In recent days, The General Directorate of Arms and Ammunition Control (Digecam) was the target of a “cyber attack”, that violated data and confidential information on the weapons registries of individuals, companies and the public sector.
This “cyber attack” occurs in the midst of the formation of the Strategic Command Against Transnational Threats (Cecat), in charge of the Ministry of Defense (Mindef), whose creation the Executive Agency announced last year.
According to Government Agreement 113-2025, published in the Diario de Centro América by the Ministry of Defense on June 25 of the previous year, The protection of “cyberspace” in Guatemala must be in charge of the Strategic Command Against Transnational Threats (Cecat).
Said command was created after the emergency that arose as a result of the armed confrontations that occurred that same month in La Mesilla, La Democracia, Huehuetenango, when alleged members of the Chiapas and Guatemala cartel, and police from the Pakal special force of Chiapas raided said border town with Mexico.
Cecat function
Article 4 of the agreement that gives life to Cecat establishes: “It is the function of the Strategic Command Against Transnational Threats to conduct operations to combat transnational threats that break the borders, attacking the sovereignty of the State of Guatemala, using air, maritime, land and cyberspace,” he indicates.
However, so far Cecat is still in the integration phase, said President Bernardo Arévalo during a press conference held this Monday at the National Palace of Culture.
“There is progress, we are moving towards the command against transnational threats, it is being integrated and we have all the elements to be able to do it,” he said when asked about the relationship between the functions of that center and the Digecam hack.
Delicate situation
According to Jonathan Lara, cybersecurity expert, The data leak of Digecam users is worrying and delicate, since confidential information such as their address and location, personal data, including the IPR number, as well as their level of protection and weapons, have been exposed, which leaves them highly vulnerable.
“This information, since it is already practically available to the public, is like information is being given about their forms of protection, levels of protection. Location information is being given, including complete personal data, and even related to their personal DPI identification document. So, yes, it is something that really aggravates the risk,” he states.
Regarding the origin of the cyberattack, Lara assures that, Typically, these threats are of transnational origin, coming from organized crime groups with sophisticated equipment, although it does not rule out that it also had local origin.
“Generally they are transnational threats. There has been an evolution of transnational organized crime, precisely, that violates virtual borders. It is not like a physical border where you can have access control,” he says.
Cecat should have been in charge
Regarding the role of Cecat for the protection of this “virtual border”, Lara believes that he should already be in charge of the protection, not only of this information, but also of confidential or sensitive information of the entire State.
“They—Cecat—should have already been in charge of being able to protect against this type of threats. They should have done that outright, ex officio. One thing is the protection of the systems themselves and of the users and their information, and the other part is the forensic investigation per se,” he states.
Regarding the forensic investigation, which he considers of utmost importance, He assures that it must be inter-institutional between the Public Ministry, Inacif and the Ministry of Defense to establish the origin and reasons for this attack. In this sense, it proposes three scenarios: “an internal leak simulating an attack, a kidnapping of information or “ransomware” with negotiation for the release of this data and, finally, a direct attack on the institution.”
“With weapons data, criminals can locate and steal weapons,” he says.
Responsible entities
According to Francisco Quezada, analyst at the National Economic Research Center (Cien), For several years now there has been discussion about “who is responsible for” the issue of cybersecurity, when in reality protection should be the responsibility of each entity.
“There have been great discussions, decades, about who is responsible, but at the end of the day it is the responsibility of each entity, due to the confidentiality of the information they have, to invest in them, to invest in policies of this type,” he assures.
He also assures that “when strategic sectors are touched or critical infrastructure is touched, it can generate big problems even at the national level.”
An aspect that also stands out is that neither the Ministry of Defense nor the Ministry of the Interior They have the technological infrastructure or are prepared to contain a possible large-scale attack of this type, if this possibility arises.
“The Ministry of Defense or the Ministry of the Interior will not be able to ensure that all public agencies are up to date on security programs. If an attack comes, they will not be able to cope as general protectors of the entire State,” he concludes.
Cybersecurity law
As Jonathan Lara explains, Guatemala should already have a law on cybersecurity, through which the comprehensive protection of user data of any public entity is guaranteed. According to him, there have been four attempts to approve a law against cybercrime in the country without any success.
In this sense, consider that A concrete proposal should be the creation of a comprehensive response center for cyber incidents similar to the National Security System.
He also explains that there are key differences: “cybersecurity protects systems and data protection protects citizens and those who manage their information.”
He also points out that, Given the lack of current regulation that exists on the matter, “anyone can have our information.”
“Just as in this case it was weapons information, in another aspect it could be bank account information, it could be institutional budget items, it could be salary sheets, it could be endless confidential data that could be acquired if we do not begin to comprehensively address this type of national and transnational threats,” concludes the expert.
In August of the previous year, the National Security Affairs Commission of Congress issued a favorable opinion on initiative 6347.cybersecurity law that establishes a comprehensive legal framework to prevent, investigate and punish cybercrimes, as well as to strengthen institutional capabilities to respond to cyber incidents. So far, this initiative has not been approved by the Legislature.