Cyber woes worsening

THE DETECTION of a cyberattack on the network of the Ministry of the Attorney General and Legal Affairs followed by a serious disruption of the judiciary’s digital systems amid fears of a possible attack there point squarely to the need for urgent legislative reform and the implementation of international treaty law to combat this problem. As a matter of urgency, the Government must take steps to implement the Budapest Convention and related protocols.

The recent developments are, worryingly, the tip of an ever-growing iceberg. Some of this country’s largest conglomerates have been forced to adjust to an environment in which cyberattacks are becoming more common.

Last year, Massy Stores, a member of the Massy Group, was forced to close its supermarkets and in-store pharmacies nationwide after its systems were disrupted.

In 2020, reports emerged in relation to a security incident which took down some systems at ANSA McAL, with cybersecurity experts suggesting a criminal cybergang was responsible.

These episodes mirrored similar experiences by companies in the private sector that have had cause, over the years, to quietly inform customers of data breaches by malign actors.

But what distinguishes this week’s incidents is the nature of the targets: public sector entities of the highest importance, which are tasked with incredibly sensitive functions.

While many questions remain in relation to what exactly happened to cause pre-emptive action to be taken in relation to the judiciary’s systems, the reports of lawyers having to transfer trial documents among themselves via private e-mails raise troubling concerns. The custody chain of such sensitive documents needs to be secure and that cannot be guaranteed if private e-mail accounts are used, even if temporarily.

There is an irony in the fact that the Ministry of the Attorney General was targeted and the judiciary affected given their place in the legal environment and given the longstanding perception that existing laws need to be updated. The Ministry of Digital Transformation raised the alert on the cyberattack at the Ministry of the Attorney General and that it was under investigation with leading cybersecurity experts.

That need was brought home by the Ministry of National Security’s disclosure on Sunday of a trend of rising ransomware attacks. We await the findings of the investigation.

According to some estimates, the accelerated adoption of digital technology in the pandemic has come alongside an almost six-fold increase in cybercrime. One analysis suggests the Caribbean experienced 144 million cyberattack attempts in the first half of 2022 alone.

The origins, scope, motives and long-term impact of cyberattacks are often murky. In some instances, there appears to be a financial motivation. In others, the aim seems to be simply to cause disruption. And in yet others, no specific aim is discernible except a desire on the part of perpetrators to prove a point.

Such complexities mean the Government cannot navel-gaze. We need to be reassured that steps are being taken, not limited to harmonisation with international laws, to protect the integrity of the backbone of the public sector’s operations.