How does DR handle large-scale cyberattacks?

The Dominican Republic (DR) addresses large-scale cyberattacks through a combination of centralized coordination, technical defenses, and collaboration between public and private sectors. The country’s primary cybersecurity authority, the Centro de Respuesta a Incidentes de Seguridad Cibernética (CSIRT-RD), operates under the Dirección General de Impuestos Internos (DGII) and focuses on threat detection, incident response, and information sharing. During major incidents, CSIRT-RD coordinates with government agencies, critical infrastructure providers (like energy or banking systems), and international partners to contain attacks, analyze their scope, and restore services. For example, during a ransomware attack targeting government systems, CSIRT-RD might isolate infected networks, deploy decryption tools if available, and work with ISPs to block malicious traffic.

Technical defenses form the backbone of DR’s strategy. Government and critical infrastructure systems use layered security measures like firewalls, intrusion detection systems (IDS), and endpoint protection. Many organizations also implement air-gapped backups for critical data, ensuring recovery even if primary systems are compromised. For developers, this means building redundancy into applications—like using geographically distributed servers or automated failover mechanisms. A practical example is the use of blocklisting/allowlisting in banking apps to restrict unauthorized transactions during a breach. Additionally, DR’s agencies increasingly adopt open-source threat intelligence platforms like MISP to share indicators of compromise (IoCs) in real time, enabling faster responses across sectors.

Collaboration and legal frameworks further strengthen DR’s resilience. Laws like Ley No. 53-03 (on data protection) mandate security standards for handling sensitive information, while partnerships with organizations like the OAS Cybersecurity Program provide training and resources. During the 2021 surge in phishing attacks targeting Dominican businesses, CSIRT-RD worked with telecom providers to block fraudulent domains and issued public advisories explaining how developers could harden email servers using SPF/DKIM protocols. Regular cybersecurity drills, such as simulated DDoS attacks on financial networks, also help teams refine response plans. By combining these technical, organizational, and legal tools, DR aims to mitigate the impact of large-scale attacks while maintaining public trust.