According to the 2018 Global Cybersecurity Index (GCI) survey, the United States scores second place for – most committed country to cybersecurity. The United Kingdom scored first place. GCI is an “initiative of the International Telecommunication Union (ITU) involving experts from different backgrounds and organizations” (GCI, 2018). The GCI tries to “measure the commitment of countries to cybersecurity in order to raise cybersecurity awareness” or initiative through comparison (GCI, 2018). It is important to note that GCI uses the terms “most commitment” to cybersecurity and not “best” or “top” cybersecurity; this is because all nations need significant improvements across the board when it comes to cybersecurity measures.

           El Salvador scored low on the level of commitment to cybersecurity, along with 88 other countries (GCI, 2018). The GCI measures the commitment to cybersecurity of each country by focusing on five pillars:

1. Legal: Measures based on the existence of legal institutions and frameworks dealing with cybersecurity and cybercrime.
2. Technical: Measures based on the existence of technical institutions and frameworks dealing with cybersecurity.
3. Organizational: Measures based on the existence of policy coordination institutions and strategies for cybersecurity development at the national level.
4. Capacity Building: Measures based on the existence of research and development, education and training programs, certified professionals, and public sector agencies fostering capacity building.
5. Cooperation: Measures based on the existence of partnerships, cooperative frameworks, and information sharing networks.

Using these pillars to compare and contrast The United States and El Salvador’s cybersecurity risks to understand better what measures and procedures are working or lacking.

           The United States “ranks first with the highest score in the legal pillar, and has a wide range of legal provisions, both substantive and procedural, to cover cybercrime” (GCI, 2018). For example, the U.S. has established a National Cybersecurity Strategy (NCSS), which is a “plan of actions designed to improve the security and resilience of the nation’s infrastructures and services” (United States, 2018). An NCSS is a top-down approach to cybersecurity. The U.S. also has passed laws that pertain to the cyber realm such as the Cybersecurity Information Sharing Act, which “provides for an ongoing, voluntary public-private partnership to improve cybersecurity and to strengthen cybersecurity research and development, workforce development and education, and public awareness and preparedness” (Text, 2014). El Salvador, in contrast, has no national plan or strategy for dealing with cybersecurity. El Salvador’s government is grappling with gang violence and has been unable to focus on cybersecurity.

           The U.S. is involved in various technical institutions and frameworks, for example, Computer Emergency Readiness Team or (CERT), Computer Incident Response Team (CIRT), and Cyber Security and Infrastructure Security Agency (CISA), to name a few. Moreover, the U.S. government works alongside universities and the private sector to monitor and develop new defenses against cybercrime. Private businesses are welcome to follow technical measures outline in the Federal Communications Commission: Cyber Security Planning Guide. However, El Salvador, as a country, does not seem to have a working partnership between the government and the private sector when it comes to technical measures.

           Organization is vital for strategy plans, especially for a nation committed to the improvement of cybersecurity. The U.S. has given the responsibility of the nation’s cybersecurity to the Department of Homeland Security (DHS). The DHS responsibility is passed down to the National Protection and Programs Directorate, and the Office of Cybersecurity and Communications. Below is a chart, from the National Cybersecurity and Communications Integration Center, for better understanding.

However, in the research, I could not find any organization within the Salvadorian government that was in charge of cybersecurity. In that case, El Salvador is unprepared for a significant cyber breach. The country has not designated an authority.

           Capacity building refers to the existing research and development, education and training programmes, to bolster our competency on cybersecurity as a nation. It seems every month another university or college is rolling out a cybersecurity degree of some sort in the U.S. Old Dominion University, for example, has varied cybersecurity degrees, a cybercriminal degree, and a technology education degree; which aims to increase the number of technology experts for our middles and high schools. Another difference between the U.S. and the small country of El Salvador is that it does not have a university with A cybersecurity or cybercrime degree. This most likely means they have to subcontract for cybersecurity experts, or Salvadorian’s must travel abroad if they are interested in a cybersecurity career. 

           Cooperation or working together is not always an easy task, especially on a large scale such as nationally, yet the U.S. attempts. It is a fact that cyber breaches make for bad news that reflects negatively on organizations of all types; therefore, there is an issue of under-reporting. Still, the advent of cyber risk insurance for organizations has established records that will allow future analyzes. Besides, lower quotes for cyber insurance can be seen as incentives for organizations to prepare and collaborate and cooperate by sharing statistics. The U.S. also cooperates with the United Nations on international security challenges. The country of El Salvador is also a member of the United Nations and is working on a plan to increase public knowledge and to help its police force recognize and investigate cybercrime incidents (United Nations). 

           Overall, though the U.S. is highly committed to cybersecurity awareness, it might be at a higher risk of cybercrimes due to its population size and global reputation. While El Salvador is the smallest country in Central America and has a low commitment to cybersecurity awareness, yet it might not be a significant target to cybercriminals as the U.S. We also have to consider the dependency of a nation’s people with technology. Though both countries have access to the internet, El Salvador is not as saturated with the Internet of Things in such a degree as the U.S. It will take all nations and their people to support a safe cyber environment better. 

Work Cited

Global Cybersecurity Index. (2018). ITU. Available at: http://www.itu.int/en/ITUD/Cybersecurity/Documents/GCI-17Report.pdf.

“Text – S.1353 – 113th Congress (2013-2014): Cybersecurity Enhancement Act of 2014.” Congress.gov, 18 Dec. 2014, www.congress.gov/bill/113th-congress/senate-bill/1353/text.

“United Nations Office on Drugs and Crime.” UNODC Prevent Cyber Crime in El Salvador, www.unodc.org/ropan/en/unodc-prevent-cyber-crime-in-el-salvador.html.

The United States. White House Office, Issuing Office. National Cyber Strategy of the United States of America. (2018). Web.