers leaked thousands of internal Sedena emails to the media outlet Latinus. Among the information leaked there was information relating to impunity in sexual assault cases within Sedena; the recruitment of chemistry professors by the Sinaloa Cartel to produce fentanyl; and the risk of collapse of a section of the Maya Train, among other sensitive information.

Coparamex noted that though the national security budget has increased, most of that increase has gone to Sedena, often for “emblematic works” of AMLO’s administration like infrastructure projects, which are not strictly security-related. This contrasts with the Security Ministry budget for 2023, which had a 1% increase and “which doesn’t respond to current needs,” Coparmex remarked.

Similarly, the National Institute for Transparency and Access to Information (INAI), called on Congress to increase the cybersecurity budget by 30 million pesos (US $1.5 million), arguing that in July alone, the institute registered more than 60 million cyberattacks.

The statement also mentioned a lack of cybersecurity specialists, saying that the world is short at least 2 million workers relative to demand for employees and that Mexico’s government should closely work alongside universities to design programs on cybersecurity and motivate students to enroll in such programs. “Mexico must join the effort and bring alternatives to young people in these areas,” the INAI statement said.

The statement also mentioned what other countries have done in the matter, such as the United Kingdom, Japan, France, Italy, Australia, Germany, and the United States. “There’s no doubt that investment in security needs to be rethought looking at other countries’ examples […] Biden signed an executive order in May 2021 designed to encourage cybersecurity initiatives, named a national chief cyber officer to oversee digital security policies and announced measures to protect his information systems.”

Coparmex also called on the government to consider cyberspace as an extension of Mexican territory. “There needs to be a master plan to guide all the initiatives on cybersecurity and that facilitates a cross-government coordination, considering cyberspace as another part of the national territory which demands its defense system,” it said.

“The seriousness of the case warrants recognition of the full scale [of the problem],” Coparmex concluded. “… Not only is national security at risk, but also people’s lives.”

With reports from El Economista and Proceso