SWJ–El Centro Book Review: Cybersecurity Governance in Latin America
Carlos Solar, Cybersecurity Governance in Latin America: States, Threats, and Alliances. Albany: State University of New York Press, 2023. [ISBN: 978-1438491400, Paperback, 352 pages]
Dr. Carlos Solar’s Cybersecurity Governance in Latin America contributes to cyber research studies at a critical moment. Specific to Latin America, it is a topic that is underexplored in the broader security studies literature. Solar serves as a Senior Research Fellow in the International Security Studies team at the Royal United Services Institute (RUSI), where he specializes in security dynamics across the Americas, with particular emphasis on military affairs, human security, and international relations as they intersect with the West. His research background complements the dynamics of this book as he journeys into the genre of cyber. At 352 pages, the book includes an introductory chapter, followed by seven standalone chapters, a conclusion, appendix, notes, bibliography, and list of illustrations.
The book maps the cybersecurity landscape across the Western Hemisphere’s emerging democracies, tracing the governance frameworks that have materialized and examining the militarization of cyber capabilities specific to the region. Ultimately, as Solar argues, “cybersecurity has become a perceived top-tier component of economic and national security affairs” (p. 25). That is, Washington, and other sophisticated cyber nations across the Five Eyes and Europe view cybersecurity through the prism of foreign policy. Yet despite its strengths, the book’s heavily academic orientation limits its utility to a practitioner and is lacking an overarching theme of the significance of adversary behavior, which may further support why states are treating cybersecurity as a foreign policy issue.
The Argument
Solar organizes his analysis around three pillars: 1) assessing the cybersecurity landscape in developed countries and illustrating current events in the developing Western Hemisphere; 2) exploring how cybersecurity governance compares to other perceived national security threats in the region; and 3) tracing the militarization of cyber capabilities among Latin American states (p. 9). Brazil, Mexico, Colombia, Argentina, Chile, and Venezuela are his focus countries. These countries, according to Solar, “are not yet advanced industrialized democracies,” but their “strategic conditions…have allowed them to enhance their diplomatic and security priorities in a regional system less dominated by US hegemony” (p. 25). Solar places this regional analysis within the broader US-China dynamic, framing Latin America as an arena where great power competition plays out through technology, diplomacy, and defense partnerships.
Solar’s first pillar finds Western Hemisphere states building cyber capacity largely in response to familiar non-state threats: cartels, gangs, organized crime, and hackers (p. 9). This relates directly to the second pillar, in which cybersecurity governance “has come to push forward the growing agenda of human security that has captivated policy and decision-makers in the post-Cold War theater, where traditional conflict has become a lesser priority” (p. 16). Finally, the third pillar emphasizes security networks and the gradual increase of armed forces (p. 17). On this note, Solar highlights the dual-hatted leader of the United States’ National Security Agency (NSA) and Cyber Command (USCYBERCOM), which many Latin American states are mimicking within their own governance. These states militarize digital operations and intelligence for information and control (p. 18), and are making deliberate efforts to not separate them.
More importantly, Solar distinguishes Latin America from the rest of the globe by highlighting that “agenda-setting in the areas of security and military affairs is usually deeply rooted in a tradeoff between formal and informal rules that affect democratic performance” (p. 43). The case studies he explores—Mexico, Brazil, Argentina, and Venezuela—share the same problem in that the police, judiciary, military, and intelligence apparatus “seem conditioned to patronage, clientelism, corruption, and other inherited authoritarian traits that have outlived many attempts to run government in a more democratic way” (p. 44). This continues to prove as the principal obstacle to cybersecurity preparedness and growth.
What the Book Gets Right
Solar is at his strongest when analyzing US cyber policy and its regional implications. He accurately captures the logic of the Department of War’s 2018 Cyber Strategy, particularly its emphasis on persistent engagement and defending forward: the practice of positioning as close to adversaries as possible to understand their intentions and prepare responses (p. 165). He notes USCYBERCOM has applied this strategy to “defend networks of other nations learning about persistent threats and malware coming from adversary states” (p. 166).
