English

IT security, the weakest point of Mexican diplomatic missions

In addition to not being approved by the central office nor by the National Security System, communications infrastructure and security protocols are not implemented in Mexico’s Representations Abroad

Mexican diplomacy lacks cyber security – Photo: File photo/EL UNIVERSAL
14/09/2019 |12:23Ariadna García |
Redacción El Universal
Pendiente este autorVer perfil

Mexican diplomatic missions

lack technological security . There are no intruders detection mechanisms in the system of neither the offices in Mexico nor abroad.

In the report made by the General Board of Information and Innovation Technologies (DGTII) of the Foreign Affairs Ministry (SRE) , it was pointed out that communication infrastructure, as well as security protocols in Mexico’s Representations Abroad (RME), are not certified with the central officer nor with the national security system of the country.

Newsletter
Recibe en tu correo las noticias más destacadas para viajar, trabajar y vivir en EU

Likewise, there is an expense of over MXN $4 million a month in terms of IT security , a lack of policies and controls in the RME prevails, and security policies are not implemented in embassies.

“[There is a] lack of intruders detection mechanisms in the country and in the RME,” said the DGTII.

Last April , a hacker tweeted a link with information about the Mexican embassy in Guatemala . The hacker downloaded 4,800 documents , most of them related to the inside operation of the diplomatic representation, including its consular activities and even from the passports area.

After the situation, the DGTII implemented a new security protocol to protect the information stored in the RME.

All the staff of embassies and consulates were warned that access codes to the system would be valid for 50 calendar days, so it was advised to change them every 45 days.

The most fragile.

One of the most vulnerable digital systems is the one of appointments for passports .

In August 2017 , the then-chief of the Municipal Liaison Office with the SRE in Tamaulipas, David González Serna, said that they detected several cases of fraud against people who paid to obtain this document.

The public officer revealed that hackers tricked people and asked them for payments, exceeding the official costs, in exchange for the passport. With the transaction, the appointment was allegedly made for the procedure, but when they arrived at the corresponding office, the fraud was revealed.

In its annual report, the DGTII alerted that Mexican diplomacy has vulnerable critical systems .

“There is not an integral security mechanism in the ministry in which security is managed in different levels,” the report highlights.

With that analysis, they developed an integrated strategy for information security , which is based on the securing of the whole system , not only in terms of technology but also of processes and data.

“The strategy will establish a line in which a government of information will be defined, which will be made up of representatives of those areas involved in the handling of information: sub ministries, embassies, and consulates, the General Board of Delegations, the General Board of Consular Affairs, the General Board of Legal Affairs, the Unit for Internal Control, and the General Board for the Protection of Mexicans Abroad ,” it detailed.

In the strategy, added the DGTII, a catalogue for the classification of information will be defined, including the infrastructures considered as critical or of national security , “with the objective of performing regular inspections of risks and impact in the operation, for the implementation of those controls that maintain a minimum acceptable level for the risk they are exposed to.”

It explained that it will also orchestrate a Security Management System in which they will establish the policies and guidelines to be followed, both centrally and internationally, by safety guidelines of the information inside each RME.

The objective is to reduce the cost of the electronic security system from MXN $4.5 million to MXN $1.8 million a month , as well as having a security management system for the information of the central offices and the RME and security in all levels.

In the proposed strategy, the DGTII also includes regular inspections to critical or essential infrastructures of the SRE to detect possible vulnerabilities and lower the risk of cyberattacks .

“There will be a team of experts, called ethical hackers , who will search for vulnerabilities,” it informed

mp