One of the most internationally controversial and debated issues nowadays is cyber-security, because of its impact on the economic, political and ideological aspects and the security of nations.  On this important subject, we will be speaking throughout several articles with Miguel Gutiérrez Rodríguez, General Director of Informatics of the Ministry of Communications of Cuba, who is also an expert in computer systems and cyber-security.

OPS: Miguel, you were recently appointed General Director of Informatics at the Ministry of Communications (MINCOM); before that, you served as Vice President of Technologies at the Cuban Post Office and at the Software Development Company (Desoft), and as Director of our country's Office of Informatics Network Security (OSRI) for five years. Based on your experience, in what context is Cuba adopting a set of measures to effectively protect its national cyberspace?

MGR: The progress in the development of Information and Communication Technologies (ICTs) and their influence in almost all spheres of economic, political and social life, led to the appearance of illegal behavior, directed against networks and computer systems, such as attacks on servers, website distortion, services denial, introduction of malicious codes and massive sending of unwanted mail (spam), just as to name a few examples, and those who use networks and systems as a means to carry out illegal activities, such as fraud, theft, espionage, child pornography, among others.

In this context, in the set of legal regulations that must be approved in order to implement the policy of informatization of Cuban society, there is a Decree that establishes the regulatory legal framework that controls and organizes the safe use of ICTs for the informatization of society and the defense of national cyberspace, according to what is established in our country's recently approved Consitution, and to other legal standards approved on the subject, as well as the treaties and other international legal instruments in this matter, to which Cuba is a State party.

The Council of Ministers also approved the work system and measures for the protection of national cyberspace, which will allow for proactive action to take place in the safe informatization of society, reducing the risks related to this process, organizing the solution of cyber-security incidents and the corresponding reduction of their negative impact.

OPS: When did the first security incidents happen?

MGR: Security incidents in computer systems have arisen since the use of these technologies began. In 1947, the creators of the electro-mechanic computer Mark II reported the first case of a computer error caused by an insect.  The equipment suffered a failure in an electromagnetic relay and during the investigation, they found a moth that caused the relay to remain open. One of the programmers when registering the incident in the enabled logbook pasted the insect on it with Scotch tape and referred to it as a bug to describe the cause of the problem.

OPS: The replacement of electronic valves by the bipolar transistor and the large-scale integration of the processes in small silicon chips made it possible to reduce the size of the equipment, increase its power and data processing capacity, as well as lower their prices. What impact did these innovations have on IT security?

MGR: This technological evolution, which was positive of course, led to a significant increase in the number of websites where data and hardware were exposed to various threats.

From that moment on, computers began to be interconnected to share data, creating networks of different types and dimensions in the organizations and institutions. In the early 1990s, these networks began to connect with others and a variety of portable and wireless access devices arose. In this way, new risk factors were introduced, enabling a way for potential unauthorized access.

OPS: Which is regarded as the first attack on the Internet's computing infrastructure?

MGR: At the end of 1988, it was estimated that around 60,000 computers were connected to the Internet. On November 2nd, 1988, a computer program attacked the network and affected about 10% of all computers located in the United States for hours, including those at the NASA Research Center. The author was Robert Tappan Morris, a 23-year-old American student. This malicious program was called the "Morris worm" and is considered to be the first example of malicious software (malware) affecting the Internet.

OPS: I think the Morris trial resulted in the first conviction under the Computer Fraud and Abuse Act of 1986 in the United States.

MGR: That's right. Morris was prosecuted and at the January-1990 trial, the prosecution argued that it was an attack on the U.S. government and the federal jury found him guilty. There was no point in Morris's lawyers claiming he was trying to help Internet security.