IFT suggests guidelines for national cybersecurity policy and Banxico calls for tougher sanctions
24 noviembre 2021


On November 24, the panel “Towards a National Cybersecurity Policy” organized by the Federal Telecommunications Institute (IFT in Spanish) ended, with the participation of Alejandro de Los Santo, cybersecurity director of the Bank of Mexico (BANXICO), and José Luis Cuevas, member of the IFT’s think tank. At the event, they presented the elements that should be contemplated in a National Cybersecurity Policy, and called for harsher penalties for cybercrime. The points raised in this panel could have an impact on changes in the regulatory framework of the sector in the medium term. 

In his speech, Alejandro de Los Santos emphasized the need to increase penalties for cybersecurity crimes. For the official, it is necessary to establish “serious consequences” for these crimes, since otherwise “cyberattackers will continue to have strong incentives to continue violating assets”. He also called for the implementation of a “strong and fast” mechanism for the prosecution of cybercrime. 

José Luis Cuevas, for his part, outlined the elements that should be included in the drafting of a National Cybersecurity Policy. In this regard, he indicated that it should include the following aspects: 

  • National protocol: to share information on cyber-attacks, establish collaboration schemes between authorities, organizations, companies and users, and guarantee the confidentiality of actors who were breached by cyber-attacks to safeguard their reputation.
  • Public, periodic and informative bulletin of cyber risks and events: to publicize the attacks already perpetrated for the knowledge of those potentially affected, and to collaborate in their prevention.
  • Generation of official statistics: containing data from public and private institutions reflecting cybersecurity risks, their locations, periodicity, as well as surveillance mechanisms to monitor such risks.
  • Cybersecurity drills: both in the public and private spheres, guided by experts in the field.
  • Rules of care and sanctions: for cybersecurity in the event of natural disasters, pandemics, epidemics, etc.
  • Development of technological infrastructure: such as Virtual Private Networks (VPNs) in collaboration between the public and private sectors, to prevent users from using cloud services that are vulnerable and significantly exposed to cyber-attacks. 

It is worth highlighting the relevance of these positions taken by members of Executive institutions, since they could contribute to the debate on the matter that the Congress of the Union intends to start soon. This can be inferred from the statements made by Senator Ricardo Monreal (Morena-ruling party), who assured that it will be a legislative priority to deal with a reform on cybersecurity. This debate could begin before the end of 2021.