Equally valuable is Solar’s attention to cyber diplomacy, an area frequently overlooked in the policy literature. The establishment of the State Department’s Cyberspace and Digital Policy (CDP) Bureau reflects a deliberate effort to engage like-minded and emerging states in curbing the influence of persistent adversaries like Russia and China. Solar’s case study on Argentina is particularly useful: the 2017 bilateral Cyber Policy Working Group, led by State and joined by the Department of Homeland Security (DHS), Department of Justice (DOJ), the National Security Council (NSC), and National Institute of Standards and Technology (NIST), exemplifies the kind of interagency engagement that Washington has promoted across the region (p. 177). As he concludes, US-led cybersecurity efforts will continue to gain traction as long as Latin American states show the political and financial will to adapt their militaries’ roles, which is a condition that has already spurred the creation of national cybersecurity forces and cyber commands across the region (p. 166).
Solar’s quantitative analysis also adds methodological rigor across three defined levels: 1) The individual level (improving skills, knowledge, competencies, and attitudes); 2) the organizational level (developing structure, processes, and networks between organizations); and 3) the institutional and policy level (improving the environment through legislation, policies, and strategies) (p. 186). His core research questions, including whether cybersecurity maturity reflects current legal frameworks and whether existing policies can keep pace with rapid internet penetration, (p. 186) remain underexplored. Solar’s findings, while not definitive, provide a sufficient foundation for both quantitative and qualitative follow-on research.
Where the Book Falls Short
The book’s most significant weakness is its limited treatment of adversary activity in Latin America. Understanding what Russia, China, and other state, or non-state, actors are doing in the region in terms of cyber intrusions, infrastructure investment, and influence operations is essential context for evaluating the defensive frameworks Solar describes. Without this context, the reader lacks a fundamental understanding of Latin America’s capacity-building with regards to the threat environment.
Solar’s analytical style also poses some challenges. The book is dense with theoretical framing, and while each chapter includes a condensed literature review, the cumulative effect can feel removed from operational reality. Practitioners, such as policymakers, military planners, and intelligence professionals working the Latin America mission set, may find the book difficult to translate into actionable insight. This is not a fatal flaw, but it is a missed opportunity, given how pressing the subject matter has become.
Solar also raises, without fully resolving, the question of separating the dual-hat arrangement at Fort Meade: decoupling USCYBERCOM from the NSA to give the command greater independence from the intelligence community and stronger warfighting footing (p.174). It is a worthwhile debate, but his treatment remains tentative where the topic warrants sharper argument, especially during a time where this topic is regularly debated in the United States.
Significance and Looking Ahead
Despite these limitations, Cybersecurity Governance in Latin America is a necessary book. The existing literature on this topic is thin, and Solar’s contribution—however academic in ton—establishes a framework that scholars and analysts can refine. As the current administration recalibrates its priorities to the Western Hemisphere, the intersection of cybersecurity, defense diplomacy, and great power competition in Latin America deserves sustained attention. Additionally, Solar’s research shows that Latin American states have “deepened their ties with the advanced states guided by foreign policies and military-to-military diplomacy that underpins the cyber issue” (p. 206).
Indeed, states like Venezuela and others in Latin America have rebuffed US cybersecurity engagement in favor of Russia or China. Solar points to the proliferation Beijing’s Huawei infrastructure across the region as an example of a cheaper, more readily available alternative to Western technology. However, some in the region have started to scale back their reliance on Chinese infrastructure, opting instead to balance their partnerships with Washington.
Dr. Carlos Solar’s work is the starting point the literature has been missing. Throughout the entirety of the book, he asks a variety of questions that he aims to answer, but often in the theoretical. Future research should build on his model, engage more directly with adversary behavior, and bridge the gap between academic analysis and practitioner needs.
Disclaimer: All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the US Government. Nothing in the contents should be construed as asserting or implying US Government authentication of information or endorsement of the author’s views.
