The cybersecurity threat

BitDepth#1273

OVER THE past fortnight, the reality of the threat to internet connected computer systems came home vividly to TT, at the very least to the business sector.

In short order, it became clear that in addition to the ANSA McAL ransomware attack, the Port of Spain City Corporation had been hit by an even more devastating cyberattack.

I've been able to confirm an earlier ransomware hack on another local company in June, but representatives declined to discuss or even officially acknowledge the incident.

For much of this century, TT has managed its growing online presence with a mix of "God is a Trini" optimism and a belief that our online footprint is too small to attract attention.This is manifestly not true, though I cannot speak for any deity's national ID. For the last six years, I've run a small online news website dedicated to technology here, TechNewsTT.com.

From the start, I installed defensive software for the WordPress platform it runs on, initially as a prophylactic measure. Over the last year, I've been tightening up on protocols as attacks on the site have surged.

In October alone, defensive software blocked 84 attempts to log into my site from Pakistan and 75 from the Czech Republic. These dictionary attacks – which use words from a list of common passwords – look for sites that use either the default “admin” user or the domain as a username.

In July, a rash of SQL injections – efforts at adding malicious code to the website's database engine – were blocked. Panama launched 144 of those attacks, and Indonesia contributed 98. I've also had bad actors from Vietnam, the Philippines, Netherlands, India and Switzerland come knocking.

Cybercrime isn't just a Russian thing, it's a global issue and the challenges are equally vast.

TechNewsTT is a superniche in this country, a blip in the wider internet, barely noticeable by traffic, but hackers don't care about that, they care about vulnerabilities.

This country has dragged its feet with a neanderthal's grace for much of the decade on the critical legislation required to empower legal responses to a threat that's no longer growing, it is in full bloom.

The pronounced reluctance of local businesses to acknowledge, far less discuss, computer breaches is understandable. It is also legal.

Under GDPR or HIPAA law, companies are required, in Europe and the US, respectively, to declare the impact and scope of breaches and inform customers of potential public exposure of sensitive personal information. The TT Data Protection Act includes these requirements, but it is not fully proclaimed.

Reporting cybercrimes is not required under either law, and it's estimated that internationally less than 28 per cent of these crimes are reported to the police.

The pointlessness of doing so locally is even more pronounced when the State is so ill-equipped to respond to these crimes. The TT Cybersecurity Incident Response Team (TTCSIRT) has existed since 2015, the result of a collaboration between the OAS and the ITU to fund the establishment of such agencies regionally.

Five years later, the agency is dramatically under-resourced and the legislation it is supposed to enforce is a shambles of piecemeal proclamation. Policy limped ahead of practice, creating a sham of enforceability.

The police Cybercrime Unit talks a tough game, but even its most digital basic forensic capacity is routinely gutted when trained officers leave for better jobs. If the police show up to investigate a major ransomware hack, they won't just lack body armour, digitally speaking, they might have arrived without pants.

Mark Lyndersay is the editor of technewstt.com. An expanded version of this column can be found there