The regulators can be involved in the process of drafting legislation in addition to playing an advisory role with regard to overall strategies. The Ugandan Communications Commission, for example, played an advisory role in drafting cybercrime legislation, and it is, through the Ugandan National Task Force on cybercrime legislation, now part of a regional initiative, called the East African Countries’ Task Force on Cyber Laws, which is dedicated to an ongoing process of development and harmonization of cybercrime laws in the East African region. 982
In Zambia, the Communications Authority was reported to have assisted in drafting new cybercrime-related legislation, namely the Electronic Communications and Transactions Act 2009. A further example is Belgium, where in 2006 the Belgian ICT regulator (BIPT) assisted in the process of drafting cybercrime legislation. The draft was developed in cooperation with the Federal Public Service of Justice and the Federal Computer Crime Unit.
Caribbean and America nations
Dominican Republic is the only Caribbean state to have signed the Budapest Convention on Cybercrime. It has also established the Interagency Commission against Crimes and High Tech Crime, and a High Technology Investigation Department to handle investigations of cyber incidents within the state more effectively. In has established operational links with the Cybercrime Convention Committee (T-CY) of the Council of Europe, and in conjunction with it, has organized a national awareness campaign program through the National Commission for Information Security and Knowledge (CNSIC). Dominican Republic has managed to increase funding for cyber-security efforts and capacity-building, guide by the Inter-American Committee against Terrorism (CICTE) of the OAS as well as INTERPOL.
Jamaica, having recognised the risk involved with a weak cyber response capability, has reached out for technical support and guidance from organizations such as the Commonwealth and Cybercrime Initiative, the Commonwealth Telecommunication Organization and OAS. In addition, financial aid has been sought from the governments of Canada, the United Kingdom, and the United States to support improvements to its cyber-security program. The nation’s Cybercrimes Act of 2010 has been revised to increase penalties for various cyber-related fraud, forgery and malicious communication crimes.
Barbados is a small island state but does not escape from becoming target for cyber-attacks and a “hive” for cyber-crime, the government has taken an aggressive approach to respond to cyber-crime. In addition to the creation of a cyber laboratory, the government in collaboration with other Caribbean governments as well as the Caribbean Telecommunications Union (CTU) and the Commonwealth Telecommunications Organization (CTO) has held a series of consultative meetings. The focus of these meetings has been the creation of a Commonwealth “cyber governance model” that would be adopted and implemented by the Commonwealth countries to create a shared standard. The government of Barbados, along with 14 other Caribbean Community and Common Market (CARICOM) countries, has also signed an enabling agreement for Enhancing Competitiveness in the Caribbean through the Harmonization of ICT Policies, Legislation, and Regulatory Procedures (HIPCAR).
State level measures are taken by individual countries to address cyber threats, within their own capabilities but every developing country cannot match successes of developed countries. Therefore, it is necessary for developing countries to have close co-operation with developed countries in addressing cyber threats.
The Council of Europe’s Convention on Cybercrime (the Budapest Convention) established in 2004 remains open to any state, and non-members such as Australia, Japan, and the United States have ratified the convention. Also, countries such as Argentina, Pakistan, Philippines, Egypt, Botswana and Nigeria have used the Convention as a model in drafting parts of their legislation on Cybercrime.
Incidentally most cyber attacks are known to have been launched by foreign countries, such as China, Iran, North Korea, and Russia and China, and its allies have not joined expressing disapproval of the Convention. However, China and Russia have supported an alternative new cybercrime treaty, but the United States and its European allies have rejected it. This is a prime example of a negative approach to building a global mechanism, and it is therefore necessary to identify common ground to reach consensus based approach.
The inadequate representation of developing countries in the drafting process of the Convention on Cybercrime has come under criticism in the glob debate. Despite the transnational dimension of cybercrime, its impact in the different regions of the world varies. Not only was the Convention on Cybercrime negotiated without a broad involvement of developing countries in Asia, Africa and Latin America, but it also places restrictive conditions on the participation of non-members of the Council of Europe, despite it being open to non-members. This seems to be a negative factor that undermines the inclusive and collective approach to establishing a legal mechanism to meet the challenges of cyber crime.
On the other hand, the European Union and Europol have pledged to increase efficiency of cooperation among the police agencies of EU member states with emphasis on targeting organised crime. Like Interpol, Europol’s primary function is to support operational activities of national law enforcement officials, but recently widened the scope to include fight against cyber-crime. In Additionally the European Union also introduced the General Data Protection Regulation (GDPR) which came into effect on 5 May 2018. It will remain directly effective for so long as the UK remains a member of the European Union. Also the Network and Information Security Directive was implemented in all member states of the European Union with effect from 10 May 2018.
NATO is also a leading organisation and tackling cyber menace remains a key priority for them. In 2002, NATO adopted a cyber defence programme, and created a NATO Computer Incident Response Capability(NCIRC), to prevent, detect and respond to cyber incidents. NATO with the approval of the ‘NATO Cyber Defence Policy’ In 2008, it integrated cyber defence into NATO’s defence planning process for the purpose of securing its own networks and also assisting allies reduce vulnerabilities in their critical infrastructure. In particular, NATO leaders have endorsed the possibility of invoking Article-5 following a cyber attack, thus equating it with an ‘armed attack’ in certain situations. Nevertheless, ambiguity persists about the exact conditions in which such a response would be required, and the nature of that response, whether military or cyber.